Exploring the Future of Networking with IPv6 Adoption

Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 1 (00:00):
This is the Art of Network Engineering podcast.

Speaker 2 (00:11):
In this podcast, we explore tools, technologies and
talented people.
We aim to bring you informationthat will expand your skill
sets and toolbox and share thestories of fellow network
engineers.

Speaker 1 (00:23):
Welcome to the Art of Network Engineering podcast.
My name is Andy Laptev and I amjoined by some monster brains,
some super smart people, someIPv6 luminaries in the field,
and we are going to get into theIPv6 discussion.
What's taken so long foradoption?
Why is it so important?

(00:43):
What are the problems?
Why do traditional networkoperators, like I used to be
because now I'm new and evolvedwhy do they have such a hard
time with v6?
So let's go around theroundtable here.
See who we have.
Joining us tonight is KevinMyers.
Kevin, what's up, man?
How you doing.

Speaker 3 (01:00):
Hey, Andy, Thanks for having me on.
Yeah, I've worked in networkengineering for about 20 years
and service provider andenterprise and I guess in the
last decade I've done a lot morework on v6, on building it,
testing it.
Ed and I have gone rounds withthe IETF and lots of fun things
there together and yeah, so I'mdefinitely a v6 nerd, maybe even

(01:23):
a v6 zealot, like you said.

Speaker 1 (01:25):
I mean that with all the love and respect in the
world.
Well, cool.
Thanks for coming on, kev.
I appreciate it.
We're going to get into itshortly here.
Ed Ed Horley.
How you doing, sir?
Who are you?
What do you do?
Where are you from?

Speaker 4 (01:35):
Oh, wow, what do I do ?
I do v6 work remarkably.
Um, yeah and uh, let's see whatelse do I do.
I'm still the co-chair of thecalifornia v6 task force, so
still involved with doing workthere.
I blog on howfunkycomoccasionally, write a few things

(01:56):
down very, very occasionally,and then, uh, let's see what
else.
Uh, I host another uh podcast.
You might have heard of it,it's IPv6 Buzz Podcast over on
the Packer Pushers.
I don't know if I'm allowed tomention that on the show.
Absolutely, absolutely, butyeah.

Speaker 1 (02:13):
Ed and I met at NFD35 and Ed made v6 sound
interesting and I'm like I gotto have this guy on man.
We got to get the good word out.
Ed, thanks for coming on.
I really appreciate it.
Yeah, absolutely, chris.
Chris Miles from Cables toCloud fame.
Tell us about yourself, buddy,how you doing.
Thanks for hopping on.

Speaker 2 (02:30):
Yeah, of course I definitely.
I don't think I'd call myselfan IPv6 expert, definitely
according to this panel that wehave today, but, yeah, glad to
be here, chris Miles.
Like Andy said, I also co-hosta podcast called Cables to
Clouds, so network engineeringbackground for about 15 years
and I moved to the cloud just acouple years ago and excited to

(02:52):
talk about v6 today.
It should be fun and there willbe no hot takes, I'm sure.

Speaker 1 (03:00):
Chris and I could be the v4 guys, and then Ed and
Kevin will be the v6 guys andwe'll just have a battle royal.
Remember the old WWF battleroyals cage matches.

Speaker 3 (03:08):
We're going to duke it out.
See who wins.
I'll tag team Ed in on you.
I'm not afraid to do that.
I'm kidding.

Speaker 1 (03:25):
The folks that are advocates of v6 are very
passionate about v6, right?
Every once in a while I go onsocial media and I'm like, ah,
v4 and that forever right.
And oh my God, the v6 peopleget so upset and so crazy and I
mean, I'm partly kidding, butI'm also coming from a decade of
experience in huge productionnetworks where everything's
NATed and you know they came upwith CIDR and NAT when they

(03:46):
started.
I learned this actuallylistening to IPv6 Buzz Ed.
I hopped on your.
I really like your basics.
I think you have an IPv6 basicsseries.

Speaker 3 (03:54):
Yeah.

Speaker 1 (03:54):
And I started listening to the first one and I
didn't realize that, as theywere running out of v4 address
space.
I guess that's when they cameup with, you know, with CIDR
notation, where you could breakup subnets and then NAD, and
that was supposed to be atemporary workaround.
That was in the 90s, I think.
So here we are 20 years later,give or take and I looked
earlier.
You guys can correct me if I'mwrong.
I think we're around 47% globalv6 adoption.

(04:16):
Does that sound kind ofaccurate?

Speaker 4 (04:18):
Yeah, that sounds in the right ballpark.
Jeff Houston just released a newblog about the IPv6 transition,
so I don't know if you guyshave had a chance to.
Well, it just came out today somaybe not a chance to see it,
but I'll send it over handy soyou can include it in the show
notes.
But he talks about exactly this, which is sort of the
challenges around adoption andwhat's going on and what

(04:40):
potentially could be issuesaround why the transition is
taking as long as it's, as it'staken both now and then
projection into the future oflike well, if you assume what
was true yesterday, it was morethan likely going to be true
tomorrow.
You know why is it looking theway it is?
So it's a good read.
Um, and definitely you knowjeff's jeff's uh, while still
active in the itf and working onv6, uh, stuff is is very-driven

(05:04):
in terms of looking andanalyzing problems.
So he points out some good gapsand maybe some learned lessons
about why it's floundering theway it is, and really it comes
down to what we thought wereBand-Aids are really much more
permanent fixes than we everenvisioned them to be.

Speaker 1 (05:22):
Which is true with a lot of things.
With the running chestnetworking, there's nothing like
a.
You know, there isn't atemporary fix, right, yeah,
there's no, well, hey, we're.

Speaker 4 (05:29):
You know, those of us in the US, we're still stuck on
.
You know freedom units.
So you know, hey, the rest ofthe world moved on.
We're still here.
What us and two other countries.
So I think you're always goingto have stalwarts that are going
to be holding out in regards toolder standards and what's
happening there.
But I think the trajectory andmany initiatives that are going

(05:51):
on right now, both in the US,but also in China and Brazil and
in India, are really changingglobal footprint behavior around
IPv6 in a way that a lot oforganizations just can't ignore,
including China behavior aroundIPv6 in a way that a lot of
organizations just can't ignore,including China.
So it's like, hey, if majorcountries with very large

(06:12):
populations are making strategicmoves around IPv6, do you
really want to be the guy thatsays, hey, no, we shouldn't do
that because we don't haveanyone in that market, right?
Or?

Speaker 1 (06:19):
we don't interact with people Because they're
running out of v4 space and NATisn't working.

Speaker 4 (06:25):
So partially, I mean.
It really comes down to acouple different things.
That's probably not true in theUS at all.
We got plenty of V4 because wehogged it all in the beginning.
Let's be honest.
There's the advantage of beingfirst mover around all of that
stuff and inventing the internet.
Well, hey, guess what you getfirst reaps around all of that
sort of stuff, reaps around allof that sort of stuff.
If you're in the Asia-Pacificregion, you've got a much more
constrained address space todeal with, given your

(06:46):
populations, which clearly theirpopulations are overwhelmingly
much larger in terms of anythingthat the US has.
So it's like is it an unfairdistribution?
Absolutely, and they're goingto use what's available to them
in order to be able to performand do business, and one of the
things you need to do is be ableto connect and talk with other
folks on a network, and you'vegot V4, v6 to choose from to do

(07:10):
that.
If you don't have V4 to use,guess what?
You're going to use V6.
That's just a practical reality.
Now, when mandates come downaround innovation and around
moving your economies forward,and you don't want to have the
baggage that comes with v4, andthere is baggage that comes with
v4.
We don't like to talk about itvery often, but we can talk

(07:32):
about it here.
Then, yeah, you're going to seeinnovation that happens in that
particular space, becauseyou're no longer constrained in
the same way that you were withv4.
And I think this is a lostopportunity for many network
engineers who are looking at itand saying, like, why do I want
to learn something that new?
Well, you've got a couple ofreasons why.
Number one you don't seem to betoo shy about learning.

(07:52):
Network automation or zerotrust or SD-WAN or VXLAN, evpn,
right, like those are all thingsthat naturally fit.
This should be no different foryou from a skillset basis.

Speaker 1 (08:05):
Hey, ed, quick interjection there, because V6,
I had this thought earlier todaykind of reminds me of the
automation journey, somethingthat's also been around for
decades that was going to takethe world by storm.
That's somewhere around 30 to40% of networks, and of those
it's very minimal stuff, likethey're not fully automated
automated.
So I don't know if there's aparallel there, but that thought

(08:26):
hit me today and now they'regood, there is resistance don't
tell chris grunman that he has abusiness model generated right,
I mean like oh, automationlet's create a business, right?
so yeah, yeah, I meanautomation's.

Speaker 3 (08:40):
Automation's great and it's been around for a while
.
But you look, I mean we'retalking about the fundamental
protocol that everything else inthe world of technology has to
use.
Should you use automation?
Yes, absolutely.
Shouldn't you embraceautomation?
But you don't have to.
There's plenty of people thatdon't have to.
But when you come to thefundamental protocol, that glues
every other IT bit backtogether.
You don't really have a choicethere.

(09:00):
You have to have that.
And moving on to the newprotocol is something that we've
needed to do for a long timeand I'm sure we can talk ad
nauseum about the why, and wewill here shortly.
But to talk about something thatEd mentioned, in Asia they're
definitely hurting for addressspace and if you look around
Asia, one of the things you'llfind that is starting to happen
here are the performance gapsthat are there.

(09:23):
It's like Japan.
It's very well known in Japanthat you're not going to see the
same speeds on a V4 addressbecause it's mostly going
through a CGNAT gateway, whichis congested, that you do on V6.
People, it's the thing.
You go look at the internet inJapan and people will post their
IPv6 speed tests and they'llpost their IPv4 speed tests and

(09:47):
the CGNNet gateways are socongested in Japan and other
Asian countries have similarproblems that we enjoy.
Like Ed said, we've got awealth of IP addresses a lot of
people have public, even theones that do have to go through
CGNet.
We're pretty fortunate thatmost of the US carriers have
been able to keep pace with theCGNet gateways.
But we won't and I'll talk aboutin the ISP space that I've
spent a couple of decades in.

(10:07):
Look at the broadband numbers,like look at what we've defined
broadband and we said it's gotto be this and it can only be a
minimum of this.
We've never done that before.
That's new in the last fewyears.
Now you have 10 gig and 25 gigto the home, like that's real
and that's happening.
You're you're not going to putthat through a CGNet gateway.
You and all your neighbors arenot going to do 25 gig and throw
that through.
The ISPs are not going to gobuild 1.21 gigawatts of CGNet

(10:32):
gateways.
That's the reality.
Because it's super expensive.
Think about a layer threeswitch that can forward IPv6 at
wire speed.
If I go put in a router that'sgot an ASIC in it and I don't
have to NAT, that's cheap.
I can go put in a layer threeswitch and go sling packets all
day.
If I go to the leading CG NATvendors and I go get something
that can do multi-hundred gig,we're talking mid six figures,

(10:56):
maybe even low seven figures forthose boxes.

Speaker 1 (10:59):
Yeah.
So question, and I don't knowthis is NAT done in an ASIC or
not?

Speaker 3 (11:04):
It can be, but it's also incredibly expensive.
It's possible to do it in anASIC, but the problem is not the
NAT, it's the flows.
You've got to track state andthen, if you're a carrier,
you've got to have redundancyfor that or you're going to end
up like AT&T did Like when thatcrazy guy bombed Nashville
inville in christmas of like2020.

(11:25):
At&t did not have redundancy intheir bngs, which is where they
uh, they put their sessions andany nat that they have, and so
there were like three entirestates down on the internet
because they hadn't built thatredundancy and, um, I remember
because my mother-in-law was oneof them, she didn't have phones
, internet for a week.
So anyway, you have to trackstate you've got sessions.
All of that is very expensivein an ASIC, both from a cost of

(11:47):
computing standpoint as well asthe physical cost, like the
financial cost, and just for CGNAT is carrier grade, NAT.

Speaker 1 (11:54):
Is that correct?

Speaker 3 (11:55):
That's right, yeah, and that's maybe one thing that
we should disambiguate a littlebit is that not all NATs are
created equal.
We talk about NAT almost always.
When network engineers talkabout NAT, we're talking about
the good old port translationthat we all learned in Cisco
back in the day that you've puton a firewall.
But there's a lot of differentflavors of NAT out there that

(12:15):
exist now, both in IPv4 andthere's even you'll be shocked
to learn, andy we even have NATin IPv6.
I will even make this admission.
I and ipv6, that I will evenmake this admission.
I have ipv6 nat, one of mynetworks because, um, I the way
that the carrier hands it off, Ican't route it easily, so I
have to use nat on my t-mobilemobility connection and I hate
it.
I don't like doing it, but Ihave to because I can't route it

(12:36):
otherwise, because they onlygive me a 64, I didn't know.

Speaker 1 (12:37):
Nat could slow down your connection like this is why
I love these conversations.

Speaker 3 (12:41):
Right, I'm like'm like.
What's the?

Speaker 1 (12:42):
big deal.
It's NAT, right.

Speaker 2 (12:43):
But that's the big deal to me.
If you're going to slow myconnection Anytime you're
introducing something that'sstateful, there's trade-offs to
that right.

Speaker 1 (12:51):
But in my mind it's in an ASIC and it's wire speed.
And again, a lot of assumptionsthat probably aren't true.

Speaker 4 (12:57):
Well, I think so.
Like all good answers, itdepends.
So there's certain flows in NATthat are going to work just
great at wire speed and are ASICdeveloped, and server load
balancers are a great example ofdoing exactly this right.
So often they do NAT inaddition.
But to Kevin's point, just whenyou have flows for particular

(13:19):
traffic types, even with NAT,because of just the rewrite
factor, you're going to haveissues in terms of the inspect
that has to happen, other thingsand just getting that to
operate at the rate that itneeds to, because you have to
remember, a carry-grade NAT isdoing NAT for lots of folks at
the same time.
In a central point Mostenterprise architecture your

(13:42):
NAT's distributed, right.
You're doing it on a handful ofserious sets of firewalls at
data centers that distribute itaround.
You're not taking 60,000 peopleand cramming them through a
single device, right?
So just the scale problem isvery different in terms of what
you're trying to deal with andthe amount of bandwidth that
you're trying to do that for andthe amount of state that you're
trying to keep.
And I would add a third one,which is logging Every location

(14:03):
that you have to do NAT foranyone in a service provider
basis.
They have to log that sessionand know what it is for
reporting purposes.
Almost everyone has thisreporting requirement.
When you start introducing thisscale of NAT, just think about
how much storage you have to buyjust to hold on to all of the
data.

Speaker 3 (14:38):
Oh it's nuts, They'll sell you a $100,000 piece of
software just to track thelogging, because it's like you
said, it's something calledCALEA in what's going on.
And if you can't show that Andyhad Andy's 192.168.10.101
mapped to this public IP to goto this website, you know when
Andy was hacking the CIA.
You know last week that youhave to be able to show that and

(15:01):
you have to be able to provethat legally in a court of law
with chain of custody andevidence and all of that.
And, like Ed said, that'sreally expensive to log in store
with NAT.

Speaker 1 (15:12):
Do customers complain about slow speeds and the cause
is NAT?
No, yeah.

Speaker 4 (15:19):
There are some, I would say in the US it's
probably not as common.
I would say overseas it'sprobably a little bit more
common.
I would say the bigger issueactually domestically in the US.
That actually was one of thereasons Microsoft invented
Teredo and put Teredo out.
There was first-person shootergaming.
If you're playing your buddydown the street and you're both
hidden behind the same CGNAT,it's impossible for that

(15:41):
provider to really distinguishbetween who's session is doing
what and how do you actuallyplay first person shooter
directly to each other, soyou're bypassing having to go up
to a central server and comeback down because you want to
reduce.
You want the same latency forall your game players, right?
That's the biggest issue.
So if you have everyone havingto go up to a particular
location but other people areable to go peer to peer, guess

(16:03):
what?
The latency then is a differentmetric and so you're going to
get your shot off quicker andyou're going to see that other
individual faster in thegameplay mode, which is not fair
, right?
So there's a fairness factoraround just gameplay and Kevin
can probably talk about this waybetter than I can because I'm
not a gamer but to any extent.
But there is a performancefactor that goes.
That was a really big deal andso trying to solve that was

(16:27):
really about using Teredo to beable to allow devices that are
behind the same carrier gradeNAT to basically directly pin up
peer-to-peer sessions amongsteach other.

Speaker 1 (16:36):
Before we get off that, can you tell me what
Teredo is?
I have no idea.

Speaker 4 (16:41):
Teredo is just a tunneling protocol that allows
you to do basically V6, you know, nefariously across V4 session
sets.
It allows you to dynamicallybuild those and use ports to be
able to do that.
So you can basically tunnelsessions back and forth across.
So normally if we were in thesame neighborhood and our kids

(17:03):
were playing first-personshooter games, their consoles
couldn't talk directly to eachother because they're behind the
same carry grade NAT.

Speaker 1 (17:10):
There's no direct connection.
Aren't all ISPs dual stackingand wouldn't they be handing out
V6, and why would they be NAT?

Speaker 4 (17:14):
Today?
Yeah, that's true, but if this,more than a decade ago, 15
years ago, when they were tryingto solve this problem, that
wasn't the case.
And so how do you deal withthat?
Well, you have something likeTeredo.
Now, if you just have a V6address, you just directly
peer-to-peer and you're done.
You don't have to worry aboutthis, which is one of the
reasons to Kevin's point earlier.
You get better performance outof V6 because you don't have to
do that extra hop or thetranslation right.

(17:36):
Neither one.

Speaker 1 (17:37):
You're and you're all good and I don't care what my
ISP gives me, right, I have afiber hand up to my house.
It's gig, symmetric, it'slovely and they can give me V
whatever.
It's fast, it works, it's great.
But as someone managing, youknow, production, networks and
enterprise, like when I see thatV6 address space, I'm like, oh
my God.
And then when I see that half adozen to v6, I'm like, oh crap.

(18:01):
I mean to your point earlier,if you can learn automation, if
you can learn ospf, you canlearn v6.
But I think, because it's itfeels so different than what I
spent all that time learningbefore.
For some reason, v6 just seemsintimidating as as hell to me.
And what I'd like to get to bythe end of this episode, what
I'd like to do is speak to thepeople like myself, basically,

(18:23):
who were like I think V4 andthat is fine, I'm in the US,
it's kind of a crappy attitude,but I guess they can figure out
in Asia what they have to do.
Again, this isn't really how Ifeel.

Speaker 4 (18:33):
No, you're representing yeah, you're
representing the US.

Speaker 1 (18:36):
I'm representing the 60-something percent of people
that haven't gone to V6 20 yearslater and I'm trying to compel
them.
Well, this isn't like go v6,but like if we can dig into some
of this stuff.
So like, as far as I can tell,mobile carriers and content
providers are like yeah, contentprovide.
Like you know, there's a handfulof things you have to have v6

(18:57):
like.
I'll give you an example, thenI'll shut up.
I worked at a huge company andthen another huge company bought
them and then they merged andthey all have private address
space.
They're netting all theirhundreds of thousands of clients
they have, you know, fromwhatever the client is to 10,
and then we have to get all thatcrap talking between companies.
So we put two honking netfirewalls between the companies
and then you added the net andyou know it's a nightmare.

(19:19):
Now that's the perfect scenariofor v6.
Sure they haven't done it?
And I think they haven't doneit because there's hundreds of
thousands of hosts that wouldhave to be readdressed and
customers would have to takedown time, like stock exchanges
in new york, as an example.
Like this was in fintech right.
So I don't know if we can.
We got real into the weedsquick and I love it, but I don't

(19:39):
know if it helps at all at somepoint to kind of address the
higher level things like isthere complexity, are there
migration outages?

Speaker 4 (19:47):
um, like what do you think are the?
top three things stopping peoplefrom from going v6 right so
there's there's a culture thing,and so I think the culture
thing is is uh, you're alwaysbetter in your native tongue, so
we're all you know.
So I sort of look at v4 to v6translation is like when we went
from French to English.
So if you're natively Frenchand you're speaking French every
single day and we're suddenlycoming around and telling

(20:08):
everyone we have to speakEnglish and you have to learn
English, and if you want tocontinue doing your job, you got
to learn English but you'restill continuing to talk French
with all your friends everysingle day and all your work
colleagues every single day, andeveryone else and everything
you read in the paper is French,your compelling reason to move
to English is pretty low.
It takes time and it takes aset of business initiatives and
pressures to make the moveworthwhile.

(20:30):
You're going to have certainpeople that are bilingual.
They're going to make moremoney because they can talk to
both markets, so they can talkto the French folks, they can
talk to the English folks,they're going to have the
opportunity and they might makemoney in the triage portion of
working back and forth.
And then you're going to havenative English speakers who are
going to have certain advantagesaround, just the fact that
that's where the market's going.

(20:50):
It's maybe not a perfectanalogy, but it gives you an
idea of sort of walking throughthe process.
So don't hold anything againstpeople that are V4.
And I think in V4 too.
It's not like it's what Ilearned first.
It wasn't.
I didn't learn V6 first.
I think I'm much more fluent inv6 now.
So it's really a skill to learnover time and it also depends on
where you're at in your careerand what you're doing.

(21:10):
So if you're in a mobileservice provider space or in
your service provider space oryour content delivery space, you
need to know v6.
There's just no getting aroundthat today.
It's just reality.
If you're in a large enterprisenetwork that maybe isn't in the
Fortune or Global 2000 orsomething like that, you can
probably run away and avoid v6.
And if you're close enough toyour retirement age, you can

(21:33):
choose to ignore it.
And my ask of you is just don'thammer on everyone else who's
trying to get v6 deployed.
Don't do it yourself.
Go learn something else.
Go learn Python and do networkautomation.
Go learn SD-WAN and do that andget your niche and finish off
your five years and be good orwhatever it's going to be, but
you don't need to stomp oneveryone else's project.
Otherwise I'll stop on yoursand say like hey, you know

(21:54):
SD-WAN.
That was stupid.
We solved that problem yearsago.
That's just routing.
Why can't you do routing asrouting?
Are you dumb?
Do you not understand how to doBGP?

Speaker 3 (22:02):
It's just BGP and tunnels, man Right, exactly so.

Speaker 4 (22:06):
I laugh at all of those counterpoints around it.
It's like everything old is newagain, and for me I look at it
and say how can you add truevalue to your business?
For BGP global shops?
Now there are mandaterequirements from almost every
single major industrial countrythat says V6 is where things

(22:28):
need to happen, from both aninvestment, innovation.
The ITF doesn't work on IPv4anymore.
I don't know if this issomething that you guys actually
know, but from a standardsgroup's basis, they don't work
on IPv4 as a standard anymore.
It's deprecated, it's done.
They only work on IPv6 as astandard anymore.
It's deprecated, it's done.
They only work on IPv6 as astandard basis.
So do you really want to beworking on everything?

(22:48):
That's just older.
And I understand the industryand network and network vendors.
Look, you sell what's on thetruck.
So don't get me wrong.
I understand all theirmotivations around it and I
understand why every single oneof them says like oh well,
that's not something that we'reworking on, because guess what?
They're trying to sell what'son the truck.
The reality is is that massmajority of the customers will

(23:10):
still buy what's on the truck.
That's fine too, but thereality is is, if you want to
innovate in certain areas.
If you want to be able to meetrequirements for contracts or if
you want to be able to actuallyinnovate in certain areas,
you're going to need v6 in yourtool belt.
Does v6 have to be everywherein your network?
Probably not.
That's a design choice.
But if you don't know v6 wellenough, you don't know where to

(23:30):
put it and where not to put it,and that's a shame on you
because you didn't do thehomework, you weren't educated
enough.
That's like going out andsaying, like well, sd-wan is
going to solve all of ourrelated problems and we never
have to buy a managed service oran MPLS service or a VPN
service, ever again.
We're only going to buy publicinternet circuits and deal with
everything that way.
That might be true for certainbusinesses, probably.

(23:52):
If you're heavily regulated,probably not so much.
If you're the US federalgovernment, maybe not so much.
You might be deploying SD-WANon top of your managed service,
right, just to provide security.
So there's other things that goon with all of that, and not
knowing something and thenmaking design decisions or
making architecture decisions isa poor position to be in.
So my challenge to everyone iswhy don't you learn v6?

(24:14):
Understand whether it's in orout, and this is really common
with security teams.
When we go in and talk withteams, they're like well, we
can't handle v6.
We can't do with all of that.
I'm like, well, v6 is on bydefault and preferred V6 is
already running around yournetwork.
Do you want it in the camp ordo you want it out of the camp?

Speaker 1 (24:31):
Are you able to unearth their reason?
Why Is it just fear?
Is it just lack of?

Speaker 4 (24:35):
knowledge, it's fear, and they don't have time and
energy and resources dedicatedto being able to do that.
Like, how much money are youpaid to go learn v6?
Probably not?

Speaker 1 (24:44):
Is it a lot of time, money and resources?
So, like I guess you do,migrations, right, Ed, as part
of your job.

Speaker 4 (24:50):
Yeah, we mainly do.
We do training, consulting andeducation and that's.
But I'll be honest, we're asmall boutique shop.
We don't do deployment andoperations at all because
because if Walmart decides theywant us to do deployment and
operations, we disappear.
For five years.
You never hear from us again.
They're so large.
We really want to transferknowledge and information to

(25:12):
customers like that so thattheir own teams can do it,
because that's the only way youcan scale.
Their team already needs toknow it because they're going to
operate it anyway.
So our best job is to help themunderstand the protocol.
Help them to understand youknow the protocol.
Help them to understand thedesign and architecture
decisions.
Help them build an architecture.
Help them build a proof ofconcept lab to get learning and
skills and then work on a lowlevel design, because that's

(25:34):
what you use to deploy, right,but their team should know how
to deploy.
By that point, hopefully we'vedone enough.
We've done our job right anddone the knowledge transfer to
help them along.

Speaker 2 (25:43):
Well, I think I think one of the kind of beautiful
things about it is that you knowthe OSI model is the OSI model,
right?
So the upper layers of thestack don't really change that
much once you move to v6.
You know there's some nuanceshere and there, but overall it
doesn't change that much.
But you know, I think so farwe've spent a lot of time
talking about the majorbenefactors to V6 being service

(26:07):
providers, telcos, mobileproviders.
But how does this apply to theenterprise?
Because I feel like there hasto be some operational benefit
for an enterprise to move to V6.
That isn't just I'm running outof address space.
There has to be some otheroptimizations there.
So can we kind of diagnose whatthose are?

Speaker 4 (26:26):
Yeah, kevin and I can go back and forth on this one,
oh yeah.

Speaker 3 (26:29):
Well, the first thing that comes to mind for me is
that is this affects companiesof all sizes is your cloud costs
, because companies are startingto figure out that AWS is now
charging for IPv4 space or morethan they were Azure.
All the cloud operators nowcharging for IPv4 space or more
than they were Azure.
All the cloud operators arecharging for IPv4 space and even

(26:49):
some of the transit costs.
When you talk about cloudtransit costs, even I've seen
not everybody, but some of themwill even v6 doesn't cost as
much or is sometimes free, ascompared to IPv4 transit.
And so, because it costs themall at last, because, let's be
honest, most of the large scalenetworks are all IPv6 underneath
Large cloud operators, largecarriers.

(27:11):
They've been IPv6 native intheir backbones for a while.
Ipv4 is just a service thatoverlays on top of it.
Almost all the large carriersare like that, so there's big v6
only networks that are alreadyout there and then they just put
on top of what you want thatyou're going to use.
So if you want to lower yourcloud costs and you're a small
company, large enterprisedoesn't really matter you can

(27:31):
put IPv4 on top of an IPv6underlay on the public internet
and lower your cloud billbecause you can get as many IP
endpoints as you want andthere's enough ISPs, in the US
at least, and I think, europe.
It's fair to say as well thatit's not terribly hard to go do
that.
Whether you're going to get awired connection or a mobile
connection, you can do a pure V6, underlay in WireGuard or IPSec

(27:54):
, or pick your poise, pick yourflavor of VPN that you like, and
that's an immediate impact toOpEx that you're reducing just
by putting everything on theIPv6 internet, even if you're
going to put IPv4 on top of it.

Speaker 4 (28:05):
Yeah, from a transport, because you don't
have to pay for that public IP.

Speaker 2 (28:09):
Overlays just fix everything, don't they?

Speaker 4 (28:10):
They're so sick dude, Do you think the CSP should
build?

Speaker 1 (28:15):
Did they build their greenfield with v6?
Because migration seems to meto be the biggest hurdle to try
to overcome.

Speaker 3 (28:22):
Yeah, I mean that's the thing I know, that you know,
I think you know, I know Ed hasdone this.
I've, you know I've worked forlarge companies, publicly traded
companies, and I actuallyworked directly for one but way
back in the day, earlier in mycareer, and I remember doing
mergers and I mean we spent likeyears on mergers and half of it
was just when you're dealingwith these really massive, you
know, fortune 500, fortune 100type companies.

(28:43):
Trying to iron out the overlapin RFC 1918 is insane.
In fact.
I remember I was out at NFD andI went to go visit Google.
In fact I think it may havebeen the same NFD where Ed and I
met, because Ed and I also metat NFD and were V6 kindred
spirits and Google was using thecarrier grade NAT space in
their campus.
They were in IPv4.

Speaker 4 (29:01):
They were in IPv4.
They were using 100.64.0.0.

Speaker 3 (29:03):
Slash 10 in addition to IPv6, because they had run
out of RFC 1918 a long time ago.
So I mean you look at this andif you've got to merge those
together where you've got 10 dotoverlap every which way, that's
really really hard.
And so if you build a nativeIPv6 backbone and underlay in a
company, then you can put yourIPv4 as a service on top of it

(29:28):
but you're no longer worriedabout your routing underneath
having to worry about thatoverlapping, because that can be
unique space.
And one thing I think is areally important point to make
that everybody really gets up inarms about is just because you
go get IPv6 space from Aaron orwhoever your RIR is doesn't mean
you have to advertise it to theglobal internet.
So everybody gets all up inarms like I will never, ever let

(29:50):
this IPv6 touch my networkbecause our security team will
never allow it.
It's more important that it'sunique.
You don't have to advertise itand make it public.
It can just be unique spacethat you number from and use as
much as you want.
And I think that's somethingthat everybody misses on IPv6.
Just because it is publiclyregistered or registered within
RIR doesn't mean that it'spublicly accessible to the

(30:11):
internet, right?

Speaker 4 (30:12):
Yeah, good points.
I think for enterprises there'sa couple of different things
that really come to mind, atleast from the discussions that
we do with customersStrategically.
Merchant acquisition is a bigone that Kevin already mentioned
, which is really, how do youuse that to strategically solve
certain problems and theproblems that we solve for
customers around merger andacquisition really is more of a
finance thing than it is atechnology thing to be for

(30:45):
merging a company together andyou've already calculated all
the factor costs of closed datacenters, closed circuits,
transitioning people,transitioning all your services
over, and it takes you an extra24 months to make all of that
happen because you're dealingwith NAT and translations and
overlapping address space andnot enough people and resources
to actually do the work.
You have like a Delta infinancial costs that has to be
accounted for from the financeteam to have to go back out to

(31:06):
the street and say like, yeah,we actually didn't hit our marks
.
We have to reevaluate orrevalue what we actually did
performance-wise here in orderto and there may be clawbacks
that are associated with some ofthat.
So there can be real worldimpacts from a finance basis
when you can show them thattactically you can just leave
the v4 alone and never touch itagain and just hand them v6
resources, say please go, deploythese, redeploy your services

(31:28):
in v6 in our, in our cloudportion.
We never want to even talk toyou over ipv4.
You're only going to talk to usover the ipv6 allocation that
we give you.
That's how you talk back to thehead in office.
We're done.
And that means your engineeringteam can concentrate on the
things that are that good at,which is deploying new services,
doing that sort of stuff.
The v6 side should be prettymuch taken care of If they have

(31:49):
any translation capabilitiesthat they need to deal with.
Well, you're like, yeah, we'vegot NAT64, dns64, and we got CLI
capabilities to be able tointroduce that if we need to for
the mobile side, and we're done, and they're able to walk on,
and so the number of resourcesthat you need to do that work
versus renumbering across anenterprise on both sides of the
organization, is reallyimportant.

(32:10):
The second one is for very largeorganizations, and this
resonates for folks that aredealing with large companies.
Is NAT is brittle.
It breaks your routing, it justdoes.
It introduces state and itintroduces choke points within
your network topology that don'tallow for routing to do what
routing is supposed to do, whichis natural, failover
capabilities, right Of routingaround problems.

(32:33):
Pushing firewalls closer to theend client means that you know
asynchronous, asymmetricalrouting isn't an issue.
You don't care which path itgoes over and comes back to you
because the state device doesn'thave to measure or deal with
that particular issue, becauseit's as close to the client as
possible and in fact if you'redoing zero trust, effectively
the firewall component is reallyon the client itself or as

(32:54):
close as possible to it.
So you get away from acentralized firewall model.
You get away from thatcentralized NAT model.
It sort of allows you to have alittle bit more flexibility to
allow routing to do what it'sreally supposed to do, because
you can't exchange 10-dot routeswith someone else on 10-dot
routes if all the routes are thesame.
It just introduces brittlenessaround what you can or cannot do

(33:15):
from a failover in data centers.
And stamping out the sameaddresses over and over again in
all of your data center sitesbecause that's the template that
you know how to use doesn'treally scale and solve that
particular problem.
It also causes logging problemsand compliance problems and a
bunch of other issues that goalong with it.
So the global uniqueness aroundthat address space provides

(33:35):
that tool.
And to Kevin's point earlier,the global uniqueness doesn't
mean that you have to put it outon the internet.
There's plenty of address spacethat you can just say like yeah
, we just won't route advertisethis outbound.
This is designed to be ourinterior portion of our V6
address space and the firewallknows not to allow traffic
inbound for that particularaddress space or outbound for
that particular address space,depending on what your rules you

(33:57):
want to put in play.
I think the other majorinnovation area for companies is
the fact that with a plethoraof addresses comes opportunities
to build new services that youmay not have been able to build
before.
So, andy, you worked in fintechbefore.
How nice would it be to have,besides just a transaction ID,
having some sort of uniqueglobal IP address that you use

(34:20):
once, discard and never reuseagain and it's tied to that
session transaction and you knewwhat machine it was generated
off of.
You knew exactly whattransaction it was tied to
because it was tried perapplication, per transaction
it's possible to do, because ifyou take something, like you
know, a standard 64 in V6 worldright to the 64th, you decide to
do 10 million transactions asecond, never reuse an address.

(34:41):
it's going to take you 58,000plus years to burn through your
slash 64.
I think, just with that modelalone, how many people think
their data center is going to behere in a thousand years or
heck a hundred years?
So that sort of lifts that off.
You know, 10 million a second.
I don't think there's a lot ofapps that can generate and use
10 million addresses a second.
So I think you're going to beprobably pretty safe in terms of

(35:02):
your first 64, getting throughthat and being able to do some
very unique things.
Sure, can you do that with aGUID, absolutely.
You could generate random GUIDsat 2 to the 64th and do that
same way, or even 2 to the 32ndprobably, and be fine.
But the reality is, if I giveyou that as a unique transaction
, going from a mobile device, ahandset that's got a V6 address

(35:23):
on it because all the mobileproviders are V6 going to your
service that you provide, younow have much better auditing
and logging capabilities for theapplication, the session
transaction, the end user whoauthenticated the mobile device
that they talk to.
You have all of these very keysets of metrics versus going
through NAT from the publicmobile provider side that has to
go from v6 back to v4 to talkto you, talk to your v4 service

(35:47):
that you NAT translate again.
That goes through a server loadbalancer, that goes through
three-tier architecture,probably all the way down to the
database transaction.
Do you really think you haveuseful information at that point
in terms of what's going on?
Which is why, obviously, tls1.3 helps solve some of these
related.
There's other things that wecan work around, but why have
less security measures and lessinformation versus not right?

(36:10):
I mean, this is one of thosecases where this is a value
proposition of adding more tothe bucket, not less.
And so more data, moretelemetry, more information is
more useful and it guaranteesuniqueness.
And it guarantees uniquenessand I think that's lost on
people in terms of.
We're so used to associatingstateful packet inspection and
NAT as a one-to-one correlation.
There's no requirements aroundthat.

(36:32):
You could have NAT with nostateful packet inspection.
You could have stateful packetinspection with no NAT, which is
the reality of where v6 fits.
A v6 firewall is just doingstateful packet inspection, but
it doesn't have to do thenetwork address translation
portion.
One less piece of informationto float around and keep track
of.
Much more efficient, less datastorage.
When you start adding this upover the millions and millions
and bajillions of packets thatare getting pushed across the

(36:53):
network, that reduces storagecosts.
That means there's less datacenter build.
That means there's lesselectricity used.
There's actual financialbenefits that you go in that
direction.
Yes, at scale, this is allthings that have to happen at
scale, but the internet is anat-scale problem, right, that's
the whole purpose of it.
And so if you want to sort oftalk the lingua franca across

(37:16):
the internet, well, that's nowmoving from V4 to V6, and
there's plenty of organizationsthat are pushing that need
requirement that way.
And more and more concentratedservices from the CDM providers
are happening over IPv6.
They prefer them that way.
They have more addresses to beable to provide services and
uniqueness to all of theircustomers, plus to all those

(37:37):
folks.
And the reality is that the massmajority of us running around
are really consuming internetservices off of mobile handsets.
Is that the mass majority of usrunning around are really
consuming internet services offof mobile handsets?
So the enterprise fits intothis weird category of like
you're the left behind, right,even though everyone works at an
enterprise or says they work atan enterprise, small businesses
they're going to switch over tov6 and never know it, because
their service provider is justgoing to do it to them and

(38:00):
that's going to happen andthey'll suddenly get v6 working.

Speaker 3 (38:02):
It's just DNS, I mean them, and that's going to
happen.
And there's something.
It's just dns, I mean that's.
My mother-in-law has been usingipv6 on at&t for years and they
don't know it.
But when we go over there I getan ipv6 address out of the 64
they allocate into her at&tgateway and it's been there for
like a decade and it just, itjust works.
And you know, I always laugh.
I think there's a big joke inthe ipv6 circles is at least
half the people that say I'venever used ipv6 and I will never
use it are doing it over IPv6on their mobile handset.

(38:23):
That's v6 and they didn't knowit because it's been v6 for a
decade.
Right, and I think that's thething is almost all the phones,
at least in the US, mostlyEurope most of the content is v6
.
If you look at the breakdown ofthe DNS entries of most of the
stuff you use and we look at thetraffic profiles in service
providers, 60% of the stuff yougo to in your phone it's already

(38:44):
IPv6.
It's been that way for yearsand you don't know it.
Because you don't know thedifference?
Because the carriers havegotten really good at making it
seamless for you.
So I would say, if you were togo dig into your phone like
Andy's we were talking about,hey, I'm good with IPv4 and NAT.

Speaker 1 (39:07):
When you're on I and you're not on wi-fi, you're
going to be using v6, probablyfor 60 of everything you do on
your phone and you've been doingit for years.

Speaker 3 (39:10):
How do I see that there's tools that'll?

Speaker 1 (39:11):
show you, if you I don't know if you're android or
iphone it's easier on androidbecause iphone's all you know
locked down and the reason I'masking as you're talking on my
computer, on my pc I go towhat's my ip addresscom and I
see a V4 handed to me from mycarrier and it says V6 not
detected.
And I'm like, so is this myfault?
Like what's happening?
Is V6 happening?
But it's transparent.
But I'd like to do the same onmy phone, like where I want to

(39:32):
see V6.
Right, but I don't see him haveit at home, which I'm kind of
surprised or I'm doing somethingwrong.

Speaker 3 (39:38):
Yeah, Most phones if you do like what is my IP
address?
You go to one of those sites ona phone and you're on the
mobility network.
You're going to pop up on v6.
The reason is that a littlebackstory in the carrier world
when they designed LTE and 5G,they knew very quickly that it
was not going to be an IPv4problem.
A decade ago they knew thatwhen they designed the LTE

(39:58):
standard, when they designed the5G standard, the 6G standard,
and I think Andy just got hisfirst IPv6 address.

Speaker 1 (40:03):
You're right.
I just smile on his face.
I got off Wi-Fi.
I'm like, oh my.

Speaker 3 (40:08):
God, there it is.
Oh my God, I've had IPv6 for 10years and I never knew it.

Speaker 1 (40:17):
But to your point.

Speaker 3 (40:17):
Everybody on a mobile device that's out and about off
Wi-Fi is probably on a v6.

Speaker 4 (40:19):
You're probably over 50% of the stuff you go to every
day is just natively via v6 andyou never know it yeah, I mean
if in, in fact, to narrow thatdown for kevin if you're only
using, uh, the top 10 apps onany of the given platforms,
you're probably way higher thanthat yeah, 90, 90 to 100 percent
.
Uh, ipv6.

Speaker 3 (40:34):
I think the only exception is might be twitter
still yeah, I don't know ifthey've they've done it, but
youtube, netflix, disney plus, Imean all the things so that I'm
trying to get into the nuts andbolts of it.

Speaker 1 (40:45):
So is that on the platform Like, say, let's say,
facebook, because it's lessinflammatory than Twitter right
now?
So do they make a decision ontheir platform and their
software that, like, we're goingto be v6 and we're going to get
?

Speaker 4 (40:57):
v6?
Yeah, facebook was super early,so Paul Saab over at Facebook
did a huge amount of effort forporting and converting.
They actually run v6 only intheir data centers.

Speaker 3 (41:05):
Yeah, I was going to say their data centers are all
v6.
They just translate your v4coming in their entire data
centers are v6, native v6 only,so everything they're handing
out or anything you're doing onFacebook.

Speaker 1 (41:16):
It's using v6.

Speaker 3 (41:28):
Yeah, it's native v6 because, like Ed said, you're
staying end-to-end v6 nativewhen you're on v6 to Facebook.

Speaker 4 (41:33):
All the.

Speaker 1 (41:34):
ISPs are handing out v6, we can probably assume right
.
Yeah, most of them are thelarge.

Speaker 3 (41:38):
ISPs are Regional ISPs.
They've definitely done more inthe last few years if you're
dealing with a regional carrierlike an independent telco or a
WISP or a FISP.
There's been a big push inrural bandwidth, which is an
area I've worked in a lot forthe last decade, and they're
starting to realize that hey,we've got to get IPv6 in and
have been pushing for it.

(41:58):
But I think one of the bigholdouts that was a good marker
for IPv6 adoption was VerizonFios.
Verizon Fios was not on IPv6forever.

Speaker 1 (42:08):
That's who I have and I don't see a v6 address.

Speaker 3 (42:11):
Yeah, I don't know if Fios is 100%, but I know that
most of Fios is now v6 capable.
They finally kind of tipped thescales.
And as much people bag onComcast.
Comcast was an early, earlyIPv6 adopter.
They were running v6 for a longlong time as much as people
gripe about it.

Speaker 4 (42:31):
Yeah, john, jason Borkowski did a lot of work
early on around pushing v6 forComcast and did a lot of work
with helping to push standards,and then T-Mobile also.
And on the internationalfootprint basis, I mean, like
Reliance Jio in India, that's anentirely rolled out mobile
network.
That's V6 only.
They only provide translationservices back in their data
centers to get you to V4internet and they pretty much
tell everyone who wants to rideover their network and they're

(42:53):
super cost-effective in India.
So they have a huge, hugefootprint there.
So I think that was one of thereasons India's numbers shot up
from like I think they were like20 or less percent and then
suddenly they were within likethree years they were at like
greater than 60% V6 adoption forthe country.
And one of the reasons why isbecause Reliance G rolled out
across the country and providedsuper cost-effective mobile

(43:15):
services.
Everyone jumped over to thembecause they were more
cost-effective.
They were V6 only and guesswhat, everyone was suddenly on
V6.
And it's stories like that thatyou realize how quickly impacts
can happen with serviceproviders who suddenly turn the
switch on.
That can change entire marketsand that's true sort of across
the board.
And you're seeing this behaviorhappening over and over again.

(43:36):
Because why are you going toinvest in carrier grade NAT
versus just providing a nativetransport?
And then, hopefully, as moreand more services go V6, your
reliance on how much translationyou have to provide with NAT64
or DNS64 starts diminishing, notincreasing, and so therefore,
you just leave your resources inplace.
You can burn down thecapitalized costs.

(43:56):
If you take the reverseapproach, you're going to have
to continue to pay more and moreand more to do the carrier
grade NAT just to get people towhere they need to go, if you
stay on V4.
So there's a financialadvantage of taking that model
and sort of flipping it on itshead.
I don't know, kevin, you're waymore in that space than I am,
but I think that's true in termsof the long-term capitalized

(44:16):
models, right.

Speaker 3 (44:17):
Yeah, no, it absolutely is, and one of the
things that I wanted to I thinkthat I wanted to touch on that.

(44:42):
You talked about Ed a littlebit, because you were talking
about the idea of an IP pertransaction, which kind of one
of the things that wouldprobably be helpful to mention,
that I think a lot of peopledon't realize, if they've not
touched v6 is the concept ofprivacy extensions or temporary
addressing, which is, you know,what you were mentioning was
specific to the fintech space,but it's kind of an extension of
that whole idea of I'm going torotate my addresses.
So, andy, we talked about let'stalk about gaming and talk
about your gaming.
You've got kids, my kids game.
I don't know if your kids game,but let's say you piss somebody
off over somewhere and they arereally mad and they're going to
order up a DDoS attack on you,which happens all the time
Working in the carrier space.

(45:02):
I cannot tell you over the lastdecade the number of DDoS
incidents that I've responded to, just because somebody got
pissed in Call of Duty and theywent and ordered a 10 gig DDoS
attack on the dark web from oneof their friends to go DDoS an
IP address and they would throwa volumetric attack at another
gamer just because they got mad.
You can do that.
You can literally put yourcredit card onto sites on the

(45:23):
internet and order up a 10 gigvolumetric DDoS attack.
You know on demand and go pay.
You know however many Bitcoinit is to go.
Do that, you know, through yourcredit card, and that's so.
You have an IPv4 address.
You may have a public at yourhouse I guess you have a public
that you NAT through that you'renot going to get a whole bunch
of those right, like you'regoing to get one.
Maybe it'll shift every fewmonths if you haven't ordered a

(45:44):
static, but your IP is going tobe your IP.
Think about the math that Edtalked about, because this math
gets talked about a lot.
Slash 64 is in IPv6, you don'tallocate addresses, you allocate
a whole block, right Like youallocate a whole prefix, because
no longer is the routerresponsible for managing the WAN
connection.

(46:04):
Like those addresses flowthrough to all your hosts.
So you think about the way arouter works in your home.
You've got your RFC 1918 on thebackside of a router.
It's 192.168, whatever it is,and you've got your public IPv4.
And you do NAT and DNACID.
Call it a day, right, and maybeif you have two connections you
fail over.
But the router does that.
It takes care of that.
You don't have to worry aboutthat In IPv6, because every host

(46:26):
gets a public address.
It's incumbent upon the host toconnect to the internet now it
passes through the router.
So the way that they thoughtabout that and said, hey, we've
got to come up with a way tomake this a little bit more
secure when they were working onIPv6 is the idea of temporary
addressing.
So you may not know it, youlook at this, you can see this
on your phone.
But when your host gets an IPv6address through Slack not the

(46:48):
messaging platform, butstateless address
auto-configuration, which iswhat we typically use in IPv6
instead of DHCP, and everythingyou use is already preset to
grab one of these addresses viaSlack.
I don't care if it's Windows orApple or Android or whatever it
is, they will all grab anaddress via Slack, linux Well, I

(47:09):
guess in Linux and Androidthere's a few quirks there,
maybe, but most things will graban address via Slack.
And so if your router grabs aslash 64, which, as Ed mentioned
, is a stupidly large number,even though it's a single 64
that they hand out to you.
Your computer willautomatically rotate through IP
addresses using the MAC addressas a base, but then it
randomizes the host portion ofyour IP address.

(47:31):
So basically, when you browsethe internet, the IP that you
use the exact IP that you usemay only be there for a few
hours, maybe a couple days, andthen it's going to rotate to a
new one and you don't have to doanything.
Your computer manages this foryou automatically.
But the likelihood that theycan go find number one, they can
even find that address.
Because even if they do findout what your v6 address is, who

(47:52):
says you're going to have it intwo hours?
And then they've got to figureout what subnet boundary you're
using, because you could have a64, you could have a 56, you
could have a slash 48.
And it's so hard to figure thatout if you don't have a DNS
entry to map to it when you'relooking in on the LAN.
So I'll give you an example.
I have an RDP server that istotally open to the internet, no

(48:13):
firewall, on 3389, on IPv6.
I've had it for four months,zero scanned hits.
Nobody's ever found it.
Because if you go and scan evenjust the 64 that they allocated
to me in Vulture.
Like Ed said, if you scan 10million addresses, it would take
58,000 years just to scan that164.
And that 164 is like one grainof sand on all the beaches on

(48:37):
the planet.
The IPv6 space is sonumerically large that it's
impossible to scan.
Now.
That's not to say that youshould abandon best security
practices and that you'll neverhave to secure it, but the tools
available to you to be able tosecure your infrastructure at
layer three are phenomenalcompared to V4.

Speaker 4 (48:55):
Yeah, there are ways of guessing, andy.
We had a show that talks aboutthere are operational procedures
that a lot of folks do thatmake them more vulnerable to
scanning detection, because ofRight, like if you're manually
assigning out of ranges andthings.
yeah, Ranges, and there's thingsthat you can do that are like
oh, we're mapping our V4 backinto our V6, which is like

(49:17):
you're going to make yourselfsusceptible to scanning
algorithms, because bright folkshave figured out that these are
the sorts of things that youcan do.
There's also things likepre-built addresses around
EUI-64.
Well, those only have to existwithin the 48-bit portion of it
so you can do some mappings tofigure out all the possible
addresses that a EUI-64 couldpotentially use on a given

(49:39):
manufacturer, so you can scanthose range sets.
Certain manufacturers don'texist anymore, you eliminate
them.
Like there's lots of things youcan do to sort of reduce the
space of or footprint of of size.
So I don't want to, I don'twant to play into too much of
like it's so vast that you couldnever.
You could never do it.
But I think it's.
I think it's it's unreasonableto do unless you have a targeted

(50:00):
attack of really understandingwhat you want to do, and then it
might be worth some effort andtime.
And to Kevin's point, you'renot going to order up a 10 gig
DDoS attack against an addressthat might just disappear in two
minutes, cause it's not veryfinancially cost-effective.

Speaker 3 (50:14):
No, and I mean that's why I just do this.
Out of curiosity.
I throw away boxes that Imonitor and just scan, like has
it ever gotten hit?
Because on a v4 address you'regoing to get hit 30 seconds
within.
Popping it up online, it'sgoing to start getting scanned.
But I haven't had a single hiton this and it just uses a Slack
address.
It doesn't use any, it's justusing a randomized Slack that
isn't based on the Mac, it'sjust randomized Slack and in

(50:34):
four months, not one hit, not asingle scan, not a single packet
has come into that host fromthe internet.
Can you?

Speaker 1 (50:41):
I know I should know this.
Can you quickly tell me whatSlack is doing?
It's like I know it's aprotocol in v6 and it's somehow
random.

Speaker 4 (50:50):
Is it taking the?

Speaker 1 (50:50):
v6 unique address and randomizing something.

Speaker 4 (50:53):
Well, so Slack is actually an address allocation
method.
So we have DHCPv6 and we havestateless address
auto-configuration and then wehave manual or statically
configuring something.
Those are really the threeprincipal address allocation
methods and Slack is reallydesigned to allow a host to come
on and self-provision anaddress.
And there are different methodsof self-provisioning an address

(51:13):
and that's what Kevin was wastalking through.
so there's something calledeui64, which is an older method
that would basically use yourmac address stuff's fffe in the
middle and switches a global bitto a local bit so that you know
that you're you're locallysignificant right and and that's
utilized as as eui64 and manynetwork gear.
You still use as eui64 becauseit's perfectly legitimate and

(51:35):
your router is not going tochange its address Actually
you'd have to look now, butUbuntu and.
Red Hat, don't do that anymore.
On the server side they maystill do it, but for the general
client side they don't do itanymore.
Under Slack you also have theconcept of a temporary address

(51:59):
and you have the concept of aprivacy address.
And the privacy address isreally that random generation of
a 64-bit number that youutilize in order to build your
address.
And a temporary address is alsoa randomly built one, but you
only have it for a shortduration of time.
And then there's someadditional RFCs that just came
out that are around the conceptof what's called stable Slack,

(52:20):
stable Slack being you're stillrandomizing or generating your
address, but when you come backto the office and you're on the
same SSID Wi-Fi, you're going togenerate the same address that
you used yesterday just to helpwith things like logging and
other things that enterprisesmight want to have available to
them and, just for consistency'ssake, around things like DNS

(52:41):
and a few other things.
But those are the standardmethods that you see.
There's a couple other thingsthat are we can throw in the
loop there and there's someoddball things that impacted,
like rotating Mac addresses andthings of that nature that were
put out there by certainhardware manufacturers to sort
of introduce more entropy ormore capabilities of providing
randomness.
But that's what Slack primarilyis.

(53:05):
It's an address provisioningmethod and it's designed to
allow a computer to be able tocome up, or an IoT device that
has a very low footprint,doesn't have a DHCP client on it
, to be able to come up, builditself an address and
participate on the network.
And the way it's able to dothat is Slack is really an
indication from the router.
It's a router advertisementthat says, like hey, go ahead
and auto provision an addressfor yourself and we're going to

(53:28):
provide you the prefixinformation.
You go ahead and build youraddress portion and you know
where the default gateway is,because I am the default gateway
.
I'm the router that's providingthe router advertisement.
Therefore, I am the defaultgateway and I'll also provide
some other useful information.
So there were two RFCs 6106 and8106 that introduced the
concept of basically, dnsinformation in the router

(53:48):
advertisement.
So that's the two things youneed, right?
You need an address.
Well, three things you need anaddress, you need a default
gateway, you need a DNS server.
Once you have those threethings, you can participate on
the internet with zero issue.
That's what Slack provides you.
Can you do all the same thingswith DHCPv6?
Yeah, absolutely.
But you will get a singularaddress that was assigned to you
from the DHCPv6 server in thetraditional DHCPv6 realm from

(54:11):
that server and you'll beprovided a DNS server.
That is provided in thatmessage.
But you will still use thedefault gateway from the router
advertisement, unlike v4, wherewe provide a default gateway.
We don't do that in v6 becausethe router advertisement is the
default gateway.

Speaker 1 (54:26):
Chris, you have a CCIE, so maybe this isn't
happening to you, but is yourbrain exploding when they're
talking about all the stuff thatv6 does and can do?

Speaker 2 (54:36):
No, I definitely knew a lot of this information, um,
just with regards to how v6functions and things like that.
But one thing that I you know,calling back to your previous
point, you were making kevinabout security practices and
what the implications are withv6, um, I would, I would be
upset if I didn't take theopportunity to drop my favorite

(54:57):
trope about v6.
I like to just kind of dropthis in the room like a grenade
and run away, but I love sayingthat NAT, specifically within
the concept of IPv4, nat, issecurity, because there is
inherent things that you get outof obfuscating what the address

(55:18):
is on your physical machine.
From a philosophicalperspective, we can definitely
say like, oh, your securitypractice, your practices, should
be up to par so that exposingyour IP of your machine on the
public Internet should not be aproblem.
Public internet should not be aproblem.
However, that that there's, youknow, I think.

Speaker 4 (55:38):
I think some of the V6 adoption that is scary is
just what what that means foryour entire endpoint security
practice when you move to V6,right, that's a good point,
chris I, I, I address thatmainly as saying like bad
operations is bad operations.
Um, so what do you get out ofNAT?
Nat allows bad operations.
That's the reverse.
That's the reverse of theargument, which is really to say
like, what does NAT enable you?

(55:59):
Well, it allows you to be alazy, not very studious,
particularly refined securitynetwork operator, and if that's
going to be your crutch, I'mokay with that.
That's fine, because there's aninherent security posture
that's associated with that.
Do I want you running my network?
No, not particularly.
I want people that have thetraining, the education and the

(56:21):
understanding that they do allthe right things, regardless of
whether it's v4 or v6.
This should be true regardlessof the networking protocol that
you're choosing to do, yourimplementations of your security
practices, your network hygieneas it would be right In terms
of how you choose to propagateyour routes, your availability,
how you handle failover.
All those things should bedesigned in architecture

(56:42):
decisions that were madeintently, not by some default
behavior of how an applicationor a protocol was built
initially.
And so that's sort of likesaying, like yeah, I'm perfectly
good firing up BGP andadvertising default route Right.
Like, okay, sure, but we gotover that years ago back when we

(57:03):
made those mistakes, and everysingle service provider is going
to filter out your defaultroute that you're providing
upstream to them Are you aparticularly good network
engineer.
If you do that, I would sayprobably not.
Can you do it Absolutely Right?
So I see Nat falling in thesame category.
Is the default behavior andposition of it a better security
profile?
Sure, is turning off yourcomputer a better security

(57:23):
profile?
Absolutely, and I see that inthe same category.

Speaker 3 (57:28):
And this is where it's a bit of an apples and
oranges to me, because, goingback to the idea of if, nat, I
have, like what?
Maybe one address, five, six,maybe if I have a really big
enterprise, maybe I have a wholeslash 24.
But you're talking aboutaddresses that are shifting
every few minutes that you'reusing.
Like to Ed's point, what if youdon't ever want to reuse an

(57:48):
address, not just from anidentification perspective but a
security perspective, like, hey, I just bought something on
Amazon and I used a one-timeIPv6 address to make that
purchase and clear that creditcard transaction, and that IP
address will never get used inthe global internet, ever again.
There is enough space to dothat.
So when you're having that kindof a conversation versus a oh,

(58:11):
I got to make sure that nobodycan get through my port forwards
and my four or five IPs thatI've got we're talking about
entirely different worlds,operational worlds.

Speaker 2 (58:23):
I totally agree with both of you guys.
I think what we're getting atis there's obvious reasons why
you should move to v6 and whyit's great.
I think what we're articulatinghere is why it's so fucking
hard.
There's so much more you've gotto do.
It's a lot of it's great.
I think what we're articulatinghere is why it's so fucking
hard, right?
Oh yeah, there's so much moreyou got to do.

Speaker 3 (58:39):
It's a mental.
A lot of it's just mental.
I'll use myself as an example.
I remember I first touched IPv6when I studied for the CCNP.
I mean it was in the CCNP, theold CCNP, the route switch,
t-shoot, ccnp, ipv6 in there andI mean, oh my God, I was like,
you know, it was so foreign tome, it was so hard to work with.
I think that was back when wehad World IPv6 Day in 2011.

(59:00):
I remember that was going on andI tunneled in and I pinged
stuff and felt awesome and youknow, it was hard to learn and
that was just learning it likein a textbook sense.
Well then I, you know, spentanother 10 years like actually
learning how to implement it ina real network and all the
things that go along with thatof what are the operational
challenges of integrating withsoftware and in the ISP world,

(59:22):
how do I make sure that I tiebilling into IPv6 and make sure
that the billing software isgoing to work with all this so
that when you go buy a circuit,I know that it ties to your
address and your physical streetaddress and the router that you
have?
So there are all thesechallenges of how does IPv6 work
in that world and I think forme the realization that I made

(59:44):
and I was talking about thiswith Andy because we were
talking in the CCNP Encore chatfor people that were learning
IPv6 for the modern CCNP and myadvice was you just have to
start using it and, whetherthat's tunneling in your house,
use it in the cloud.
The more you use it, the morecomfortable you'll get with it,
because the hex format seemsscary but we use MAC addresses.

(01:00:04):
That's always my oh my God.
There's letters and numbers inthere.
But then you think we use MACaddresses every day as network
engineers.
But I think it's the subnettingof it along.
A MAC address is just a randomstring of numbers, right, like
it's got to know UI and all that.
But otherwise you don't have tothink too hard about a Mac,
it's just whatever it is.
But you have to think about thesubnetting of it and like I
think that's what is scary topeople is the very just the

(01:00:27):
fundamental concept of you learnIPv4 subnetting and it's that's
kind of hard when you firstlearn it, but you kind of figure
it out and you understand thepatterns.
But then when you look at anIPv6 address you're like, well,
when do I increment an A to a B,and when does a one?
become a seven and that's what'smentally hard as a network
engineer to wrap your headaround if you're doing it for
the first time.

Speaker 4 (01:00:46):
Well, and it's taking that V4 principle, thinking and
thinking that it applies to V6,as opposed to just saying stay
on the nibble boundaries andmake your life simple right and
don't take any of that baggage,going forward and understanding
some of the baseline principlesof how to build your address
space, and also that you aren'toperating in a world of scarcity
anymore.
I think that's really really,really hard.

(01:01:07):
All of us are operating in amode of scarcity in v4.
Right, how much I gotta.
I gotta design this subnet toabsolutely fit whatever.
I got eight hosts.
I got to do exactly this inorder to, or I got 17 hosts.
I got to do like you'refiguring out, you're doing all
the bit level math to figure outwhat that subnet size needs to
be.
No, no, no, get rid of that.

(01:01:29):
V6, you've got a 64.
You got a point to point linktwo addresses that you need, a
and B right.
Two.
Link two addresses that youneed A and B right.
Two addresses out of a 64.
You're like, oh my God, that'sso wasteful.
Okay, well, let's talk throughsome math again.
You got 10 million hostssitting on a LAN network.
I don't even know how you get10 million ethernet ports all
connected together, but let'sjust assume we got 10 million

(01:01:51):
biggest LAN party ever.
You look at the rounding errorof how many zeros you have.
It's the same as using twoaddresses and using 10 million
addresses, the number of zerosout to the right.
It's ridiculous out of your twoto 64.

Speaker 2 (01:02:04):
Kubernetes is saying hold my beer, Hold my beer.
Well, and so?

Speaker 4 (01:02:07):
let's talk about that .
Let's talk about the innovationand the opportunity that v6
provides.
That is not there for v4.
Scaling application services isa real-world problem for all of
us, and doing this on a globalbasis with a global unique
endpoint, where multipleKubernetes, clusters, could be
able to then spark servicesacross clusters in different

(01:02:31):
geographies and still have aunique identifier for each
application that spins up.
You can do that in v6.
To do that in v4, we have towrite three different layers of
services abstractions to getthat to function.
That's the sort of brittlenessthat I'm talking about is that
those state requirements are allin there, versus just a single
update that says my serviceoperates on this IP right, just

(01:02:54):
route as routing and you're done.
That's the opportunity that wehave with v6.
That does not exist in v4 andyou can't solve with v4 as it
exists today, and that's justthe reality of just the laws of
big numbers in terms of solvingthat particular problem.

Speaker 3 (01:03:11):
Yeah, and I'll give you a good scale example,
because everybody thinks scale.
You think Amazon right, youthink Amazon.
You think Azure, you thinkFortune 100.
I worked on a regional utilitycompany a few years back and
they had 800,000 power metersthat they had to network and
that was.
You know how many 10-dotsubnets are you going to carve
out for 800,000 hosts?

(01:03:31):
Right, like that's a lot.
And in IPv6, it was easy.
It wasn't, I mean easy, it wasstill work, but it wasn't like
it's not a big deal.
I mean, 800 000 is a drop inthe bucket of a 64, of a single
64 so you know when you'redealing.
And that's why I say scale isnot just a big company problem.
Scale is an everything problem,depending on what world you
live in.
And if you're a regional powercompany, you know that's um,

(01:03:55):
that needs that, it needs to beable to, you know, to use that.
And energy is big in this, likeenergy, not just power, but
anywhere in energy and theindustrial space, they're
constantly have these scaleproblems, even if they're not,
like you know, a Fortune 500company.
So I think that's you know,that's where IPv6 is the scale
solution without a doubt in mymind.

Speaker 4 (01:04:15):
Yeah, I mean there's some interesting side facts
because of that exact portion ofscale that Kevin mentioned.
When we typically ask folkslike hey, what's the most
prolific routing protocol thatexists out there period, Not
just the internet but just as arouting protocol and I would say
almost universally, everyoneanswers BGP.
But that's actually not true.
It's Ripple.

(01:04:36):
It's probably the most widelyused routing protocol, just
because of how many end hostsare running it, because all
these power meters are runningRipple in order to be able to
provide mesh networks and v6 isa perfect alignment with being
able to do that.
But no one knows that thesenetworks run or operate this way
because the number of peoplethat it takes to run and operate

(01:04:57):
them is significantly smallerthan the number of people that
have to all agree on how theglobal internet routing table
needs to work.
So it's very interesting howsome of this stuff plays out,
because I think v6 in many waysis sort of a hidden adoption
feature and enterprises don'tnecessarily see it in the same
way.
Adoption feature andenterprises don't necessarily
see it in the same way.
I would argue that manyenterprises would probably be

(01:05:19):
fine over the next decade notdoing crazy accelerated work if
their principal business is notto do work on the internet.
If your business is making moneyon the internet, not having a
v6 presence will hurt you overthe long run.
Now, do you have to makeeverything v6?
No, but the moment you turn upv6 presence will hurt you over
the long run.
Now do you have to makeeverything v6?

(01:05:40):
No, but the moment you turn upv6 services, your app and qa and
test team all and your dev teamall need to have access to v6
to be able to test and validateand make sure it works.
So then you start introducingmore and more segments of v6
inside your, your network.
Then your security team's likewell, then we have to secure it
and you might as well bring itinto the fold and you might as
well start using it.
And so that's the naturalprogression that we see
organizations take is reallythey're taking that first bite

(01:06:01):
of the apple, saying we need toprovide services.
Some outsource it.
They're like our CDN providerhandles that for us, that's
great.
And if their principal portionof your business is just to
provide content, behind a CDNservice for them to get to your
website and that's the only waythat you participate on the
internet and everything else yousell doesn't have anything to
do with that awesome.
You're probably a really oldcompany that isn't doing

(01:06:22):
anything interesting andinnovative.
But if that's all you need inorder to guarantee your revenue
stream, I'm not going to tellyou to use v6, except for to
just go click the button on yourCDN provider, Go, and
Cloudflare probably alreadyenabled it for you.
Go, click the button in Akamaior whoever else you're using.
That's fine, that's not aproblem.
But for those that want toinnovate and those that want to
grow their opportunity space onthe internet, the internet is

(01:06:44):
moving to v6 and leaving out 47%of the people on the internet
as it exists today.
As Andy started off the top ofthe show with, If you don't want
to address 47% of the market,okay, that's your choice right
Now.
If you want someone to proxythat session to you, INT Mobile
and Verizon and AT&T are allgoing to proxy to get those
folks over to you.
You're going to deal with morelatency.

(01:07:05):
They own the customer at thatpoint, not you anymore, because
you're not providing a nativeservice.
You have to go through theirservice in order for them to get
to you.
If you're comfortable with that.
If you don't want a directrelationship with your customer?
Awesome, You're fine, noproblem.
Go talk to your business folksand ask them if they would like
to be in that position.
We don't have a directrelationship with the customer.
In other words, we only speakFrench, but they're all speaking

(01:07:29):
English.
But we're cool, we just havethese companies are providing
translators for us.
Well, wait a second.
We can't talk directly to ourcustomer.
No, we have to go through theseother folks to do that.
Are you comfortable with that?
Do you not want to own it?
Perhaps we should hire somepeople that are bilingual
Suddenly.
It's like will this impact ourrevenue?
Well, I don't know.
If suddenly we can't speakEnglish anymore, is that going

(01:07:51):
to impact us?
I don't know.
That's a business decision.
It's not a technology decisionanymore.

Speaker 3 (01:07:55):
Not only that, but the other thing I'd say is that
you know, going back to Andy'spremise of well, I have NAT,
isn't NAT and IPv4 good enough?
Nat only works with IPv4 reallywell when you have a public
endpoint to hit.
Right Like it only works whenboth sides are NAT, like I don't
know how much you've ever triedto like when both parties are
not, like how many services itsucks right like there's not

(01:08:16):
everything works when bothparties are not.
So imagine now I'm gonna, I'mgonna, uh, inject a thing that's
happening.
Now, you know, have you seent-mobile selling their 30
internet?
Have you seen verizon sellingtheir 30 5g internet?
Have you seen at&t sellingtheir 30 or 40 5g internet?
You're not getting a public withthose connections.
That's the fastest growing.
Fixed wireless access is thefastest growing segment of

(01:08:39):
internet access around the world.
Fiber's big, don't get me wrong.
Fiber's out there.
Fiber's a big thing, butselling the capacity of the 5G
networks that they've built is ahuge thing.
And you've got Starlink in thatequation.
You've got the wireless ISPs Iworked for in that equation, and
so you're largely not gettingpublic addresses.
So NAT only works when you havea public address to go to, and

(01:09:02):
that pool is shrinking rightLike the pool of available
addresses is just-.

Speaker 4 (01:09:05):
Come on, kevin.

Speaker 3 (01:09:07):
Upnp works great yeah yeah, I mean, and the people
that are getting on theseconnections are starting to
realize this the guy that's onStarlink that, like you, were
talking about Ed gaming on CGNet.
If you're on Starlink and you'regaming with your buddy that's
on the T-Mobile connection likeyou're not going to have the
same experience unless you'renative V6, which Starlink does

(01:09:29):
have and you can be on V6.
And most of the fixed wirelessaccess have V6 native.
You're going to have a betterexperience if you guys can ride
across v6 and talk to each otherthan across the cgnat v4
gateways, because that's thefastest growing area of internet
and so the landscape ischanging as broadband changes
and I think that's the otherthing you're going to see out of
the next five years is thatpeople that say, hey, why am I

(01:09:52):
paying verizon 100 bucks a monthfor fiber when I can go get
this $30 a month 5G connectionand it's great, and it is great
until you got to talk tosomebody else that's also NATed,
and then your world's going tostart to suck a little bit.

Speaker 4 (01:10:04):
Well, and I think the other one for enterprises is
now that the well.
I guess it depends.
I guess if you're working forAmazon right now, that's a work
from home really isn't an option.
But for those of us in theregular world, if you're working
from home, you're more thanlikely your employee has both V4

(01:10:24):
and V6.
Unless you're doing the workand the effort of really
understanding how they'reaccessing resources, your sort
of enterprise posture aroundzero trust may not be what you
think it is right In terms ofescape and just latent threat of
the fact that V6 is operating.
If you're not putting into yoursecurity posture and your
assessments and the work toactually control v6 for that
endpoint in the same way thatyou're doing for v4, you

(01:10:46):
actually don't have the samesort of secure posture that you
think you do.
And if you're only audit andlogging and reporting on v4
related information, you'reprobably missing a ton of V6
related traffic that that youknow end user is actually doing.
And so my argument is yourather have it in the tent in
the camp than out of, and so byputting it into something that
you deploy, control and operate,you therefore are in the

(01:11:08):
driver's seat of controllingwhat's going on.
Do you have to be, you know,deploy everywhere?
No, not necessarily, but it'snice to have those controls and
understand how to how to operateit Right.

Speaker 1 (01:11:19):
I feel like we could talk forever and still not like
I.
I've learned so much and thishas been so great.
And AJ is going to yell at mebecause we're over an hour, but
I don't care.
But I know Chris has a meetingcoming up soon.
He's on the other side of theworld so unfortunately, I think
we have to start wrapping up.
I learned a ton and there werelike Ed, I've never heard
anybody say through everything,a way that you know about V4

(01:11:42):
because it doesn't translate toV6, and just go in there
clear-minded.
I find that helpful because Ithink we do bring in our
experience and our biases intothings we're trying to learn.
And if you come up learning oneaddress scheme forever and then
there's this new one, you aregoing to bring in what you know
and they just don't.
I'm going to try because I'mstudying for the NP as well I'm

(01:12:04):
going to flush out the V4knowledge and go back to that V6
chapter, I think with a freshmind, because there's just so
much cool stuff and differentstuff and unique things
happening in V6.
And my brain explodes becauseI'm like wait, this is so
different than v4.

Speaker 4 (01:12:18):
And Andy, since you just wrote your first Python for
grabbing and doing config workout of a routing platform, it's
the same thing.
A CLI is going to be differentin terms of how you interact and
what you learn and how youthink about interacting with
that particular device, versusyour Python code and how you
think through code and how youthink through libraries and how
you're writing code sets tofigure out how to gain that same

(01:12:40):
information.
You're doing the exact samething.
You're just showing a routingconfiguration, but the reality
is the two processes are very,very different, and I think
that's true for v4 and v6 inmany ways, in that same sort of
skill set and knowledge, it'sdifferent enough that you will
make mistakes.
So don't do yourself adisservice and go back and learn
the fundamentals.
And to Chris's point well, youknow we say OSI model, it's

(01:13:03):
really TCP model, right?
We get down to the real worldof what's actually implemented
versus this theory world of OSI.
Osi is just a theory, TCP is anactual.
It's a real.
That's how code's actuallywritten.
Study that and reallyunderstand that.
And when you understand thefundamentals of how neighbor
discovery works and how theaddress protocol is put together

(01:13:23):
and how extension headers arebuilt and all of those
fundamentals.
It's the same knowledge andeffort that you went in to learn
before.
You just forgot that you spentthis much time and effort all
those years ago putting intolearning that and being an
expert at it the way you aretoday.
You have to do the same effortto become that expert in v6 so
that you can make goodarchitecture decisions and

(01:13:45):
understand the impacts of thedecisions you're making.

Speaker 1 (01:13:47):
Well said, I almost quit my NA studies over v4
subnetting.
So yeah, I just got to rememberhow hard it was and put half
the effort into v6 and I'll befine.
Kev, you have any closingthoughts before we get out of
here?

Speaker 3 (01:13:58):
I think you know I would speak to the network
engineers that are going towatch this and are going to say,
hey, this is really hard, Ijust don't know how to wrap my
head around it.
There's so many resources outthere that you can use to wrap
your head around IPv6 and getinto using it.
Use the cloud.
There's free resources, freetraining resources, things.
There's certainly more todaythan there were a decade ago

(01:14:19):
when we had to build tunnelsinto Hurricane Electric and all
those things.

Speaker 4 (01:14:23):
There's tons of stuff out there.
Still use them, thoughHurricane Electric's still great
.

Speaker 3 (01:14:27):
Hurricane Tunnels are great.
Yeah absolutely, but use yournetwork modeling software,
whether you're using CiscoModeling Lab, eveng which is
what I use GNS3.
Use your modeling software, useyour network operating system
of choice and start playingaround with it.
Play around with it on the liveinternet.
Play around with it and Ipromise you, if you spend even
like an hour a week just playingaround with v6, in a few weeks

(01:14:49):
you're going to know so muchmore and feel so much
comfortable about IPv6, justtinkering with it, than if you
just keep staring at those, ifyou keep staring at the hacks
and like, oh my God, I justdon't want to even touch this
with a 10-foot pole.
So my advice is roll yoursleeves up, dig in, don't be
afraid to make mistakes and getinto IPv6.

Speaker 1 (01:15:07):
Great advice Kev Chris yeah.

Speaker 2 (01:15:10):
I think, amazing points both from Ed and Kevin.
And one thing I'll add to bothof that is I think there's one
thing that network engineersreally value and that's
predictability and control.
And I think some of the thingswe talked about today can seem
kind of scary, Like how are yougoing to predict when addresses

(01:15:31):
are constantly changing andthings like that?
Right, so my feedback with thepeople that are just kind of
maybe finding their feet andgetting comfortable with the
stuff, things that are not goingto change and they're still
going to be very important, nomatter what, is routing and DNS
so figure those things out, knowthem very well and and I think
you'll be you'll be set for thelong haul.

Speaker 1 (01:15:53):
I love it.
Thanks so much for coming on,guys.
I learned so much.
I don't think this will be ourlast V6 episode, because there's
just way too much to cover anda lot to unearth there.
Kevin, if folks want to findyou, where are you at on the
interwebs?

Speaker 3 (01:16:06):
Yeah, so you can find me on Twitter X whatever you
want to call it at StubArea51.
Same as Drew on LinkedIn.
I'm StubAA51 on LinkedIn and onmy blog at StubberA51.net.

Speaker 1 (01:16:17):
Awesome.
Thanks, kev Ed.
Where can folks find youbesides the IPv6 Buzz podcast
hosted by the Packet PushersNetwork?

Speaker 4 (01:16:24):
Yeah, you can look me up on LinkedIn.
Ed Horley, I have a prettyunique last name.
If you want, you can buy myincredibly old IPv6 book now
because I wrote Practical IPv6for Windows administrators.
So if you feel like readingwhat my opinion was about IPv6 a
decade or more ago, feel free.

Speaker 1 (01:16:42):
Awesome.
Thanks, ed and Chris, of theCables to Cloud podcast, which
you should definitely go checkout.
Very great show.
Where can folks find you?

Speaker 2 (01:16:50):
Yeah, definitely reach out to me on LinkedIn or
on Twitter.
I'm not on X, I'm only onTwitter, because that's the hill
I'm dying on at BGP main.
And, yeah, reach out.

Speaker 1 (01:17:03):
Thanks guys.
I'm at I don't know what thehell I'm at on Twitter Andy
Laptev.
I think it's Andy Laptev, Idon't know.
You can find me there.
Look for Andy Laptev.
I think I'm the only AndyLaptev on Twitter and probably
on the internet Kind of a uniquelast name.
You can also find all the Art ofNetwork engineering cool stuff
on our link tree, link treeslash, art of NetEng.
I like to remind folks that wehave a Discord server called

(01:17:26):
it's All About the Journey.
I think we have about 3000-ishtech folks in there and I'm in
there a lot currently studyingfor the CCMP.
We have a great study groupKevin mentioned he's in there.
There's experts in there thatare helping the new folks.
There's new folks coming inlike what do I do?
We have an NA study group, anMP study group and pretty much

(01:17:47):
every other vendor just folks inthere trying to learn and
really helping each other out.
It's all for free andeverybody's just there to help
each other, which is super sweet.
So you can find that on ourlink tree as well as all the
other cool stuff.
Great show, guys.
Thank you so much and we'll seeyou next time on the Art of
Network Engineering podcast.
Hey everyone, this is Andy.
If you like what you heardtoday, then please subscribe to
our podcast and your favoritepodcatcher.

(01:18:08):
Click that bell icon to getnotified of all of our future
episodes.
Also follow us on Twitter andInstagram.
We are at Art of Net Eng,that's Art of N-E-T-E-N-G.
You can also find us on the webat artofnetworkengineeringcom,
where we post all of our shownotes, blog articles and general
networking nerdery.
You can also see our faces onour YouTube channel named the

(01:18:31):
Art of Network Engineering.
Thanks for listening.

All Episodes

Episode Transcript

Popular Podcasts

Dateline NBC

Stuff You Should Know

Intentionally Disturbing

.css-15opob5{left:0;position:absolute;top:0.8rem;} All Episodes

.css-14f5ked{margin:0;word-break:break-word;display:-webkit-box;-webkit-box-orient:vertical;box-orient:vertical;-webkit-line-clamp:2;overflow:hidden;}Exploring the Future of Networking with IPv6 Adoption

Episode Transcript

Popular Podcasts

.css-r6mb8g{margin:0;word-break:break-word;display:-webkit-box;-webkit-box-orient:vertical;box-orient:vertical;-webkit-line-clamp:1;overflow:hidden;}Dateline NBC

Stuff You Should Know

Intentionally Disturbing

All Episodes

Exploring the Future of Networking with IPv6 Adoption

Dateline NBC