News Analysis: IPv6 Day on June 8 showed there is a lot of IPv6 out there, but the level of adoption is still disappointing. That situation won't change until ISPs and network hardware manufacturers get up to speed.
If I learned one thing from IPv6 Day
the effort by the Internet Engineering Task Force to really test
the IPv6 infrastructure of the Internet, it was that the enterprise is
in for some tough sledding. In short, the ability of critical
infrastructure components to support IPv6 is lacking
In fact, it's not just lacking, it's pathetic. Worse, the tools to manage
IPv6 are equally primitive. And, of course, there's the problem of the
access providers, who apparently haven't heard about IPv6, despite the
fact that it's been around for more than a decade.
Over the course of the last six months, I've been testing firewalls and
routers for state and local IT departments. Part of the goal was to see
if they could be configured and managed by organizations with limited staffs
Another part was to see if they would work with IPv6. The sad truth is
that while some devices will at least pass IPv6 packets and accept IPv6
address assignments, the management tools are limited. On some devices,
IPv6 is given lip service, if that.
In fact, to date, I have yet to test an enterprise firewall that really
supports IPv6. In some cases, IPv6 is obviously an afterthought, added
because there's a place on an RFP somewhere that requires it. In others
it's not even that. If you look at the management interface, you'll see
no evidence of IPv6 anywhere. In fact, the only firewall/router that I
found that actually passes IPv6 packets both ways and filters the
packets properly comes from Linksys, and it's designed for small
businesses, not large enterprises. But I won't go into the details
because it's out of production.
So what I found on IPv6 day
is that it's apparently not possible to get the enterprise firewalls
that I've got on hand to pass IPv6 packets in any useful manner. In
other words, you can't just enable IPv6 and then make the Internet
available to your users using IPv6 as you can with IPv4. In some cases,
you may be able to set up a point-to-point IPv6 connection, but even
that's dicey. You can forget about using a tunnel broker-the devices
can't use the IPv6 tunnels even if the tunnel can be created.
I called Martin Levy, the director of IPv6 strategy for Hurricane Electric
the largest IPv6 backbone provider on the Internet. Levy faults both
hardware vendors and ISPs for the problems that enterprises are having
adopting IPv6. He suggests asking your Internet provider if they
support IPv6. If not, "Get another provider," he advises. As Levy
points out, ISPs have had a dozen years to get used to the fact that
IPv6 would be necessary, and that there's really no excuse for not