Can we deploy IPv6?

We know that we should be deploying IPv6 as soon as possible: time is running out (see: how long we can wait). But the next question is, can we actually deploy IPv6 now? Don't we have to wait for software, applications, network products? I am actually working at Microsoft on the "software" issue; for more information about Microsoft, look at Microsoft's IPv6 web page: http://www.microsoft.com/ipv6/. We may safely assume that software products and routers will be available soon; you may want to check the IPNG web page for an up-to-date list.

But having software and routers available is not sufficient, we also need deployment, and we must avoid the vicious circle in which Internet Service Providers wait for demand to materialize before they turn IPv6 on in their networks, while application developers wait for available networks before they develop the applications. Some ISP don't feel a particular urgency given the lack of applications, and some application developers are very sceptical: they working assumption is that it will take about ten years before IPv6 is deployed. The good news is, they are wrong.

It is actually possible to deploy IPv6 applications without waiting for IPv6 networks. This is because it is possible to turn on IPv6 "from the edges", without waiting for ISP deployment. The key technologies there are:

"6to4", specified in RFC 3056 by Brian Carpenter and Keith Moore,
and "isatap", specified in draft-ietf-ngtrans-isatap-13.txt by Fred Templin.

6to4 allows us to derive an IPv6 network prefix from a valid global IPv4 address. This can be used by a single computer, by the gateway to a home network, or by an IPv6 router that serves an entire entreprise network. Isatap covers the deployment of IPv6 on private networks, typically behind corporate firewalls; it can be used inconjunction with a single 6to4 router for the enterprise. In both cases, the IPv6 packets are "tunnelled" over IPv4. The deployment of 6to4 is facilitated by the use of an "anycast" address to discover the nearest relay to the "real IPv6 network", described in RFC 3068, which I wrote myself.

With 6to4 and Isatap, we can make sure that a computer gets IPv6 connectivity in all of three cases: if the ISP or the enterprise network provides IPv6 connectivity, if it has access to at least one global IPv4 address, or if the enterprise network has deployed an Isatap router. This leaves only one case unresolved, the case of the user whose ISP only provides a "private" address, i.e. the case in which the user sits behind a NAT. In the long run, the NAT will be upgraded to become IPv6 router, but we need an interim solution. This is why I have proposed the "Shipworm" protocol to the IETF; there have been many comments, the name has been changed to "Teredo", and the last draft is draft-huitema-v6ops-teredo-00. An implementation of Teredo is shipping as part of the "Microsoft Windows XP Peer-to-peer Update" and is being used in ThreeDegrees, an innovative peer-to-peer adjunct to MSN Messenger.