The Lone Sysadmin

In the world of system administration there aren’t too many things that are black & white. Everything is a shade of gray where admins solve their own problems however they need to, bending to the local desires & needs of their users or management. Everybody is right, nobody is wrong. I’ve come to realize that, and it’s no big deal.

I am convinced, however, that if your organization does not have “fully implemented IPv6 support” and “full support under VMware virtual infrastructure” as requirements for purchasing any new hardware, software, or services, you’re doing it wrong[1][2].

Let’s assume that anything you’re buying now will last 5+ years. In 5+ years we will be out of IPv4 address space[3]. And it goes without saying that you’ll want to run things in your virtual environments, right?  So don’t let your organization buy products that are just going to make life tougher two years from now — let your management know now that things need to change. Even if IPv6 isn’t currently on your organization’s to-do list, it will be soon, whether you like it or not. Get on top of it.

————————————

[1] Not desirables, not plusses or bonuses, but a full functional requirement for support that knocks a candidate out of the running in an evaluation if they don’t meet the criteria. You might also be tempted to say “well, if it’s on the vendor’s roadmap…” — don’t. IPv6 has been around for years, and if your vendor doesn’t have it implemented right now it isn’t a good sign. Besides, during purchasing exercises I always suggest that folks treat roadmaps as vaporware and assume that none of the features listed on them will ever ship.

[2] Yes, my organization is doing it wrong, too. On both counts. It’s getting fixed, slowly, but we should have started fixing it three years ago. Which is why I’m writing this post. :-)

[3] ARIN/LACNIC/APNIC have issued statements that we’ll be out of IPv4 space in 2010, and Tony Hain has a report on the current state of the space. Geoff Huston has a daily report and prediction on his web site, too. Hurricane Electric also has a big page of exhaustion stats. None of them are showing anything good.

The web server I run this blog’s virtual host from has been IPv6-enabled for about three years. On Monday night I asked myself why I’d never given the blog an AAAA record. So I did.

I just looked at the logs, out of curiosity, to see how many of my readers are IPv6-enabled. It’s painful. Discounting myself, 19 unique visitors out of 1683, 1.13%, came in via IPv6.

If you aren’t thinking about IPv6 you should start. Enabling IPv6 really isn’t a big problem, by itself, as most ISPs can handle requests like that now. If you’re anything like me the problems that will vex you are the little ones: death by a thousand paper cuts. It’ll be the fact that your hosts.allow files need new stuff in them. Or the guy who does DNS doesn’t know what a quad-A record is. Or your web log analyzer script that’s worked flawlessly for a decade now barfs. Each problem, by itself, takes a week or two to fix, and now it’s three years later.

I’ve been running a couple of hosts on their own little VLAN, separate from everything else so that I can figure out what we need to fix at an OS level. Because they’ve been separate I could take my time, fixing things slowly so that as we get ready to turn IPv6 on for more of my organization we’re ready. It’s worked out really well so far, and I’d recommend it to anybody who isn’t testing IPv6 already. Get on it, get an IPv6 allocation and build yourself a small DMZ testing area. Put your desktop in it, too. It won’t be long until you be forced to implement IPv6, and this way you’ll be prepared.