If I learned one thing from IPv6 Day, the effort by the Internet Engineering Task Force to really test the IPv6 infrastructure of the Internet, it was that the enterprise is in for some tough sledding. In short, the ability of critical infrastructure components to support IPv6 is lacking.
In fact, it's not just lacking, it's pathetic. Worse, the tools to manage IPv6 are equally primitive. And, of course, there's the problem of the access providers, who apparently haven't heard about IPv6, despite the fact that it's been around for more than a decade.
Over the course of the last six months, I've been testing firewalls and routers for state and local IT departments. Part of the goal was to see if they could be configured and managed by organizations with limited staffs. Another part was to see if they would work with IPv6. The sad truth is that while some devices will at least pass IPv6 packets and accept IPv6 address assignments, the management tools are limited. On some devices, IPv6 is given lip service, if that.
In fact, to date, I have yet to test an enterprise firewall that really supports IPv6. In some cases, IPv6 is obviously an afterthought, added because there's a place on an RFP somewhere that requires it. In others it's not even that. If you look at the management interface, you'll see no evidence of IPv6 anywhere. In fact, the only firewall/router that I found that actually passes IPv6 packets both ways and filters the packets properly comes from Linksys, and it's designed for small businesses, not large enterprises. But I won't go into the details because it's out of production.
So what I found on IPv6 day is that it's apparently not possible to get the enterprise firewalls that I've got on hand to pass IPv6 packets in any useful manner. In other words, you can't just enable IPv6 and then make the Internet available to your users using IPv6 as you can with IPv4. In some cases, you may be able to set up a point-to-point IPv6 connection, but even that's dicey. You can forget about using a tunnel broker-the devices can't use the IPv6 tunnels even if the tunnel can be created.
I called Martin Levy, the director of IPv6 strategy for Hurricane Electric, the largest IPv6 backbone provider on the Internet. Levy faults both hardware vendors and ISPs for the problems that enterprises are having adopting IPv6. He suggests asking your Internet provider if they support IPv6. If not, "Get another provider," he advises. As Levy points out, ISPs have had a dozen years to get used to the fact that IPv6 would be necessary, and that there's really no excuse for not supporting it.