Did you hear about this? Probably not, so here it is… Google’s YouTube IPv6 traffic increased 30% last week. This intel comes to us from one of the world’s largest IPv6 ISP’s—the venerable Hurricane Electric in Fremont, Ca—whose own IPv6 traffic has already doubled this year. Just yesterday, Hurricane Electric actually claimed to be the world’s largest IPv6 ISP!

Meanwhile, across the country on the East Coast, Comcast is the IPv6 Big Dog, and is already rolling out IPv6 to test subscribers in Philadelphia of all places. And guess what? They plan to have a full, nationwide rollout by 2012. Now this is some serious info to open up a blog with, and we haven’t even talked about that IPv6 Whitelist that’s in the title yet!

Most of the time when people say something is definitely, certainly, absolutely black or white, no exceptions and no gray area, we think they can’t be right; they’re over-simplifying things and being really dramatic for affect, right? There’s just got to be a gray area to play around with, at least for a while, and with regards to IPv4 this has, in fact, been true for more than 10 years now.

But we’re running out of IPv4 fixes; things like NAT, etc. to keep our networks and applications running smoothly and things are getting more than a tad desperate. If you’ve read some of my past blog posts, you already know that the IANA is going to run out of addresses to handout to ISP’s by September, 2011 And you know that my personal stance on the matter is that all networks, applications and companies are already years behind where they should be in preparation for this great migration. The thing is, I’m just not a lone voice in the wilderness anymore.

Right now, those companies fully grasping the fact that IPv6 is what they’re going to require to power their businesses and remain competitive aren’t simply creating IPv6 networks and servers on the Internet, they’re also creating a “Whitelist” of customers who can access their web sites via the IPv6 routed protocol. So far, from what I can tell, the hardest driving companies leading this new Whitelist movement are: Google, Facebook, eBay, Yahoo, Comcast, Netflix, Microsoft, Wikipedia and Twitter. Doesn’t www.ipv6.netflix.com have a nice ring to it? (Yes, that’s really their new address!) Tell me you just didn’t try this link with your IPv4 network….of course you did…

So the burning question here is why do these companies need a “Whitelist”? Okay, that, and what happened to my invitation? Did it get stuck in my Junk mail filter again? Hmmm… To begin to answer that one, first, understand that IPv6 uses something called quad-A records (AAAA) instead of single A records like IPv4 queries. The DNS Whitelist for IPv6 would be used by content providers to pass quad-A records upstream to ISPs only if the user’s DNS resolver is in the Whitelist.

Okay, so back to my question on why these companies need a Whitelist… I mean, come on, if I get a /48 IPv6 address range from my ISP, why shouldn’t I just be able to use it? After all, this is a free country right? Well, most would say yes, but well, don’t you think that maybe, just maybe, this Whitelist could be used to maintain who accesses what, when, and where one can connect, as well as to control, monitor and log their access? It is definitely plausible, but of course Google, or anyone else wouldn’t go there, and Facebook would never ever really hold on to your deleted content or sell demographic info to mass marketing firms right?

Sort it out for yourself… Here’s what some content providers said when asked why they needed to create a DNS Whitelist of who can and cannot use their servers… I quote from Hurricane: “Without a whitelist to help sort out which customers can and cannot receive IPv6 content, web developers will inadvertently block too many customers from accessing their content.” And here’s a quote from eBay… When asked about their new IPv6 site, they said, “we need to take the precautions necessary to ensure our community has a safe experience on the site”. Google chimed in with: “This [Whitelist] is the easiest way we can provide IPv6 services without blocking customers with broken IPv6 links.”

Broken links? Safe experience? Blocking content? Let’s see… We haven’t even built the links yet, so how do they know that they can or will be blocked and/or broken? Of course we want them to be safe sites but then again, maybe Hurricane Electric wants control of all of your IPv6 data too. One does not necessarily preclude the next and let’s be honest, there’s some potentially serious coin and power there!

Plus, consider that Facebook, YouTube, Twitter, etc. has been gradually increasing our tolerance for less privacy at the cost of “connecting” by turning up the heat ever so slowly so that we’ve become accustomed to what we would’ve deemed totally invasive only a few years ago; accepting it as the “new normal” like proverbial slow-boiled frogs. You could say that I’m probably just being paranoid, but you would still have the Whitelist Dilemma” to deal with, cognitive dissonance and all.

With that said, what are we going to do about this Whitelist thing? Nothing, nada, zip, zero, zilch—not even a pathetic percentage of something—that’s what. Why? Because we haven’t just steadily grown accustomed to these services, we’ve grown so completely dependent upon using them that they’ve become actual verbs. Go ahead, see for yourself… see if you can get through one day around other people without hearing something like, “Oh, just google it and find out”, “email me” or “did you tweet back?”

No, we will not collectively go without YouTube, Search, Docs, Gmail, Twitter, News, and Maps in 2011, we will happily go along like lambs to the slaughter because they’re all free and what’s more, we’ve already cut over our corporate services to them. Uh-oh… Still think I’m being paranoid? Looks like you’re going to have to be on Google’s “Whitelist” after all! Wait, what? You thought that with Google, everything is free, fast, and large? Oh, right, as long as you’re in the Whitelist club so they know who you are, what you access and when—and then charge you for it…Oops… Scratch that. I meant, so they can verify that your networks aren’t screwed up somewhere, that you can access the content you’re really after, and that doing so will be a very pleasant, safe experience for you, indeed!

Let’s dive deeper for a second. Since these networks will be dual-stacked, at least for another 5-6 years, what’s the worst possible thing that can happen if an ISP has a broken IPv6 tunnel? You guessed it…nothing. Well, mostly nothing. Users will simply experience about a 30 to 60 second delay as the data is finally retuned using the IPv4 protocol. Admit it… If you’re at Google’s site and everything is delayed a minute, you will not like it one bit.  And if it happens a lot, you’ll most likely make some noise and complain.

This smoothly segues into another reason that strengthens the case for their Whitelist. “We’re doing this for you – to help ensure your networks are running optimally at peak performance… No more wasting time frustrated and waiting!”

To say this is controversial is laughably understated. How in the world (pun intended) will the ISP’s be able to maintain this list? I mean, the claim that there’s one link/tunnel/DNS record somewhere between you and them cannot be right because that would mean that you won’t gain access to their server until that link, etc. is fixed—and this is for your own good. Somehow. In fact, this is so important that the IETF, (group responsible for IPv6 and IPv4 protocols), is meeting specifically about this very same Whitelist.

Oh, and one last thought before this blog becomes a novella… The National Institute of Standards and Technology (NIST) will need to approve hardware and software products being developed and sold to government agencies by July 1^st 2010. YES—that would be July, as in a little less than three months from now, and there are around 150 RFC’s that must be refined and met before the NIST approves the lucky vendor.

Understand that this is no Y2K. It’s more like Brave New World meets 1984…

Cheers!

I just don’t usually go on and on and blog about the same subject three times because obsessing is something we should all avoid. I hate being bored and don’t want you to be either. Especially when it comes to talking about technology — you know I like to mix it up and keep it interesting, right? The thing is, lately it seems like everyone has been shooting me chatter about this subject and it would be wrong to ignore that. Plus, something new and cool has popped up that justifies a three-blog post. Actually, if things keep going the way they are with the IPv4 addressing scheme, I’m pretty sure I’ll need to shout out a part IV before the end of summer.

The last time I wrote about the IPv4 address-exhaustion issue we had about 10% left — maybe just under that — of all potential IPv4 addresses available for allocation to customers from the IANA, RIPE and the RIR.  Now we have less than 8%, and only twenty-two /8’s available, meaning that the clock is now majorly ticking. The new IPv4 allocation Doomsday is actually estimated to be as close as September 20th, 2011 — a mere 573 days from now!

Not to be Davey Downer, but what I’m getting at here is that the Doomsday date keeps getting moved up faster than Antarctica can ditch parts, which strongly suggests that we could all be hearing about it on CNN & BBC as early as late 2010! Don’t believe me? People, here’s this year’s first news story on the subject, published Jan 20th, 2010 as a release to the media by the Number Resource Organization:

“The Number Resource Organization (NRO), the official representative of the five Regional Internet Registries (RIRs) that oversee the allocation of all Internet number resources, announced today that less than 10% of available IPv4 addresses remain unallocated. This small pool of existing IP addresses marks a critical moment in IPv4 address exhaustion, ultimately impacting the future network operations of all businesses and organizations around the globe.* “This is a key milestone in the growth and development of the global Internet,” noted Axel Pawlik, Chairman of the NRO. “With less than 10 percent of the entire IPv4 address range still available for allocation to RIRs, it is vital that the Internet community take considered and determined action to ensure the global adoption of IPv6,”* said Mr Pawlik.

With so few IPv4 addresses remaining, APNIC and the NRO is urging all Internet stakeholders to take immediate action by planning for the necessary investments required to deploy IPv6.”

Oh wait, that’s not all… Here’s another upbeat little link quietly announced in January that probably totally passed you by unless you’ve been following this issue like a stalker. IANA, the organization that coordinates global IP addressing, allocated the previously unallocated and distinctive, 1.0.0.0/8 block to APNIC. Take a look at this nice little link BTW… Props for this Intel go out to Marcus, A.K.A. “Big Evil” on my forum, who is very cool and definitely not a stalker—Thanks bro!

So what’s up with that? Were the folks at IANA checking out my blog posts, which lead them to the epiphany, “oh my, we’d better stop holding out all these unallocated addresses, listen to Todd and give up that conspicuous 1.0.0.0/8 class-A block never before used in the public Internet?” Okay, I’m guessin’ a big no on that one, but it’s just really interesting to me… That big ol’ block just was heretofore just sitting there at the top of the list, “UNALLOCATED”—until now, that is! Why? Kind of rhetorical at this juncture because if this three blog series about our ugly IPv4 address-exhaustion problem hasn’t already made you wake up screaming, “I must begin deploying IPv6 products and services, and get some solid IPv6 training now”, then, well, nothing will. Yes of course you can just cover your eyes and hope all of this isn’t really happening, but if that’s you, it’s seriously time for you to start training in a different sector.

That’s it for this update except for one last thing… check out http://www.globalnettraining.com/ for some really sweet specials, and the best and only Todd Lammle Cisco Authorized training.

Cheers!
Todd Lammle

• ICND1 640-822
• ICND2 640-816
• CCNA Composite 640-802

In order to obtain your CCNA you can take and pass the ICND1 and ICND2 exams at $125 bucks a piece, or try your hand at the CCNA Composite 640-802 exam at $150.

This is the same approach Cisco has been using for years—you either take two relatively easier tests, or one super hard test.

I always recommend the one test approach because, well, no one, including Cisco, has proved that the two-test approach is actually easier. So why go there?

Anyway, since the new exam won´t be released for another month, this could all change very soon. But no worries—I´ll give you the dirt on all of this somewhere around August 1st, as soon as I get back from Networkers.

And, it´s also good to know that if you´re still are studying for the old exam(s), you haven´t wasted your time/effort/cash, because you get until November of 2007 to take them.

A really cool thing I like about the new exam is that it covers all the new cutting edge stuff—no more of that ISDN crap! Here´s a short list of the new technologies covered:

• Secure Device Manager
• Virtual Private Networks
• IPv6 (my favorite!)
• 2960 Switches
• Cisco Network Assistant
• Advanced EIGRP and OSPF
• Introduction to Wireless networks
• More security
• Lots of troubleshooting

Should be a hoot…

In the meantime, come on over to www.globalnettraining.com and get yourself signed up for the newest courses using the latest and greatest gear.

And, don´t forget to nick a copy of my latest CCNA Composite 640-802 Study guide from Sybex because it truly is, far and away, the best book I´ve written to date—I´m so happy with how this book turned out!

IP version 6 is poised to revolutionize networking. Here’s why you should care and what you need to do to get ready.

The odds are good that you’re aware Microsoft will soon release new server and host operating systems that will come loaded with the Internet Protocol version 6 (IPv6) stack pre-installed and ready to rock on your network. Did you know that IPv6 will be the default-routed protocol, though? Unless you uninstall it from your new servers and hosts, your network will be moving to IPv6. If it fails, your hosts will revert back to IPv4. [ Read the rest at RedmondMag.com ]