The IPv6 Taskforce partnered with CIO's sister magazine Computerworld to run an event for Auckland businesses in the lead up to World IPv6 launch day on June 6. Trade Me head of infrastructure Matt van Deventer and Beca CIO Robin Johansen shared their experiences of migrating to IPv6 to the audience of around 60 IT managers. Their case studies were followed by an open panel discussion with Taskforce members Dean Pemberton, Nathan Ward and Donald Clark. IPv6 and TradeMe
“Our IPv6 story is equal parts sad and equal parts embarrassing,” says van Deventer, speaking to a room of network and IT specialists about TradeMe’s journey towards IPv6, at Computerworld’s IPv6 event in May.
Van Deventer is the head of infrastructure at TradeMe, and before that he was head of database. Altogether he’s worked at New Zealand’s largest auction site for more than five years, but admits he’s no network specialist. His "trusted network guy" was in the audience to take on any hard questions.
Van Deventer says it was important to move towards IPv6 in slow and considered steps and four years after starting, his team is still working on the project.
Several key systems that are critical to Trade Me’s business are based on IPv4 addresses, including its fraud detection, trust services, geoIP, and payment gateways. The site’s core programming is the culmination of several years of work including swathes of code from the early 2000s, before IPv6 adoption was a major concern.
Van Deventer says Trade Me, which includes subsites like Trade Me Property, Trade Me Jobs, TravelBug, Find Someone, and Treat Me, creates around 1TB of data a day. Twice a day code is deployed to production, and between 20 to 30 changes occur on the site every week.
“We used to be able to get away with those small mistakes you get sometimes after a deployment, but with social media it’s become insane. Our record so far is six minutes between the site going down, and it being on the front page of stuff.co.nz,” he says.
Why IPv6 ?
Last year Microsoft bought 666,624 IPv4 addresses from now defunct telco manufacturer Nortel, for $7.5 million. Van Deventer says this shows the desperation some large enterprises will face in the future when IPv4 addresses are exhausted.
Van Deventer says Trade Me wanted to be ahead of the curve while the number of IPv6 users was still relatively low, to reduce the likelihood of not being able to deliver its services to customers.
“The sooner we do it the better, and the less likely people will see the dreaded error page,” says Van Deventer.
For van Deventer, there is also a level of prestige associated with being an IPv6 early adopter.
“We want to be like Facebook and Google. We want the best tech people in New Zealand to work for us, and they want to work for companies that are ahead of the curve,” says Van Deventer.
In 2008 while the company was replacing its networking hardware, the decision was made to procure IPv6 compliant technology. Trade Me purchased an allotment of IPv6 addresses, but Van Deventer admits the project dropped off the radar for a year after this point, due to other priorities in the business.
In late 2009 Trade Me's networks and servers were IPv6 compliant, and it just needed to work on its email servers...or so van Deventer thought.
After testing the network hardware procured in 2008 in TradeMe’s corporate environment it became apparent that the IPv6 support was minimal, and there was none for the virtual routing and forwarding (VRF) systems.
“In hindsight we could have done more due diligence when it came to vendors ticking the box on the RFP,” says van Deventer.
TradeMe’s IPv6 woes didn’t stop there. Last year it completed peering with international carriers, only to find the routers used by its datacentre provider would not support the appropriate VRF or border gateway protocol (BGP) until a future software update.
This hitch was particularly devastating for van Deventer and his team, as they were aiming to join hundreds of other notable websites who too were turning on IPv6 on June 6, World IPv6 Day.
“Sad face :(” reads van Deventer’s PowerPoint slide at this point.
Where are they now?
Van Deventer says it is unlikely Trade Me will be IPv6 compliant by June 6. New network hardware and appliances are being shipped in from overseas, but won’t arrive until June and it isn’t feasible for his team to set up and do the required testing in time.
“It’s really sucky to be perfectly honest, but it’s been a very interesting and sobering journey. It’s important to know we are still trying,” says van Deventer.
“Looking back there isn’t a lot that we would do differently, apart from taking a second look at our vendors probably.”
Van Deventer declined to publicly name the vendors.
Beca and IPv6
For engineering and construction firm Beca, the decision to adopt IPv6 was simple. It’s not uncommon for the company to partner with other firms during construction projects, like the Macau Tower which Beca designed. Project documents are shared with clients and partner firms on an extranet, and in South East Asia where Beca is doing increasingly more business, IPv6 uptake is on the rise.
“If you’re easy to work with and connect to, that will bring you business. It’s a competitive advantage,” says Johansen.
Johansen adds that he was careful not to label the initiative as a project when putting it before the board, because that would make it difficult to get buy in from senior management. Instead he focused on the preemptive readiness the company would be afforded when IPv6 is more prevalent, calling it a “prudential asset management process”.
“There’s no fantastic return on investment, or at least nothing we could see in the immediate future. It also doesn’t make the boat go any faster really,” says Johansen.
“IPv6 just doesn’t figure highly in the minds of executives unfortunately.”
Early on in the process, Johansen says it was clear the company would need a hybrid IPv6/IPv4 network environment. Beca’s established Novell Private Branch Exchange (PBX), and building security system were noncompliant.
“We want to be at the leading edge, but at the same time didn’t want to isolate ourselves as an island of perfection,” says Johansen.
Beca faced similar issues to Trade Me with current vendors not supporting upgrade paths for their hardware, or not being overly generous with how far their support actually went for IPv6.
“They’re a bit of a laggard to be honest,” says Johansen.
In February of this year, Beca announced the standardisation of its IT infrastructure across its 21 offices in New Zealand and Asia Pacific. Using network hardware from Brocade, and VPN technology by AT&T, Johansen says Beca is in a much better place to implement IPv6 than when it started.
“I wouldn’t pretend to say we’re leading, but nor are we lagging,” he says.
Johansen says an unexpected benefit of implementing IPv6 is Microsoft Direct Access support on Windows 7 computers. Direct Access is a remote access tool which Johansen says has been taken up widely by his company and is popular with staff.
“If I’d been able to say at the start that I saw this as an outcome, this entire process would probably have been a lot easier,” says Johansen.
IPv6 is inherently neither more secure or less secure than IPv4, says Dean Pemberton, technical convenor of the IPv6 Taskforce. Pemberton is a senior consultant at Prophecy Networks, and spoke to the audience on IPv6 security, along with fellow panelists and Taskforce members Nathan Ward and Donald Clark.
“Currently there are a lot more IPv4 threats than there are IPv6, but that doesn’t mean one is more secure than the other. Right now it’s just about the numbers, there are a lot more IPv4 addresses being used than there are IPv6, so more potential targets,” he says.
“You should be looking at how secure your business is at an IP level, and not just an IPv4 level.”
Pemberton says network administrators need to ask their vendors about IPv6, he takes a harsh stance on vendors who are unable to inform their customers about IPv6 roadmaps for their products.
“If your network or security vendor doesn’t know about IPv6 or can’t give you a reasonable answer on why they don’t have feature parity with their IPv4 hardware - fire them,” says Pemberton.
IPv6 Task Force Wrapping Up
“My dream is to stop coming to IPv6 events. I just want to go to IP events,” says Pemberton. This dream may be coming true.
The IPv6 Task Force will be winding up in the near future says Clark.
“Our goal was never to become a self-perpetuating business. We were set up to get the ideas in motion, and we think we’ve taken the conversation to a place where businesses can continue on themselves,” says Clark.
Clark ended the session with a warning note for New Zealand export businesses, saying 72 percent of countries New Zealand conducts business with have IPv6 mandates.
“If your business wants to be in touch with the whole global internet, it needs to be IPv4 and IPv6.″