Is it just me, or is IPv6 a bad idea?

It’s not the idea of IPv6 that’s got me worried. It’s how it appears most everyone is going to be forced to use it. As far as I can see it will be eminently optimized for the Internet of Things, but in the process will complicate life for those of us who run fairly extensive networks behind the home firewall.

There hasn’t been a lot of talk about this on the Internet apart from a few isolated web pages put up by what seems to be the few people who share my concerns. Most everything I’ve read either ridicules or ignores some pretty serious questions. Here are just two:

1. How am I going to provide for name resolution of local hosts on my internal network?

2. How do I prevent amateur hackers from footprinting my internal network once we’re no longer able to at least partially obscure things using NAT?

Again, I fully understand that an Internet-wide flat address space is going to be a significant convenience for vendors and service providers, especially the Amazons and Googles of the world. But it really does look like I’m now going to have to worry about bored teens with the latest version of Metasploit banging away at my internal devices. I’m also just a little perturbed that giving my kids the ability to address each other’s machines by host name is now going to get really involved.

There are a bunch of different suggested solutions I’ve seen out there. One is to simply continue maintaining an IPv4 network inside the firewall, complete with BIND and DHCP servers, just as before. Some have also suggested only grabbing a single IPv6 address from the ISP and then using a tunnel solution for dual stack internal hosts to communicate with the rest of the IPv6 Internet. That actually sounds like a pretty good idea, although I’m going to have to spend some time researching the mechanical details.

The major problem I see is a complete lack of detailed information from my ISP on exactly how they’re going to implement IPv6. What’s clear so far is that there doesn’t appear to be any consensus among ISP’s, and even less agreement among enterprise actors, on the details of how things will work. That’s stunning, especially when you consider the potentially disastrous consequences of getting it wrong. It really seems to me that the guys at the top who think the “big thoughts” may be about to fail us, and that’s going to make me one unhappy camper. Of course I’m not the one they need to worry about. Fact is that the general public are going to be a lot less understanding when it comes to messing with their Internet connections, and won’t be open at all to complicated technical arguments about the competing priorities involved — maybe because they simply don’t have the tolerance for B.S. that we technical types have been forced to develop in order to work up the courage to carry on in this business year after disappointing year.

Something to think about.

This entry was posted in Editorial, Security, System Administration, Systems Analysis on by .

About phil

My name is Phil Lembo. In my day job I’m an enterprise IT architect for a leading distribution and services company. The rest of my time I try to maintain a semi-normal family life in the suburbs of Raleigh, NC. E-mail me at philipATlembobrothersDOTcom. The opinions expressed here are entirely my own and not those of my employers, past, present or future (except where I quote others, who will need to accept responsibility for their own rants).