IPv6 Workshop ICANN Meeting San Juan, Puerto Rico Sunday 24 June 2007 >>LEO VEGODA: Hello, everyone. My name's Leo Vegoda. We're just fine-tuning the setup, because this is the first session of the meeting. We're going to delay the start for about five minutes or so just while the setup is fine-tuned. And then we'll begin. >>DARRYL HENRY: One -- yes, it's here. >>LEO VEGODA: Hello, everyone. Hello. I can't hear it through the speakers, but let's assume that it's working. Okay. My name's Leo Vegoda. And I'm going to be moderating this session today. We are hoping for three panelists, and I hope my third panelist is going to join us shortly. He seems to have been delayed in another session. Let me get going, though. There's going to be a transcript done of this session, so the idea of the session is that there will be content from the panelists and also from lots of participation from people who are present in the room, and also people who are participating remotely. If you come up to the microphone and want to speak, if you could speak slowly and clearly and state your name and affiliation, that will help get a nice, accurate transcript. Also, there's video for this session. We're being webcast. And the recording will be made available on the main meeting Web site as soon as possible after the meeting. There is remote participation through the remote participation Web site. You can ask questions. There's a chat room where there's a link to that on the meeting Web site. And there's the possibility to blog or comment about the session after the session, hopefully, rather than during. So our panel, Marty Hannigan, who has been delayed, Mehmet, to my far left, Darryl Henry, and me. Mehmet is ICANN's chief engineer, and he's been involved in deploying IPv6 on ICANN's network. ICANN runs an enterprise network rather than an ISP network. And Mehmet's quite when will known here in Puerto Rico because he was previously with NICPR. Darryl Henry, from Centennial de Puerto Rico is the director of customer solutions. And, of course, like most ISPs, will need to be deploying IPv6 in the next couple of years. So we have, hopefully, an interesting panel. And I think we're going to start by asking Mehmet if he's ready to kick us off. I'll just pass the projector thing across. >>DARRYL HENRY: As he gets set up there, you can see I'm very excited from the photo about IPv6. [ Laughter ] >>MEHMET AKCIN: All right. The mike okay? That's good, my mike is not working. I will try another one real quick. My name is Mehmet Akcin. I am the chief engineer in charge of I.T. operations for ICANN. I will today touch bases a little bit and very briefly about what we have achieved in a very short time at ICANN. So I want to talk about our hardware equipment that we are using at the moment that is doing all of our IPv6 work. Basically, we are using some Foundry Netiron equipment to do BGP with IPv6 and OSPF version 3 with IPv6. And this router is capable of doing some other works as well. Switches basically are doing just basic layer switching, nothing really fancy, nothing really complex. And the services that we are going to be running on IPv6 networks, which we are still on the test progress at the moment, and we will be completing those within a few days, within a few weeks, actually, and by October 2007, we will have our DNS servers, most Web-based services, like forums, ICANN, IANA Web site, blog, and, you know, we already have our public participation Web site, which is on IPv6 as a test bed. And we will continue growing the IPv6 services, as well as our web casts will be on an IPv6-reachable connectivity. So what kind of difficulties? In the last meeting, David Conrad from IANA has asked me a question about what type of difficulties I have faced with. And I wanted to outline those more clearly. In today's world of ISPs, it's quite tough to find reliable IPv6 connectivity. And we were able to achieve, after doing big research, we, at the moment, have a new AS number that we are running ICANN's services in a new location. While we were evaluating this location and services, one of our biggest requirements was to have native IPv6 connectivity from our transits. So at the moment, we have two transits -- three transits with IPv6, and two of them are active. Third one right now is being cross-connected. The biggest problem that we were internally faced with was the fact that we are trying to have a high available system for our services, which we are using load balancers in this scenario. And those load balancers, unfortunately, that are on the market are either in very early stages of supporting IPv6 or basically not supporting at all. And so there are, of course, some in the market, but there's nothing really that has proved itself as a very reliable IPv6-capable load balancers. I would like to give you guys a small snapshot of our network. We have two transits that are working right now. One of them is hurricane electric. They have native IPv6. And the other one is Global Crossing, which is another native IPv6 provider we are using. And we are able to peer with other networks in a facility in Los Angeles, with IPv6. And, basically, this is how you would be reaching to our internal services with following this network diagram. And as mentioned, as 40528 is 100% ready, multi homed, and ready to peer with 40-plus participants, and most services will be reachable with IPv6 before October 2007. Questions? That's it. I tried to keep it short, even though it was a really tough road to take and achieve. And I hope this is going to be enough, and I know Jordi is going to stand up and going to ask. Yes, Mr. IPv6. >>JORDI PALET: Yes -- I'm not sure if this mike is working. >>MEHMET AKCIN: I did it on purpose so you can't ask questions. [ Laughter ] >>JORDI PALET: Okay. It was off. Now it's okay. Jordi Palet. I'm not really sure what you said about the load balancer is correct. We have implemented in the last year about 200 ISPs worldwide, with IPv6, of course. And I have used at least four different vendors of load balancers with functionality. So maybe it was not implemented, the one that you have. But I really think there are many choices, not as many as for IPv4, but even there are some load balancers that don't have a good IPv6 support, but they do it by means of things like net PT with IPv4, and that works. >>MEHMET AKCIN: Or net translation. >>JORDI PALET: Yeah. Thank you. Any other questions? All right. >>LEO VEGODA: Actually, Mehmet, I'd like to ask a question that was put on the public participation Web site, if I just scroll down to it. The question was, enterprise firewalling in IPv6. And it was from someone who has a slightly smaller network than ICANN. The question was, I run a small enterprise network with about 80 infrastructure and user machines on it. I do not have native IPv6 connectivity, but some of the machines on the network can make use of TEREDO and other mechanisms. My firewall doesn't have IPv6 support. So how do I ensure the security of the network? Is that -- is that something that has been considered at ICANN? >>MEHMET AKCIN: Well, our hardware has firewall capabilities. So we can basically do all of our security in router level. And if I were to give a recommendation to the person who is asking the question online, I would say probably using I.P. tables server-wise, because I.P. tables, 6 basically is supporting very good protection. What we are doing is that we have three levels of security. And I believe we are protecting our service very well. I don't know if I answered the question. If not.... >>LEO VEGODA: So the question might be to get another machine and put I.P. tables on it, which is free? >>MEHMET AKCIN: Yes. >>LEO VEGODA: Oh, okay. All right. So it's buy a machine and put some free software on it. >>MEHMET AKCIN: Yep. >>LEO VEGODA: Okay. All right. Maybe if I can move on and introduce Darryl now and ask Darryl to speak briefly about Centennial and IPv6. >>DARRYL HENRY: Good afternoon. My name is Darryl Henry. I'm with Centennial DE Puerto Rico. We are one of the two larger carriers here in Puerto Rico. He actually said that we are an ISP. But we provide services to ISPs as well as broadband and wire -- broadband, wireless, and wire-line services throughout Puerto Rico and the Virgin Islands. A little background about Centennial. It's an American, U.S.-based company out of New Jersey. We have now deployed fiber throughout the entire island of Puerto Rico. We also have a wet loop from Puerto Rico to Miami via the Global Crossing, also with Arcos one and two, we provide Internet also to the University of -- Florida International University from Puerto Rico. So we are a major player here in the market where there was, for many years, a monopoly with telephony or with telephone services. There is still a lot of copper out there from our competitor, which is Puerto Rico Telephone Company. But at the same time, we are growing vastly within the market with Voice over IP as well as getting ready to go into WiMAX arena. When you talk about IPv6 that comes into play with my customers, who are growing their networks and needing more I.P. addresses. And right now, we're okay. But, again, within the next year, year and a half, we can see where that may be a big -- may have a big effect on our network and as well as providing services to our clients. And I am here -- actually, many of you may have seen me over the last two or three days, running around, helping with getting the network up and running, because we're providing the transport services as well as the land facilitation here for ICANN. It's a privilege to be a sponsor of ICANN so that we can find out what is actually going on in the industry as well as participating. So, again, I am here to kind of field questions about what may happen or what we're going to be running into when IPv6 rolls out. >>LEO VEGODA: Can I kick things off, then, with a question. One of the things you mentioned, of course, was that you're providing broadband connections to a large number of people. And a lot of broadband connections use relatively cheap customer premises equipment. And a lot of that customer premises equipment doesn't support IPv6 yet. What sort of financial impact do you see in implementing IPv6 when so much CPE needs to be replaced or upgraded and sometimes it's not easy to upgrade really cheap CPE. >>DARRYL HENRY: That's a very good question. Because right now, many of our customers are buying -- well, since we're moving to VOIP and also to metro Ethernet, a lot of the transport equipment that is going out, we're finding that the customer wants Centennial to pretty much provide the equipment because of their MRCs that they're going to be paying, so they figure that over the long haul, they will be able to grow their network at the same time as not putting too much of an investment. When you're talking about moving it to with IPv6, again, they're going to come back with Centennial coming in to not only provide equipment, but also software, all the solutions -- excuse me. And this is something that's going to be a major impact, because as a carrier, normally we look at the transport or the hardware equipment, where in this case, this is going to be something where we're going to have to go in and actually provide programs and software as well. >>LEO VEGODA: Mehmet? >>MEHMET AKCIN: while I have this opportunity, I really want to thank Darryl for his and his team's great support on getting this network up and supported all the time. As a part of ICANN technical team who's supporting the meeting, without them, it would be really impossible or hard, very hard to survive and connect the Internet, I guess. So thank you, Darryl. >>DARRYL HENRY: He's doing this because he wants to continue to call me at 4:00 in the morning to make sure -- [ Laughter ] >>MEHMET AKCIN: Yeah, yeah. >>LEO VEGODA: Maybe I could put the question out to participants here in the room in San Juan, or people who are watching remotely, and ask other people here who want to deploy IPv6 on networks and have questions that they would like to discuss here. Is that movement to ask a question or not? >> Yeah. >>MEHMET AKCIN: Come on, guys. Don't be shy. >>LEO VEGODA: If you could state your name and affiliation, that would be great. >> Stanford MINGS, NIC.VI. We are mostly a consultant. And I have a question that I can ask the panel and anyone else who is interested in answering. How can I explain to the mass public, to the general layperson, the benefits of IPv6? What can I tell them when they ask me that question, the methods. >>DARRYL HENRY: I might -- >>LEO VEGODA: No, no. Go ahead. >>DARRYL HENRY: On my side, basically -- and, again, this is -- that's a good question, because when -- on the carrier, all my customers are concerned with right now is being able to have enough addresses, which I talked about earlier. And for me to go in and just say, hey, I'm giving you more or being able to provide I.P. addresses, that is such a small part of what IPv6 can really offer. But for the most part, that is the only -- as a carrier, that is the only concern, pretty much, on the high level, from -- for Centennial right now. >>LEO VEGODA: So the concern is that you can get addresses, which is really -- really, it's not the address that's the selling point. It's the person or the service that the address connects that's the selling point. So the benefit of IPv6 isn't IPv6; the benefit of IPv6 is people or information or booking a cinema ticket on your cell phone or something like that. That's the benefit. So how do you productize that? And I'm sorry for verbifying that. >>DARRYL HENRY: For me, since we do provide wireless services as well, and with the PDAs and the handheld models out there, then I can push it as, you'll be able to make a faster connection with, like you said, make -- booking cinema tickets or to go to the theater. You would be able to make reservations faster, or you have the accessibility to reach out to different organizations and make connections. So I can sell more handheld models that will facilitate this type of service. >>WERNER STAUB: My name is Werner Staub, from CORE. I have just one experience with IPv6, which was just that I thought at some point that one of our TLD servers was down. And it turned out it was a bug in the IPv6 implementations of the tools that I used. And the TLD server was not down. But it appeared as if it was down. It doesn't matter what the technical explanation is, but it shows that by and large, there is a lack of commitment to IPv6. Lack of commitment very similar to the lack of commitment for, let's say, energy saving, climate, whatever. And in all these things, we know there is one convincing argument. Not what we can do for the good of address space and, you know, make sure that we have enough address space. The only argument that people will listen to is what it makes in the bottom line. That's what people have understood, for instance, when this was about ecology. Put in a tax. So maybe if it was about what's the purpose of IPv6, possibly people would understand it if IPv4 addresses were taxed at the rate of, say, one cent per address. It would be much more me. It would be probably enough, too, for ICANN and the RIRs to start worrying about the budget. >>LEO VEGODA: So if I can ask you a question now, are you -- at the moment when the IANA allocates a block of IPv4 address space to an RIR, there is no charge. Are you suggesting that you would like to see the IANA charging for address space and introducing -- well, productizing it, turning it into -- >>WERNER STAUB: Not at all. It is -- people have criticized, for instance, that carbon emissions are charged or even sold on exchanges and sold in auctions. That is not productizing it. That is sending out the clear signal that it is worth something, either in the sense that it is not done or it should not be squandered or in the sense that people should switch, they should switch away from it. So it is not a product. It is just simply a signal. And even if the -- in the beginning, the charge was nominal, at least people would fear that the charge might increase. That's probably a good idea. If they did fear that, then they would probably start worrying about switching over to IPv6. >>LEO VEGODA: Mehmet. >>MEHMET AKCIN: I just want to make a few comments about the question, previous friend asked. The question was, like, how can I promote this; right? Did I get that right? Like how can I go and make people understand and like that they need to deploy IPv6. So there are many good things IPv6 technically bringing on the table like you don't need to deal any more with NATs, you can have IPv6 addresses in all of your devices including your refrigerator, if it supports it. But there is a reality. We have 405 million sold in 2000, and more than 1 billion in 2003. And they are all Internet capable telephones. We have more than 1 billion cars in 2000 -- we will have more than 1 billion cars in 2010 with GPS capabilities of 20 to 25 person on the roads. And GPS is also a device that can be externally installed to a car. So this number can raise. So the point that I am trying to make, it's not that IPv6 is only technically better than IPv4. It's also we don't have enough IPv4 addresses technically, or mathematically, available in order to live in this world and continue living with the big emerging of China, Korea, Japan, India, Russia or such other countries to the Internet and to the community. Mr. Conrad. >>DAVID CONRAD: David Conrad, IANA general manager working for ICANN. I wanted to sort of amplify on what Mehmet has just said. Currently, the estimates for the exhaustion of the IPv4 free pool range from 2009 to 2025 depending on which random numbers you throw into your linear regressions. Regardless of those models, there will be a period where IPv4 cost -- the cost to actually obtain IPv4 address space to meet your customer requirements or to number your enterprise or to even get IP addresses within your home will begin to cost more than the ability to obtain IPv6 addresses and deploy the necessary infrastructure to run IPv6. When that crossover point occurs, you will begin to see a greater penetration of IPv6. Until that point, IPv6 simply doesn't provide sufficient benefit to most people. The people who are behind their -- their cable modems or their DSL modems will be able to gain access to their entertainment however they so desire, regardless of whether the transport is v4 or v6. So they don't actually care. When it matters is when they actually feel the pain of the inability to obtain the IPv4 address space. >>LEO VEGODA: I have a question or a comment to follow up on that. It's the financial burden is the issue. And there are -- there are financial burdens coming from two directions. There's the financial burden of increasing cost of maintaining IPv4, either through purchase and making sure you buy companies that have IPv4 address space or buying IPv4 address space on an open market if that happens, and then there's cost of implementing IPv6 on your network that currently only has IPv4. And there are costs involved in that. Even if, as Mehmet mentioned earlier, it's just a new machine and some free software, someone has got to go install and configure that software. And there's not just the one machine. There's all sorts of things that, indeed, to have IPv6 support in them. Monitoring and Triple A and all those little things that aren't the actual IPv6 service, but they are the supports to that IPv6 service. So I suppose there's a question of how much does it cost for a network to go and put this together and put it onto their network. And when and where is that tipping point? I can see that Sebastian is standing right by a microphone. So maybe you have a comment? >>SEBASTIAN BELLAGAMBA: Yes, thank you, Leo. Just two different comments. One is I will speak in English, even though there is translation, because I see that English persons are not carrying the headphones. So even though I am from a Spanish-speaking country, I will speak English, too. >>LEO VEGODA: Sorry. Sebastian Bellagamba I think we have to divide the consumption of IPv4 into different fields. One is we can speculate, and I mean it's -- we are technical community and we really like to speculate. But speculating sometimes is tricky. And when it's going to be deployed, the IPv4 pool, is a matter of speculation, as David pointed out. And if there is going to be or not an extra cost for IPv4 when that -- when the pool is going to become exhausted, it's a matter of speculation. But I would like to raise a point. In this continent there are two RIRs acting. One is ARIN which is in Puerto Rico in the ARIN region and LACNIC in the rest of Latin America and the Caribbean. And both of them in the last 30 days or something, both boards have sent a message to the community saying we don't know, we are not going to speculate, but we are not certain that in a couple of years we are going to be able to provide IPv4 space to you. So people start the transition to v6. I think it's a clear message, and I think it is important. Because it's not about the speculation. It's about something certain. That is, it's going to be deployed, the v4 pool, sometime in future. So if we do things, the right things now, we are going to save a lot of headaches for ourselves. That's it. >>JORDI PALET: In fact, something to reinforce what Sebastian just said, one of my message that I do when I do IPv6 trainings -- I do trainings for several RIRs and other communities -- is IPv6 -- deploying IPv6 is not costly, but it's not costly if you plan ahead. If you want to do it overnight, anything you do overnight costs a lot. So the message should be, okay, we don't want to speculate. We don't know if it will be needed in two years or just one or three. But as soon as you start as cheaper, it's going to be, or even almost zero cost because maybe the equipment that you are right now thinking of purchasing in two years will already for sure have a good IPv6 implementation. Probably it's already available now in the equipment in your network if it's not older than two or three years, but planning ahead is the key. >>DARRYL HENRY: I have a question for you, Jordi. You say right now you have over 200 networks that you have put in place? >>JORDI PALET: We have, in the last year, only in one year we have deployed some IPv6, not necessarily commercial deployment but at least some pilots, in about 200 ISPs. This is not including what we have been doing in the last three or four previous years. >>DARRYL HENRY: And what is the average cost for each of these at this point? >>JORDI PALET: It's very difficult to say, because again, the problem is how much you are planning ahead. If your equipment typically in a backbone network is not older than two or three years, that means probably you don't need to do anything at the backbone level. But, in any case, today, one of the bigger costs, if you want to do full IPv6 native deployment will be the replacement of the CPEs. However, I don't see right now the need for doing so. There are transition mechanisms, either if you provide public IPv4 addresses or private IPv4 addresses to your customers to do it without any operational cost, for example, 6-to-4 or Teredo. There are other ways. And I don't really think there is an immediate need for going into a full native deployment, unless you want to for that cost. My view on this is what is going to happen is, when you replace the CPEs let's say in the next two years to provide more bandwidth, then those CPEs will have already native support and then you will get it without investing on IPv6 itself just because you are updating the technology. >>DARRYL HENRY: We are using right now IPv4 in ICANN, and if we change over or upgrade to IPv6 right now, what advantages would the users have here at the ICANN meeting? >>JORDI PALET: Well, for example, I only use IPv6. So right now, I just have my own tunnel. I would prefer to have native IPv6 connectivity somehow. It's difficult to say there will be real advantages. Probably none really visible. But I think it's something that it's nice to have. And as much as we run IPv6 in our networks, as easier, we will discover if there are any problems. One of the things that people complain is that when they deploy dual stack in Web servers, sometimes they are not reachable. I have not seen that. So I want to see as many people as possible using IPv6 to realize if that's happening, why. So I think as much as we do, and especially in communities like this, really doing IPv6 deployment, as healthy it will be the status of the networks that we deploy in the future with IPv6. >>LEO VEGODA: Jordi, can I ask you a question? Because you have worked with 200 networks in deploying IPv6 over the last year or so, you must have done the same sort of thing quite often. And I'm sure that you have a template that you work to. Do you have a template that you have published on these are the things that you need to check off when you are planning to deploy IPv6 on your network? >>JORDI PALET: You mean a step-by-step check on what you have and what you need to do or something like that? >>LEO VEGODA: Yeah. Not -- Not a custom plan, but a very generic plan that you go through with one of your customers when you sit down with them for the first time. >>JORDI PALET: Yeah. Basically, the steps are first go to the RIR to get your prefix. Second, make an inventory of the equipment that you have in the network and the firmware versions of that equipment to understand if you need to upgrade anything. The inventory includes the firmware versions as well as memory capacity; for example, flash or fixed memory or whatever. Then -- Well, that inventory includes not just the routing equipment. It includes also the firewalls, for example, as it was mentioned before. And then make a decision about depending on what is the status of this inventory, can you go to a full deployment or do you have any problems or do you go only for the transit or only for the core or you go for some part of the access? Sometimes, for example, it's very common that the CPE is provided to enterprise customers, even if the link and the network is the same for residential enterprise customers. For example, DSL. Many providers give or provide DSL service to enterprise and to residential customers, and the links are exactly the same, and the only different thing is the CPE. The CPE for enterprise is typically fiscal model 800-37-3 or something hike that be, and that means that one has already IPv6 support. So you can decide okay, let's go to provide IPv6 support native to our enterprise customers, but only a transition to all residential customers. That's fine. It's a good step. Then one thing that we typically do is try to deploy some on-site -- I mean on the ISP network, or sometimes in the different POPs, transition services like 6-to-4 relays or other relays. Actually I just started in the AfriNIC IPv6 discussion and also the LACNIC IPv6 task force a small kind of tutorial to tell people how to deploy in different platforms both 6-to-4 and Teredo relays. One other thing that obviously needs to be done when you do this exercise is check in with your existing upstream providers if they can provide either native IPv6 connectivity or manually configured tunnels. If this is not possible, you make the request so they are sure that when you make the request or they are sure that when you renew the contract they will get the support, or otherwise you may choose a different provider. That's easy. And in case they cannot support neither native or manually configured tunnel, then we typically follow the chain. So we go to the upstream of your upstream to see if they can provide the service. And typically that's feasible. If not, we have even networks that provide free IPv6 transit in those cases that you cannot get the service from your existing providers right now. So that's it. That's not even a problem rate now. What is true also is at the moment, most of the people providing IPv6 services is not providing the same SLAs as in IPv4. But I think that's a matter of maturity and it takes time. I don't think it's a big issue but normally the equipment running the IPv4 network is the same as the IPv6 network. So it means that if the SLAs are working for IPv4, even if they are not committed for IPv6, in reality, they are the same. >>LEO VEGODA: I have a general question, then, following up on that, with the SLA issue. Presumably, people don't offer the same SLA because they expect more problems, or they expect the cost of solving a problem to be higher. So maybe, Mehmet, is -- have you seen a difference in the number of problems with IPv4 and IPv6 on the ICANN network? Or have you not really seen any difference between the two? >>MEHMET AKCIN: Well, when you are troubleshooting, if you don't use DNS it's very hard to memorize the IP numbers. That's one, that's a difficulty. But that's why we have DNS; right? But that's basically, to be honest with you, that's the only difficulty I could notice. Yes, there are some applications or some protocols that are not supported yet. But there is always work-arounds. There is always a way to get there. There are some firewalls in the router level that doesn't support, which is not surprising because they are like ten years old routers. But we are certainly not using them. So that's not something we should worry. And I believe the biggest part of the IPv6 deployment, the most important part, is that it's not necessarily going to be faster to connect the Internet. It's not going to be necessarily better connectivity, because not everybody is supporting -- while everybody is supporting IPv4, not everybody is supporting IPv6. This is one of the difficulties we had. Like if someone has IPv6 enabled network and trying to reach us, let's say by SSH, a basic example, in Mac SSH will try to connect first as a default with IPv6. And therefore, if you don't have IPv6 network as smooth and as fast as IPv4 network, you will definitely be faced with problems such as latency, and maybe you will need to configure some extra things. But it's been improved. At the moment, we can't really say all the IPv6 networks run faster than IPv4. Definitely, they are more secure IPsec end-to-end. >>LEO VEGODA: Okay. I see there are two people queuing at the microphones. >>NIGEL CASSIMIRE: Thank you. My name is Nigel Cassimire, I'm a representative of the Caribbean telecommunications union. And I'm a bit of a novice at this -- this whole IPv6, at least from a technical point of view. I mean, I understand that, you know, it's a bigger addressing scheme than the old IPv4. You need more addressing space and that sort of thing. But in coming to this tutorial today, I had some -- I guess some hopes that I would get some sort of questions answered. For example, I would like to understand what really is the impact of making the change on carriers, on corporate networks and on individual Internet users. For example, who would have to change what equipment? Would I have to change my PC for example if my ISP changed to IPv6 as opposed to IPv4? Stuff like that. And also, whether -- Are there any technical advantages of v6 or v4 at this time or maybe in the future? Are there advantages that would impact on the customer now, the end-user customer now, or is it more a carrier-associated sort of concern? And I'm getting snatches from some of the questions that are coming out. But it would help me if I could walk out of here knowing, okay, well for people to change to IPv6, they would have to change -- I don't know -- routers, switches, PCs, that sort of thing. And what proportion of today's hardware can handle the IPv6? And the sort of experiences people are having in that respect. Thank you. >>LEO VEGODA: Mehmet, is that something you would like to.... >>MEHMET AKCIN: Yeah. One of the questions that was actually, I guess, sort of answered when I gave my previous answer, which was that what is the real impact right now. Yes, there are some real impacts if you deploy IPv6, like net. Net is a technology that we are using these days, everybody mostly in the home where you have more than one computer. And that's a really painful type of technology that we have to deal with because of the translation, and what is going to happen if we had IPv6 right now? We had enough IP address space to give inter- -- direct regional IP addresses to each computer of you. So for your rules, for your firewalls, you will be able to make them connect to the servers directly. That would be the quickest impact I could see for end users, as well as every device that you would like to give IPv6 space, you will be able to give IPs. And what other impact? Let's talk about mobility. Like you can't always move ISP. It's like having a cell phone right now, and if you change your provider, you can keep it; right? If you change your country, you can keep it. IPv6 is like that, too. So you are mobile with your address, no matter what, where you are. Would you like to add anything? >>LEO VEGODA: Darryl, when you are looking at putting IPv6 on your network, are you looking at replacing large parts of the network or are you not worried about that? And it's more in the way of a routine upgrade than a major operational stretch. >>DARRYL HENRY: As Jordi mentioned earlier, on the backbone portion -- again, since we are doing a lot of different things now, there is not a lot of concern, I think, with restructuring the core network. It's more so making sure we have everything available for our end users, what equipment, how they are going to be affected. And something else I learned today is he was telling us that there's not a major change in their equipment either. So what is it -- not so much the benefits but what is it that we are actually going to have to look at? Is it transparent to the user, the end user, or is it something where on my side we are going to have to make the changes? >>JORDI PALET: Actually, it must be transparent to end user. Much of the platforms, and somehow replying to the previous question, most of the platforms we have today in the market, customer platforms operating systems like Windows, Mac OS, Linux, DSD, all of them support IPv6 since three, four years ago. Solaris. It's true that a few of them, but actually the one which is the majority in the market which is Windows XP, don't come with IPv6 enabled by default. Windows Vista comes with IPv6 enabled by default. And I read an article four days ago that since Vista has been released it has been noticed an 18 percent usage of IPv6. And this is a measurement I was already doing by my own, but somebody else is doing and confirmed my suspicions. So that's meaning it's true that because we have one of the major platforms in the market which had IPv6 enabled by default, we are looking at a big change. And that's possible because for end users, it's transparent because they have the transition mechanism, like 6-to-4, Teredo, that work without doing anything. So the point is the ISPs can help on that deployment even if they don't do a complete deployment on their network by having transition mechanisms in their own network. Like a 6-to-4 relay or Teredo relay. And at the same time that provides more availability to the users because they, instead of using relays outside of their own ISP network, and that means also additional bandwidth from your upstreams, they keep the traffic as much local as possible. So you don't need to go to use a 6-to-4 relay to Europe or to North America. The relay is already here in Puerto Rico, for example. So that's the reason I mentioned before I am doing those tutorial in those mailing lists. The other point I wanted to mention is about the different delay between IPv4 and IPv6 networks. I think it has been clear since the last couple of years that the performance in terms of delay between IPv4 and IPv6, it's almost insignificant and even sometimes it happens that you have less delay with IPv6 because they have manual configured tunnels or something like that and then you are doing less hops. It's not -- it should not be like that, okay. It should be about the same. Maybe two or three milliseconds less or more. But that's not significant. The basic problem I see is, sometimes people decide to deploy quad A records, so it means IPv6 addresses in the DNS, without having a stable IPv6 connectivity. That's grown. Because if you do that, what happens is that the users, by default, the way the transition has been designed, will first try IPv6. And if you have a DNS IPv6 record, and you don't have IPv6 connectivity on that Web server, it will time out. So that's the problem Mehmet mentioned when somebody's trying SSH and you are trying IPv6 by default. It's normal. It's like if you decide to put an IPv4 address in your Web server and you don't have good IPv4 connectivity, right, it will fail. It's exactly the same. There's nothing different. And on the other side, network administrators will deploy IPv6 in their networks, will try to use IPv6, and they don't have a good connectivity which IPv6 to (inaudible). So then the transition mechanisms don't work, because my computer will believe, oh, I have native IPv6 connectivity, so let's try it, and that connectivity is broken. So the worst thing that we can do is trying to deploy IPv6 in the enterprise networks or the services without having a stable connectivity. In that case, it's better you don't do it. In fact, there is not any advantage having IPv6 connectivity in a Web server today. So if you want to do it, do it well, not do it, let's say, incorrectly. Because you are not offering a better service; you are -- okay, it's nice to have, and I am very glad to hear that in October everything in ICANN will be with IPv6. But that's possible because they have done a good job in deploying it and they are not just going to do it overnight and then get the complaints. I think that's the right thing to do, not just trying without really knowing what you are doing. >>LEO VEGODA: David. >>DAVID CONRAD: David Conrad. Part of the challenge that we face right now is, we're in the middle of a transition period. And some of the things that Jordi just mentioned and Mehmet touched on have resulted in the situation where say you're a very large ISP, and you have customers who are starting to deploy technologies like Mac OS X or Windows Vista that natively support IPv6, there are situations in which a customer will attempt to reach a Web site, get back an indication that the Web site is reachable via V6, but be unable to connect to that Web site or have significant slowdowns and assume that there's something wrong with the Internet connection, and therefore call customer service, and in many of the large ISPs, any call to customer service is something that you avoid at all costs. The problem is sort of indicative of a chicken and egg problem that exists with IPv6. Pragmatically speaking, you have the challenge that, you know, a large content provider doesn't really see the need to deploy V6 because no one's trying to connect to them via V6. At the same time, the customers aren't interested in V6 because there's no content available for them for V6. Again, I suspect that this chicken and egg problem will be most likely addressed by the fact that V4 will soon become more costly to obtain, either in terms of bureaucratic requirements to meet or in terms of actual costs when there's no more free pool available from the RIRs or the ISPs that use those RIRs. At that point, you're probably going to see an increased emphasis on breaking the chicken and egg problem, and most likely, there will probably be -- or hopefully, there will be policies that encourage breaking the chicken and egg problem from one end or the other. >>LEO VEGODA: So maybe this would be a good time to ask for some in-the-room participation. There is an issue of customers who need to call technical support or customer service or something like that because they try to do something that they did yesterday, and it doesn't work. And they can't work out what happened because they didn't do anything. So are people in the room who run networks, are they worried that they're going to get an increase in demand for technical support during this transition? And is that likely to cause some impact on their revenue? And someone is coming to the microphone. >> Hello. My name is (saying name). I work for SIDN, the dot NL registry. Yes, you will see -- you will need much more support once you are going to introduce IPv6. As an example, we changed our registry system last year where we also included IPv6 support. We had a DNS checker that started to check for quad A records and IPv6 connectivity for the first time. And suddenly it seemed that all those people that were doing something with IPv6 couldn't configure their name servers correctly. So when we started to check on that and we did not allow them to use the faulty IPv6 records in their DNS, they started to call us and say, "Hey, why is this? How should I configure it?" So that's only with the domain names. It's not even the network itself. People don't understand it yet, but are going to implement it anyway. >>LEO VEGODA: So these are the people who were registering domain names in your system, so they were ISPs or end users? >> They were ISPs, registrars. >>LEO VEGODA: So you were getting technical support calls from ISPs in the Netherlands? >> Yes. Saying, "How should I configure my DNS with IPv6?" >>LEO VEGODA: Okay. If the ISPs are calling for technical support, then -- >> And mostly, of course, it's also small hosting companies that want to do this for fun, but.... >>LEO VEGODA: Okay. Mehmet, you wanted to make a comment? >>MEHMET AKCIN: I wanted to make a comment and actually reference something, if you don't mind, a document that was prepared by RTI international for -- national institute of standards and technology, for U.S. Department of Commerce. If I can connect this, it would be better. So in this document, there's a great part. And the question that was asked, I'm still trying to answer that question, because I remember actually seeing this document before. So are you able to read this document? This part where it actually shows -- okay. This is a research that was done for U.S. Department of Commerce. And this is for what is expected to be spent for deploying -- or, basically, summary of transaction costs from IPv4 to V6. If you look at the costs, that's, like, billion dollars, well, millions, it's almost $23 billion at the level of users. So if you look at the infrastructure vendors, because they're -- the question was actually asking what the routers need to change, what the infrastructure change needs to be done. So infrastructure vendors and application vendors. And ISPs actually are not the biggest holding issue. The real -- I don't want -- I see a feedback. I hear a feedback. I'm sorry. I can't actually see it. Well, the biggest cost is users. Why? Because not only you have Windows XP or Mac OS X supporting IPv6 will solve all the problems, but the devices, the network devices in your home, you will most likely need to have new ones. That's the biggest cost that's holding it back. But is it really holding? Not really. If you read this document, which you can read this document by going to any search engine and writing IPv6 hardware impact, and that's what appears first. And this is the link. If you want to read. You will be able to see the details of that actually that big cost is not holding anyone back. And there are many IPv6 tunnels free that you can go around and sign up for free. You can start playing around. You can start being in the future. Because IPv6 is the future. It's near. We are there. I'm glad to be able to stand up and today actually say that we are there as ICANN. And please feel free to ask any questions that you have that we may be able to talk more technically. I don't want to get into too much technical details of how to set this up, how to set that up. ACL transition from IPv4 to IPv6, which took a lot of hours for us to figure out what we did. And I'm more than happy to help anybody who's basically asking for help on that. >>LEO VEGODA: That's a really good link. And if you could post that on the Web page -- >>MEHMET AKCIN: Sure. >>LEO VEGODA: -- for this session, that would be fantastic. There was a question that came in on the chat room from Chris Sief [phonetic], who wanted to know whether hardware like routers and managed switches could be made IPv6 compatible by a firmware upgrade or whether it's IPv6 hardware-dependent in any way. And I'm guessing from that document that you just showed us that the cost isn't really associated with the routers and managed switches, that an enterprise or ISP network is going to be running. The cost is elsewhere. So the cost is CPE, and the cost is support. >>MEHMET AKCIN: That's absolutely correct. And also other things, such as, like, your home router, your home network device. And, of course, we should also look at some researches that are still saying there are more than 30 million Windows 98 users out there that we don't, unfortunately, have IPv6 support. And this number is not, like -- yes, it is going lower and lower every day. But there will be always people who will need to purchase new hardware because their hardware doesn't support IPv6-capable software at the moment. And some governments are taking very great actions and moving towards that, such as Japan government, it's one of the requirements tore IPv6-compatible. U.S. government, today, if you like to do any business with them, you must have IPv6 capability. And they are assuming to be IPv6-ready by 2008, which is great. And I am sure there are many, many other governments which Jordi may point out if we are forgetting anything that are pushing IPv6, supporting IPv6, because they know it's the future and we are there. >>LEO VEGODA: So with this cost coming down to end users, to customers, how does that impact the business plans of enterprises and providers when they're looking at IPv6 support? Does that change the way that an ISP needs to charge its customers? Does it need to change the way it offers Internet products or services, to charge in a different way? Or is this a one-off cost where an ISP is going to just take a chunk out of its profits and put it aside and say, "That's for IPv6"? >>JORDI PALET: One question I forgot to say before is when I was talking about the different operating systems, I was referring mainly to pieces. But there are also other devices, like cellular phones, PDAs, and other that also have IPv6 for years. And there are many low-cost CPEs that are running Linux or open source operating systems. And there are very good support of IPv6 for those devices also. That's somehow also answering the question about the cost of moving to IPv6. I think the question of the cost is not really that much a hardware cost, in general, but it's true also that if you have a router that is doing IPv4 hardware forwarding, then you may need to replace the forwarding cards to support IPv6, okay? So sometimes there is an associated hardware cost, but it's typically only on the big networks, the big routers. Regarding today -- to the last question from Leo, I really think it's not smart for the ISPs to start charging for offering IPv6 services. I see it on the other way around. I see it more as a new business opportunity in the sense that if you are offering with IPv4 just access -- because, typically, this is the major business for most of the ISPs today -- one of the reasons you cannot offer more services is because the customers don't have addresses to address those services. Okay? Let me try to explain in another context. In Europe, typically, if you subscribe to an ISP, you pay for your monthly fee and then you get maybe one dynamic IPv4 address. And then if you want a static IPv4 addresses, you pay, I don't know, 12 Euros per month for each of these IPv4 addresses. I did an interview to the bigger ISPs in Spain, actually, four big ISPs. They have in total something like 6 million users with broadband. And I asked them how many of those IPv4 addresses are there selling actually. And the answer was, among the four ISPs, only hundred of customers buying those addresses. So, actually, selling 100 IPv4 addresses every month is not really a business. They are not doing any business with that, because probably the cost of maintaining the provision of that service is probably higher than hundred of users using those static IPv4 addresses. Now, if we go to the satellite services, for satellite TV, in Europe, typically, you have a service that you pay, I don't know, about ten or 15 Euros per month for satellite TV, satellite service, and you get a small number of channels. But, typically, most of the people is paying for a bigger package, maybe 40, 50 Euros per month, and getting most of the services, most of the channels. My view is that in the ISP business, which IPv6 is going to happen something similarly, if you get, instead of IPv4, IPv6 addresses and you have as many addresses as you need, and probably more than what you are going to use, that means it's much, much easier to deploy new services. And deploying new services, for example, in my home, I have IPv6 cameras, I have home automation with IPv6. I can turn on or off my lights, open my windows, feed my dogs, things like that, and I can see that live, it's real iPv6 connectivity through my IPv6 cameras. If I am an ISP and I start deploying these type of services, I am going to get customers paying for those services. I am not going to ask the customers to pay for the addresses, because maybe some of the customers will not want those services. But if I have those addresses, I am able to make new packages in addition to the access service. And that's where the business is going to come. That's, again, my view. I am really convinced that that's the way. And the example of the satellite TV is a similar one. So most of the people will be able instead of paying 12 to 5 Euros a month for access, give me a better package, I pay more, but I have surveillance of my home. And I think that's going to provide the income. There is another important thing here, and that is, most of the people are understanding that when we are deploying IPv6, we are breaking IPv4. And that's the reason why I am trying to tell the people as much as possible, we are not talking about migration, because migration typically gets the idea of we are breaking something. So what I am meaning here is, we do a transition in coexistence between IPv4 and IPv6. And that means the existing services with IPv6 don't get broken. So we still have this 30 million of users with Windows 98 -- by the way, there is a stack for Windows 98 with IPv6. But I know, most of the people will not set up it. But those users still can make usage of the existing contents on the Internet. And in the next two or three years, when we are exhausting IPv4 and we slow down using IPv4 services and we start deploying maybe some IPv6-only services, these users, probably in these two or three years will be coming using new hardware and updated op! erating system supporting IPv6. So maybe that's part of the business also. Because the ISPs will be able to deliver directly or through other companies new hardware for these users that have very, very old systems. So, again, it's another way to see how business may come. >>LEO VEGODA: Okay. So IPv6 can help by bundling. You can go and sell multiple products down the same line, sort of like with TriplePlay, where you buy telephone and TV and Internet and whatever else. And it's a similar kind of thing. And someone's going to sell some fancy new service over I.P. And that will be the draw. We're running up towards the end of the session. And we've got one other question that was asked from Albert Daniels, who's the ccTLD manager for .LC, which is St. Lucia. And he wanted to know, there are a number of ccTLD managers in attendance at this ICANN meeting. Are there any specific guidance for ccTLD managers regarding actions that they should be taking now in preparation for deploying IPv6? So if there's someone from a ccTLD in the room who would like to comment on that, that would be most welcome. Anyone from a ccTLD that wants to comment? Anyone else? >>MEHMET AKCIN: Last year today, I could say I was. >>LEO VEGODA: Well,.... Maybe, Mehmet, maybe you would like to comment? >>MEHMET AKCIN: Well, just like I don't see any difference being part of a ccTLD network or any network, it's just technology is coming, technology is there. I believe the best thing to do is just getting ready -- I mean, DNS servers are already supporting IPv6. So most of the server environments are -- I mean, all the server environments I know support IPv6. So one of the approaches we took last year when I was part of the .PR team was to bring up IPv6 addresses. And did this bring us any positive impact? Yes, because we were able to give a message to local community as a technology leader, saying that the technology is there and we are ready for it. And most of the ccTLDs -- you said St. Lucia; right? >>LEO VEGODA: Yeah. >>MEHMET AKCIN: So most of the smaller countries, when they do approaches like that, they are actually giving a message to the community of their own, saying that we know the technology. We acknowledge it. And we deploy it. So if, technically, there is any help needed, I'm sure search engines, ourselves, and any other people in this room, like Jordi or like yourself, would be more than happy to help them technically, or technically. >>LEO VEGODA: Peter. >> Peter KOCH: My name is Peter KOCH. I work for DENIC. And I'm also the co-chair of the IETF DNSOP operations working group. I would like to talk to those colleagues asking for advice on V6 or on hints or on technical hints, there are a couple of IETF RFCs out talking about V6-related DNS issues. There's also one RFC -- or, sorry, one Internet draft in the DNSOP working group right now which is dealing with response sizes. So this is one technical issue that might be interesting and could need some more attention and even some review of the draft, that is, when you're talking about quad A glu records. So if not only the ccTLD registry -- or that's not ccTLD-specific -- if not only the registry supports V6 by making the TLD DNS information available in V6 available servers, but also wants to enable the customers, the registrants, to supply information via V6, and wants to add quad A glu records, there are some issues to be considered when it comes to size of the delegation responses and so on and so forth. I'm explicitly not trying to scare away anybody. It's just that some issues come up, the devil is always in the detail. And here is a very small devil, a really small one. So there is a couple of documents available, and any more review or comment is most welcome. >>LEO VEGODA: Can I ask you a vaguely nontechnical question. One thing we heard earlier on from the Netherlands is that some of the ISPs and hosting companies that were registering domains needed some technical support and handholding for IPv6. Is this something that you have found as well? And do ccTLDs need to provide IPv6 training to their customers, their registrars? >> Peter KOCH: I'm sorry. I could not possibly comment. I'm not aware of any such inquiries. But that doesn't mean they don't come up. Just that I'm not aware of them. >>LEO VEGODA: And is ccTLD -- is IPv6 training something that DENIC provides? >> Peter KOCH: Not explicit IPv6 training. But we do registrar in our case member trainings. And V6 and DNS is -- or the DNS-relevant parts of V6 are taught in there as well. >>LEO VEGODA: So it's incrementally put into your material in the same way that you can incrementally upgrade a network? >>PETER KOCH: More or less, yes. I'm happy to do some homework, and if anybody has any questions on what we're actually doing there, please contact me, and I'll try to forward information that we have available. >>LEO VEGODA: Okay. We're coming towards the end of the session. If I could just grab that lead and the cable. >>DARRYL HENRY: You actually hit the nail on the head for me with telling me bundling as a solution more so than going out, trying to explain to my users, "Here's additional addresses," whereas, "Here's opportunity to have more tools available to you," or more services in my arena, we would say. That is a key point. >>JORDI PALET: Actually, users don't understand about I.P. at all. And they should not. So trying to explain to the users about I.P., it's like talking about something that -- it's not able to reach them. >>DARRYL HENRY: Right. >>JORDI PALET: They will reach IPv6 in the sense that sometimes now with IPv4 they need to manually configure things and IPv6 maybe is not needed most of the time. So it's going to be easier. There are even some features for the ISPs like DHCP IPv6 prefix delegation that make you make the deployment of broadband easier, which IPv6 done with IPv4. I have been in situations where we have deployed, for example, power line networks, which was a new deployment. And it was easier, actually, to deploy before using IPv6 than on the other way around, because when you put the boxes, the CPEs, and the CPEs are already in a stack with the DHCP IPv6 prefix delegation. They get automatically configured. And then you use TELNET or SNMP or whatever to do the manually configuration of IPv4. So there is one more interesting thing here is, when we have been talking about the cost of IPv6, I forget something which -- regarding to the support I think is very important is, the cost of supporting NAT. People don't realize that NAT, it's also big cost in terms of support. So we are somehow replacing the cost of supporting NAT by the cost of supporting initially V6. And that's something in the short term and not forever. So that will also change the view. I remember in a NANOG meeting, I think it was two years and a half in Los Angeles, where American man said in the microphone, "Hey, we realized the importance of the cost of NAT when we discovered that one support call of a user to run an application because of NAT problems or whatever cost us the entire profit of the customer for one year," just one call. While if we need to redirect this call to a second line of support, it cost us the entire profit of the life of the customer. >>DARRYL HENRY: Yes. >>LEO VEGODA: Okay. I'm -- I was hoping to go and put a slide up on the thing, but I seem to have a small technical problem. I will read it out. We're coming towards -- in fact, we've run over a little bit. So I need to draw things to a close. I think we've had quite a useful session here. We've seen that most of the work can be done incrementally. And although there are some increased costs, there's a possibility to recover those costs through adding new products that will actually benefit customers rather than just gouging them for cash, which is quite nice. So I'm going to call this session to a close and just thank our panel, Mehmet Akcin from ICANN, and Darryl Henry, from Centennial. I got a message from Marty Hannigan. Unfortunately, he's had some plane chaos, and that's why he's unfortunately not been able to join us this afternoon. There is a session which may be of interest to people who've enjoyed this session. Later on in the week, there's an ASO information session. That's the addressing supporting organization. Wednesday morning, 10:30 until midday in flamingo C. And that's it. Thank you very much for attending both in person and through the Web chat. And thank you very much to our stenographers and translators. [ Applause ]