Around the Globe in the Race Against IPv4 Address Depletion

Jeff Doyle, author of the networking bible Routing TCP/IP, Volume I and II, is an authority on IP routing protocols, MPLS, and IPv6. As owner of IP network consulting firm Jeff Doyle and Associates, Jeff has traveled the world designing large-scale IP service provider networks throughout North America, Europe, Japan, Korea, Singapore, and the People's Republic of China. Jeff has held senior networking positions at Juniper Networks and International Network Services, and recently joined Synergy Research as a vice president of research, focusing on IP infrastructure and Metro/carrier Ethernet. I spoke with Jeff about his thoughts on the near depletion of IPv4 addresses, how far along businesses are in moving toward total IPv6 deployment, and how the U.S. stacks up against other countries in its support for IPv6.

At what stage in the process are service providers and enterprises with their IPv6 deployments?

There's a certain amount of panic now, especially among service providers. For enterprises, there's not a lot of interest unless they're very large enterprises. For service providers, such as the one I'm working with now—and another Tier 1 provider with which we're wrapping up another project—they're still in the experimental phase. It's not as if next week you can call up your service provider and say, "I want IPv6 in my home." We're a long way from there. Large communications projects among large defense contractors will mostly be IPv6-enabled.

What have been the drivers to IPv6?

Here in the U.S., the government is driving IPv6 implementation, as agencies require IPv6 for everything they contract. The other driver is simply service providers looking at IPv4 depletion and realizing that it's a year or two away.

How far along is the U.S. government in deploying IPv6, and what are the lessons learned?

There are so many agencies in government, and each one has its own network and its own challenges, so it's difficult to speak about government deployment in that broad sense. But the lesson learned by the agencies is that it's a lot more complex than a lot of people expect, especially around the edges. When you think of IPv6, you think of turning on IPv6 on all interfaces, but it doesn't make much sense to enable IPv6 if you can't manage or secure it. Those considerations don't get looked at.

Whose responsibility is that? The management and security vendors?

Vendors focus their engineering resources to where they get demand from customers. So it's up to the user to go to their vendor and ask for a roadmap so they can decide whether to continue to buy the vendor's product or go somewhere else. We're seeing more and more service providers ask vendors, but IPv6 is still vaporware from a lot of vendors. At the core network, most router vendors support IPv6 very solidly, and network management is starting to get there. Security is getting a bit better, but it's still a problem; it's hard to find products to secure IPv6 networks. Most network operations people want to manage and secure their IPv6 network the same way as they do for IPv4. A lot of vendors will offer a roadmap rather than be able to give demonstrable proof that they support IPv6. So compliance and interoperability testing in the lab is an essential part of an IPv6 deployment.

When I begin a dialogue with customers about IPv6 compliance, one of things I tell them is that they can't just create one checkbox for compliance, because that lets vendors get away with a lot. You have to be very specific as to what you mean by "compliant." What do you need them to support? What kind of interoperability do you need them to support?

Why have vendors taken so long?

Customers have only recently begun asking vendors when their products are going to be IPv6-compliant. The process to compliance takes at least a year, so if just in the last six months customers have begun asking their vendor, it will still be another six months before the product is available.

So what's going to happen when IPv4 addresses are depleted? Is the Internet going to stop?

No! [Laughs.] IPv6 advocates emphasize that when the last IPv4 addresses are given out, nothing is going to stop working. But things will stop growing, because once the last address is given out, anything that needs a new public IP address can't be built without doing something like NATing. There is a lot of discussion about carrier-grade NAT [Network Address Translation]. NAT was created as a stopgap. It allows you to use a large number of private IP addresses behind a device. All the private addresses will share one or a few public IP addresses. Ninety percent or more of public organizations use NAT. It doesn't work well in the service provider scale when you're talking about hundreds of thousands of users, so that's why carriers are talking about carrier-grade NAT.

I think the right people in the U.S. are seeing the need to go to IPv6 and are making the right moves. There are interesting similarities to the Y2K problem. Y2K was all gloom and doom, with people predicting that systems would collapse, but nothing happened. The clocked ticked over to 2000 and almost everything worked. The reason was not because it was a fake issue; it was that everyone who understood that their business could be threatened by a Y2K bug spent the money to ensure that nothing would collapse. I think to some degree the same is happening with IPv6 - the people whose business depends on it are doing the right things now. The real challenge is that most end users don't know what IP is. All they know is they want their applications and services to work correctly. That's the challenge—to make sure that as we move to IPv6 users won't even notice.

How far along toward IPv6 deployment are the service providers that you're working with?

Different service providers are in different phases and are taking different approaches, depending on their culture and plans. It's all directed toward eventual public deployment of IPv6, but most of them now are still in private testing. Some have rolled out IPv6 access on a limited basis to select customers. Others are offering IPv6 to any customer who asks for it. But deployment is not widescale at any service provider, not even NTT [of Japan], which has the premiere IPv6 deployment in the world. Its entire network core is IPv6-capable, but even there you still have to request IPv6 connectivity; it's not something you get automatically.

Has NTT received many requests for IPv6 services?

There are a lot of activities going on in Japan, and NTT is doing a lot of trial projects delivering services to the home over IPv6, such as video services.

What have been the challenges for service providers as they plan for IPv6 deployment?

One of the big challenges for network operations people at service providers is going to the C-level executives, particularly the CFO [chief financial officer], and saying, "We need to spend millions of dollars to upgrade to support IPv6." The CFO will come back and say, "Why do we need to spend this when competition is tight, and how do we make money with this?" The CTO [chief technology officer] will say, "We can't make money." The CFO will then say, "Who are the customers for this?" and the CTO answers, "Well, there aren't any." The CTO understands that IPv6 is not a matter of becoming a profit center; it's basically an infrastructure upgrade. But it's hard to make the case to people who are funding the business that they have to spend a whole lot of money for something that they don't see a whole lot of direct customers for right now.

You travel the world extensively to countries such as China and India to consult with national service providers. China has embarked on China's Next Generation Internet, a five-year plan for early adoption of IPv6. Should the U.S. view China as a threat?

Sometimes China can be viewed as a threat, when you look at China as a commercial competitor. But for China, the issue is that it's going through enormous growth, and now more and more people are moving to the middle class and they're buying services and entertainment that's provided by IP. The other thing is that China is looking to IPv6 as an opportunity to show some leadership. It has seen the U.S. (until recent years) asleep at wheel on IPv6. And it has seen Japan make competitive moves, so China sees an opportunity to position itself as technologically advanced by deploying IPv6. That's why you see China showcasing IPv6 in places like the 2008 Olympics.

Here's an anecdote: I was being interviewed by a reporter in China and we were talking about why China is deploying IPv6 because of its population growth. I jokingly said, "Of course, a large percentage of the population is still farmers or people in rural areas who don't need Internet connectivity." The reporter said not everyone may have a computer, but they bet everyone has a cell phone. That's a good point. One of the ways people access the Web is via cell phone. In China, universities may have dorm rooms with just one Internet connection, so it's very common for university kids to use their cell phones to get on the Internet.

If you look at developing countries (for example, in Africa), the main source of Internet access is through mobile phones, so that's going to be a huge driver because each one of these devices needs an IP address.

How far is India in IPv6 deployment?

India has a lot of parallels with China. It has a big population with a developing economy that is creating a growing middle class. What that represents is the same kind of demand for IP-based services as in China. While India is not as far along as China economically, its IPv6 challenges are going to be the same.

There's not going to be the same level of interest in IPv6 [in India] as in China, but you will see strong IPv6 interest in five years, as India has no choice.

Which country's philosophy do you admire the most?

Japan's, because it was visionary. It saw the challenges early enough. Japan was talking seriously about IPv6 when others around the world were questioning whether we would really need IPv6. Japan started doing something about it in the late 1990s. I also have a lot of admiration for what's going on in China, which is being very practical about IPv6 deployment and addressing the problem in a clear and logical fashion.

When you visit service providers in different countries, are they curious about what's going on elsewhere?

It's usually one of the first questions I'm asked. In my business, I capitalize on that; it's my competitive differentiator. I've visited so many countries, and for years, wherever I am in the world, one of the first questions from service providers is, "What's everybody else doing?" Service providers are very conservative companies. Everyone wants to present themselves as cutting-edge, and there are cool things coming out of service providers, but competition is intense and the margins are so small that by necessity service providers don't want to do anything that's too different from what everyone else is doing. If they make the wrong decision, it could be fatal.

Final question: In your Network World blog, you've asked readers for their thoughts on what they'd like to see in a potential Volume III of the Routing TCP/IP series. What was the feedback, and when can we expect such a volume?

I would love to do a Volume III. One of the big areas of feedback was for an updated book on switching. While I don't disagree with this, the series is about routing TCP/IP—switching is Layer 2, while routing is Layer 3, so I don't see switching as a right fit. What I would love is a book on MPLS, but my Cisco Press editors say that the market is saturated with MPLS books. I still think I could do one with a perspective that's different, but until I can sell Cisco Press on that—and find the time to work on it—it's still just an idea that's out there. Another big suggestion is something that gets away from basic technology and goes into a broader view of network design. That could fit very well into Cisco's new CCDE [Cisco Certified Design Expert]. A design book could be a good way to go.