As much of an IPv6 advocate as I am, I think the TCO for the SMB
regarding IPv6 is often cost- prohibitive. Not because of CapEx, mind
you, but OpEx. That's something we need to fix within the next year
if we want to see real IPv6 adoption.
Strong IPv6 knowledge is still very rare, especially in the SMB IT workforce.
Right now, deploying IPv6 doesn't mean just deploying one technology
but several. Do you have an IPv6 firewall? IPS? IPv6 address
management solution? Monitoring? Security Policy? The list goes on.
To be honest, I'd put the TCO of IPv6 for an SMB to be much closer to
six figures than five.
You're looking at a much larger SMB than most SMBs actually are.
For a very large proportion of SMBs, replacing a single CPE device
covers the firewall, address management, and if you think they've got
IPS, monitoring, or a security policy today for IPv4, well, you're simply
delusional. There are a few CPE devices out today that can do this,
but, we definitely need more and a wider variety of feature sets.
There is simply no good solution for them right now. Remember that
for IPv4, most of the systems mentioned above are provided through a
unified, inexpensive, and easily managed, multi-function firewall. No
such product exists for the IPv6 world, at least not in a mature
state; so the knowledge required is much higher; the number of systems
and services required is much higher; the cost is... higher.
Seems to me that the SRX-100 comes reasonably close and has relatively
proximal capabilities in IPv4 and IPv6. However, at $600, it's probably
a bit on the pricey side of many SMB resources.
I'm sure a few consultants making bank on "deploying" IPv6 for
organizations without giving any thought to security, operational, or
performance concerns will be more than happy to chime in and say how
wrong I am. But trust me, the majority of SMBs aren't completely
brainless, and all you have to do is talk to them to know that they
have the exact concerns and conclusions mentioned here.
As a consultant making "bank" to some extent helping others to
deploy IPv6, I resent your generalization that we must be ignoring
all of those concerns. It's simply not true. I agree that many SMBs
aren't completely brainless, but, to say most ignores the reality that
most SMBs are someone running a shop to make money doing what
they are passionate about, such as SCUBA, sewing, or whatever.
The majority of money comes from larger SMBs, but, the vast majority
of SMBs in the US are actually single-proprietor businesses with
1-5 employees almost always without any sort of dedicated IT
person in the mix. They aren't brainless, but, networking isn't their
focus and all they know about any of those issues is the FUD they
occasionally hear on TV about someone getting hacked.
A responsible consultant will help them apply reasonable measures
to protect themselves and explain the cost/benefit tradeoffs of various
solutions so that they can make a (more) informed decision.
There may be IPv6 consultants out there deploying SMBs on IPv6
irresponsibly, but, not all of us fall into that category.
Owen