I met Martin Levy for the first time in Honolulu at the Pacific Telecommunications Council '2007 conference. After several coffees at the Kalia Tower, and an hour or so discussions on data centers, networks, and IPv6, I knew I had found a true evangelist in the Internet industry. Several more conference coffees in different locations around the world, and I became one of his IPv6 disciples.
As a senior member of the Hurricane Electric team, Martin enthusiastically spreads the IPv6 word to locations around the world including Slovenia, Hong Kong, Amsterdam, Taipei, Brussels, and the European Commission - in addition to acting as a consultant to IPv6 developers and global digital government policy groups.
An accomplished speaker and writer, Martin brings a unique talent effectively delivering IPv6 thought leadership and actual IPv6 network deployment experience to the Internet community.
This is part one of a Pacific-Tier Communications Thought Leadership series interview with Martin Levy, Director of IPv6 Strategy at Hurricane Electric. Hurricane Electric is a leading Internet backbone and colocation provider specializing in colocation, dedicated servers, direct Internet connections and web hosting.
"Internet Protocol version 6 (IPv6) is the next-generation Internet Protocol version designated as the successor to IPv4, the first implementation used in the Internet that is still in dominant use today" (Wikipedia)
"With only about 10% of IPv4 address space remaining, organizations must adopt IPv6 to support applications that require ongoing availability of contiguous IP addresses." (ARIN)
"Organizations relying on the Internet to conduct business have only a limited time to act and adapt to changing technology. Those that delay, run the risk their online services may become unavailable to a rapidly growing number of users." (APNIC)
Pacific-Tier: Tell me a bit of the sense of urgency on (the Internet community) moving to IPv6, and what Hurricane is doing related to the topic?
Martin Levy: Urgency is a word that has been used now for many, many years when it comes to v6. But the reality is, that we have, for every years that has passed, gotten closer to where there are real limitations on the amount of new v4 (IPv4) space that can be added into the market place and added into the existing global Internet.
2010 really marks a time when we have less than two years of available space that can be allocated to the core registries, to the RIRs (regional Internet registries). And as this year and next year go by, we are going to start seeing rules that have never been seen on the global Internet. We are going to see people with requirements to substantiate their use of v4 space in ways that they have never done till this point.
They will see a requirement for documentation, for signatures, sometimes from corporate executives, officers of the company - at least in the US. This will be a whole new world.
If that doesn't wake people up to the fact that the world is changing, it is unclear what will.
Pacific-Tier: What is Hurricane doing itself to help push this issue along?
Martin Levy: We have always been evangelizing v6, but we've been doing it in a way that the users are encouraged to implement v6. In our case "users" means our wholesale providers (Internet service or network providers) that are buying our existing v4 services.
So we have made it easy at the wholesale level to bring on IPv6 connectivity anywhere on our backbone - anywhere globally on our backbone. That, as well as going out into the community and talking about v6 has been a core effort we've brought to the table.
It can get better. In some cases we can help a customer understand just how easy it is now, as opposed to five years ago. There really isn't, for anybody who had bought fairly new hardware any problem enabling v6. There is a set of golden rules to follow from a security point of view. From an operations measurement and monitoring point of view.
But in reality most people can enable v6 themselves and get their feet wet, with great ease. We have spent our time talking with people and convincing them of that fact, quite successfully.
Pacific-Tier: I hear a lot of companies talking about tunneling v6 through and existing v4 network. Is Hurricane running what we would call a "native v6 network" within your backbone?
Martin Levy: Everything on our backbone is 100% native. The core network, all of the Internet peering ports, all of the customer ports, the connections into our data center customers are all what is called "dual-stacked." In other words they all run native v6, and, if you want to use the term, native v4.
That means that every connection provided is provided as a pure v6 connection. Now, we also provide, because it is needed, "tunnel broker service." This is a v6 tunneled over v4 service. We've been doing this for many years. And there are users, whether they are at home, on a broadband connection in this country or somewhere else in the world, whether they are a software developer working inside a company that needs a v6 connection for software testing... Or whether they are just a home enthusiast, or in some cases it could be a whole university in some foreign country that has no way to get a native v6 connection. They can use the tunnel broker service.
They can use the tunnel broker service with BGP for full routing if they need to, and connect up to the v6 global network though a tunnel connection. In some cases there is no other way to do it.
But the core of the network, every single POP (point of presence or locations), 26 or 28 of them around the world are all configured native v6.
Pacific-Tier: What is your feeling about how your end users, or your actual customers, are using IPv6 in their networks? Is it becoming a fairly mainstream enterprise protocol, or do you have a lot of work to do to teach or provide thought leadership in the market in that area?
Martin Levy: I won't lie. There's an awful lot of education that needs to be done, and there's an awful lot of work that needs to be done - and in some cases even within wholesale or broadband networks. You can break it down into two or three different issues.
The first issue that touches any network is just their outside connectivity. Their core backbone, and links to the outside world, links into providers like ourselves (Hurricane Electric). Those have to be enabled for v6.
And because they are network entry points, that brings up the issue of network security right at the beginning of the day. The interesting thing is, network security for v6 is really identical to v4 - it's just the syntax that changes.
The addresses are longer, and you have to use colons instead of dots in the addresses. But the theory is always the same. If I deny access to a particular service over v4, I would deny access over v6. The service could be something as simple as SNMP polling of your core router. It could be more complicated like an internal set of web servers.
Any filtering that can be done with v4 can be done with v6.
The second part that needs to be thought about is what part of your network needs to be first seen by the outside world, or in the v6 arena. And it boils down to simple service like DNS for converting names to numbers. Potentially, if you are an enterprise, inbound and outgoing email.
Obviously, your web site. If you are able to bring up your website as v6-enabled, if you are able to bring up certain web services as v6-enabled, you can take those off the list. But even that doesn't hit the prime point, which broadband and wholesale buyers of IP transit need, and that is IPv6 connectivity to their end users.
In this area are cable MSO, DSL, or wireless network end user environment, they are going to work with all of the protocols and equipment needed to connect to their end customers, and potentially the education of the end customer.
And that is the part that still needs the most amount of work. But luckily for us at Hurricane Electric, we are a wholesale provider. So our issues are really in getting the first stage done, and potentially helping with the second stage. The third stage is left to the customer. And that (the third stage) is the hard part.
But from a wholesale point of view we get our part done, and we know that we can at least enable IPv6 to move and ensure the routing is as solid as it would be in the v4 world.
Pacific-Tier: So do you see new applications, and emerging technologies such as cloud computing, or global distributed cloud computing models that require a lot of addresses to support their VLANs and their internal process - do you see that helping enterprise adjust or have a better sense of urgency on how critical it is to start employing v6 in their networks?
Martin Levy: The story of IPv6 and cloud computing comes up on a regular basis, and it is a real, real requirement. It doesn't seem to go away, and the two items (IPv6 and cloud computing) seem to be well-connected to each other.
But what's more interesting as you talk to enterprises is you start hearing a story of "what are you going to do in a world that internally, the complexity of your internal network has started to push the bounds of how you would run an IPv4 network. Clashing private address space, stuff like that.
So we see even outside of cloud computing, where an enormous number of addresses are needed, that in complex enterprises or enterprise back office systems, we see benefits to the very large address spaces being given out. It may not be considered to be a killer application, but it definitely provides a solution far better than can exist in some legacy v4 environments.
Pacific-Tier: Do you have an opinion on the ability of companies such as Verizon Wireless, AT&T Wireless, T-Mobile, as they deploy their LTE and 4G networks. Will that serve as a further catalyst to force companies into the IPv6 world?
Martin Levy: I think the most pleasing part of that is that we are seeing a clear, solid understanding how and why IPv6 and IPv4 must be taken into account within the LTE or next generation wireless world. If you go back and look at very early documents on other wireless structure that have come into the marketplace, they were always very v4-centric.
This has now changed. Now it doesn't mean that you and I are going to end up throwing away all our 3G, and in some cases 2G hardware, and be forced to go out and buy LTE or 4G hardware and magically get v6. The reality is the back office requirements for those wireless providers still have a lot of work that needs to be done.
Still, the end-user connectivity is being defined with v6 in mind. I have a lot more faith that as of today we'll see a lot more items like that show up in the market place in a more seamless manner.
Keep in mind that we already see not every, and not so much the popular ones, but we do see certain smart phones in the marketplace that are v6-enabled and applications capable. They are v6 capable over their WiFi connections vs. their 3G connections. But at least it shows the base technology inside smart phones and smart phone products acknowledges why v6 is important.
People may not be using it very much, but that will change.
Pacific-Tier: Where does Hurricane fit in the big picture with IPv6 today? How do you rank with other networks in your category of size, scope, and scale of your IPv6 deployment vs. the rest of the network world?
Martin Levy: Over the last few years the amount of v6 traffic that we have carried has just grown enormously. It has grown by two different measures.
The other measure the number of routes, the number of customers, the number of adjacencies, and the number of peering connections with other core backbones we have. We have taken those numbers and eclipsed every other provider, putting us in the number one position globally.
That is a testament to the network engineers, and the dedication the whole company has (to IPv6). And we've really done that because v6 is not a side project for us. V6 is not an "add on" to our existing v4 service. V6 is not something we do as a special. It means that every single connection, every customer, every peer, every interconnect on our network, is v4 and v6-enabled.
We keep each protocol on equal footing so we don't have at any point the thinking that v6 is special. It is part of our DNA, and it is part of our base thinking for everything that we do on the network.