[ipv6-wg] Re: [address-policy-wg] Commercial IPv6 firewall support

[jwkckid1@localhost]

Nick and all,

  Chiming in here as a kinda unusual occurance.  

  I agree with Nicks assessment here unfortunately.  Seems 
across a broad business spectrum a disinterest in IPv6 remains
or presists.  Given, what I believe to be an accurate essesment
by Nick below, it would seem that a more concerted effort to
make IPv6 more palatable in very short order is advisable.  As
to how to accomplish that, I do not know.

-----Original Message-----
>From: Nick Hilliard nick@localhost
>Sent: Oct 27, 2007 9:25 AM
>To: michael.dillon@localhost
>Cc: address-policy-wg@localhost, ipv6-wg@localhost
>Subject: Re: [address-policy-wg] Commercial IPv6 firewall support
>
>> Some people have claimed that they cannot yet sell
>> IPv6 Internet access because there is no IPv6 firewall
>> support. According to this ICANN study:
>> http://www.icann.org/committees/security/sac021.pdf
>> this is not quite true. At least 30% of the 42 vendors
>> surveyed, had IPv6 support.
>
>There is, of course, "support" and support when talking about any feature,
>whether ipv6 related or not.
>
>As a useful example of what "support" implies, the "support" from one of my
>firewall vendors includes basic support for ipv6 packet forwarding and
>filtering, but no support for configuring this from the GUI.  And no support
>for failover / failback on ipv6.  And no support for ospfv3.  Or DHCPv6.  Or
>v6 support for VPNs.  And so on - you get the idea.  There are piles more
>features which just aren't there if you use v6.  In fact, I would suggest
>that there is such a large functionality gap between their ipv4 and ipv6
>support right now, that even if they invested heavily between now and the
>current expected dates for ipv4 exhaustion, I seriously doubt that they
>would achieve feature parity, not to mind stability parity for these
>features.
>
>I have talked to them about this, and their opinion is that there is no
>commercial demand for ipv6, and therefore ipv6 feature parity is on the
>feature roadmap.  And indeed, it is difficult for the organisation I work
>for to demand ipv6 support, when other companies can talk to their vendors
>with a EUR100m firewall / networking contract going a-begging.  I have
>little doubt that this is the reason that MOP got re-enabled by default on a
>certain router vendor's products.
>
>
>Them:   "We have EUR200m to spend and we want MOP enabled by default".
>Vendor: "Three bags full, sir".
>
>Me:     "I want to you spend $50m in development costs to support ipv6, and
>        then i'll buy some low end kit from you"
>Vendor: <laughs hysterically>
>
>Open source solutions tend to fare better in this regard.  Lots of people
>may end up using them in a future ipv6 world, but you're not going to end up
>seeing F500 companies stampeding to replace their current high-end solutions
>with m0n0wall installations, just because they have more-or-less parity
>support for ipv4 and ipv6.
>
>There's a more interesting discussion of this of this linked from:
>
>http://www.arin.net/meetings/minutes/ARIN_XX/ppm.html
>
>See the talk entitled "IPv6 Support Among Commercial Firewalls", by Dave
>Piscitello.
>
>Nick
>
>-- 
>Network Ability Ltd. | Technical Operations    | Tel: +353 1 6169698
>3 Westland Square    | INEX - Internet Neutral | Fax: +353 1 6041981
>Dublin 2, Ireland    | Exchange Association    | Email: nick@localhost
>
'Regards,
Jeffrey A. Williams
Spokesman for INEGroup LLA. - (Over 277k members/stakeholders strong!)
"Obedience of the law is the greatest freedom" -
   Abraham Lincoln

"Credit should go with the performance of duty and not with what is very
often the accident of glory" - Theodore Roosevelt

"If the probability be called P; the injury, L; and the burden, B; liability
depends upon whether B is less than L multiplied by
P: i.e., whether B is less than PL."
United States v. Carroll Towing  (159 F.2d 169 [2d Cir. 1947]
===============================================================
Updated 1/26/04
CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS. div. of
Information Network Eng.  INEG. INC.
ABA member in good standing member ID 01257402 E-Mail jwkckid1@localhost