The Cooperative Association for Internet Data Analysis (CAIDA) and the American Registry for Internet Numbers (ARIN) presented the results [PDF] of a recent IPv6 survey at the ARIN XXI Public Policy Meeting in Denver on April 7th. The survey involved over 200 respondents from a blend of Government, commercial organizations (including ISPs and end users), educational institutions, associations, and other profit and non-profit entities. The purpose of the survey, conducted between March 10th and 24th, was to capture IPv6 penetration data in the ARIN region.

ARIN is one of five Regional Internet Registries (RIR) tasked to govern the distribution of Internet address space. ARIN covers the United States, Canada and portions of the Caribbean. The United States is often said to be behind the rest of the world in IPv6 deployment, mostly due to the fact that much of the U.S., particularly the Federal Government but also many large commercial companies, has more than enough IPv4 addresses to fulfill its requirements and does not see a need to migrate.

More than a third of the respondents indicated that cost, time and the lack of a compelling business case continue to be their biggest obstacles to deploying IPv6. Other projects with more definitive requirements, benefits and return on investment are a higher priority.

Vendor support for IPv6 was high on the list of obstacles according to almost a quarter of the respondents. While major router vendors support IPv6, support is lacking in security products, making IT managers squeamish that if they enable IPv6 they may open up security holes and not have the tools to mitigate them. Even in products that support IPv6, it tends to be less robust than a product’s IPv4 capabilities. For example, IPv6 may be supported in software rather than hardware, causing concern over potential performance impact. Or, IPv6 may be supported at the command line interface but not be configurable from the GUI that is used to configure other product features.

Almost a fifth of the respondents rated their staff’s IPv6 knowledge, lack of user demand, and the limited ability to acquire IPv6 services from their upstream providers as major IPv6 hurdles.

The presentation provided quotes from several of the respondents downplaying the need for IPv6. One respondent asked why they should bother if big tech companies like Cisco, Microsoft or Intel have not made the jump. See my previous post on this topic.

Most disturbing in the survey results are the charts that show the percentage of respondents that have “no plan” for various aspects of IPv6 deployment. You can’t tell from the chart if that means they performed an evaluation but felt there was no need for a deployment plan right now, or if they just haven’t done any kind of evaluation to even make that determination.

Concluding that there is not have enough of a requirement for a deployment now or in the near future is fine, so long as the organization came to that conclusion through some sort of evaluation. But organizations having absolutely no plan at all because they have not made any effort to evaluate it is borderline negligent. IPv6 has made enough noise at this point to justify spending at least a few man-days in the course of a single year to come up with some rudimentary strategy, even if that strategy is to do nothing except to review it again next year. At a minimum, policies should be set to incorporate IPv6 as a requirement in new hardware purchases so that the technology refresh happens naturally and facilitates a possible migration later. When something is designated as a low priority, it should not mean “no priority.” Waiting for requirements to emerge before forging even a basic strategy is a reactionary tactic that usually comes back to bite you.

But the glass isn’t half empty. The majority of respondents indicated that they do indeed have deployment plans, with some having already performed some facets of deployment while others have it on the roadmap for the next few years. Furthermore, in separate reports ARIN stated that the number of IPv6 allocations they made in 2007 was up substantially, showing an increase in interest.