Over the past few weeks I have been starting to look at IPv6 and what we need to do to support it in the large organisation that I work for. Now we have strong limits on Internet access and a healthy bank of routable IPv4 addresses so the main first thought was that we didn't need to use it.
But this seemed a little short sighted for me so I have been continuing to review our options, as such we are probably at a stage where we should be planning an IP address scheme and then only implementing it as and when other projects are available to hide the costs, as there is almost no business benefit that could be gained directly to cover the costs involved in any IT change.
Now for those that don't know (or as a reminded of to those that do) IPv6 has been designed to be allocated in a hierarchical fashion, with IANA at the centre having given out blocks of addresses to the regional agencies (such as RIPE NCC for us here in Europe) and these are in turn given to local agencies and Internet service providers. So this where my thoughts started where should we get our allocation from. But I work for a Public sector organisation (in fact a UK police force) and we are being told to share more with our colleagues which will require firewall and router rules to support this. Then it hit me, what we needed was for all the other forces to have a shared set of addresses, so that 1 rule would allow me to say that this traffic is from someone in a police force somewhere in the country but we would not have to care which.
Then i took this a stage forward, why should the UK government not have a single subnet for all its agencies and departments, so with a single line in a firewall rule set we could make a set of systems available to any government agency, they would still need Role Based Access Control (the right for a specific user to access the system) but we could trust that that packet has come from a UK government site and let it passed the firewall.
But the idea is the easy bit, the UK government IT is a maze of Small, Medium & Enterprise IT departments with little collaboration or communication between them so to get someone to oversee the management of IPv6 addresses will be a challenge but he we go, it will make IP easier for all the public sector and should reduce some potential costs, which in these times of cuts should be appreciated.
