enterprise IPv6 only client computers and IPv4 connectivity

Benedikt Stockebrand me at benedikt-stockebrand.de
Thu May 2 14:19:01 CEST 2013 

Hi Mikael and list,

> If an enterprise today would decide that they're going to run IPv6
> only on their LAN, they would have recent Win7|Win8|OSX|Ubuntu clients
> on their client computers, what mechanism would they use to access
> IPv4 Internet?

that heavily depends on the kind of setup in the enterprise.  

In what I consider a "normal" enterprise, as opposed to the ISP,
hosting/housing data center or similar environment a lot of people on
this list work in, you should have a fairly high client/server ratio
and some firewall protection of your internal networks.  In that case,
consider this approach:

- Make the servers dual-stacked; and if they don't have their own
  subnets yet, move them there.  This shouldn't be too much of a
  hassle if the number of servers is reasonably small compared to the
  number of clients.

- Make the firewall you are using dual-stacked.  The application level
  gateways should serve as a proxy with minimal hassle; if they don't
  replace the firewall (and face the discussions with management).

- Now take care of the clients: With a bit of luck, most of them
  should be able to do their job being single-stacked.  Separate the
  IPv4-only clients into dedicated subnets.  Same for the IPv6-only
  clients.

- Now deal with the difficult cases: Dual-stacked clients.  In some
  cases, their number will be insignificant enough that the easiest
  way is to run them in a dual-stacked subnet until they eventually
  die anyway.

- If you have some minor IPv4-dependent application a lot of people
  occasionally use, consider using a terminal server (Citrix or such,
  not Cyclades etc.) to run that application in.

- If you still find that the majority of clients needs to be
  dual-stacked, that usually means it's either time to do a major
  overhaul of the entire environment or provide the list with some
  more detail of your particular situation.

- Continuously move clients from the dual-stacked subnets whenever
  possible.  If you need to convince management about putting
  resources into that, talk about service level agreements and
  availability improving in a single-stacked subnet, or the extra cost
  of providing dual-stacked connectivity.  (Sorry, but talking to
  management is actually part of the job.)

There's more to this, and a lot of work relates to the details of the
particular environment, but as a general outline this should set you
on the right tracks.

Obviously this won't be any good in an environment where the majority
of devices need and have direct Internet connectivity.  On this list
you will find that a lot of people work in these sorts of "abnormal"
environments, but effectively that means that the approaches and tools
they use are ill-fitting for a "normal" (for normal definitions of
"normal") environment.


Cheers,

    Benedikt

-- 
			 Business Grade IPv6
		    Consulting, Training, Projects

Benedikt Stockebrand, Dipl.-Inform.   http://www.benedikt-stockebrand.de/

More information about the ipv6-ops mailing list