Is IPv6 just another Y2K scare story?
No. The Internet will not stop working, nor will the world end because we are running out of IPv4 addresses.
So, what’s the problem?
In February this year the Internet Assigned Numbers Authority (IANA) doled out the last remaining blocks of IPv4 addresses to the individual regional Internet registries. This means it has no more addresses to hand out, so that once any regional registery has given out all its IPv4addresses they won’t get any more. This is expected to happen this year in some cases, so we need to move to a next-generation networking protocol with many more addresses.
IPv4 was created in the early 90s, using a numbering scheme that could allow up to four billion different addresses. Although this allowed for nearly everyone on the planet, it did not anticipate people having multiple devices – a PC, a SIP phone, a laptop, a smartphone etc – nor for the uptake of IT in emerging third world nations.
The problem is that computers with IPv4 addresses cannot communicate with machines with IPv6 addresses. It’s bit like dialling the old phone number when the numbering system has been changed, except that the new addresses are very different in size and format, so the two addressing systems are incompatible.
Meanwhile there has been an explosion in new mobile devices, plus a surge in new users from emerging world markets – and not enough IPv4 addresses to supply them. They will have to use IPv6 addresses instead. But businesses need to ensure that their websites, customer portals and online services are accessible to these users, or new customers will not be able to find them online. The longer enterprises wait, the bigger the market that they are denying access to their goods or services.
Can’t we solve this more simply using NAT?
NAT (Network Address Translation) means that old IPv4 addresses already in use elsewhere can still be re-used inside your network. What happens is that, when the IPv4 device wants to communicate outside your network, your network or provider has a NAT server that translates the internal IPv4 address into a unique IPv6 address for use outside the network. And, when a message comes into your network, the NAT server translates the unique IPv6 address into the internal IPv4 address, and it goes back to the IPv4 device.
So why bother with IPv6, as long as your provider performs NAT? In practice NAT adds latency; it also adds another point of failure and, more importantly, some services simply do not work through NAT. The Internet connection is there, but the service offering would be degraded and your business at a competitive disadvantage if you relied only on NAT.
Is IPv6 new? Is it proven?
IPv6 is not new. As early as 1994 the Internet Engineering Task Force (IETF) saw the need for a better addressing system and started work on IPv6, publishing the basic protocol in 1998 and since then they have been refining it and updating for things like mobile IPv6.
Most operating systems – including Apple Mac OS X, most versions of Microsoft Windows and most major Linux distributions – have already supported IPv6 addresses for a number of years. A lot of devices are already IPv6 ready to make them more future proof.
Can’t IPv6 also run out of addresses?
Because IPv6 addresses have 32 digits, it allows for 340 undecillion addresses – that’s 340 with 37 zeroes.
It’s tempting to say that we could never, ever, use all those, but no doubt the inventors of IPv4 thought they were being generous with their 4 billion. What, for example, if we develop self replicating nanobots that each need an IP address? Don’t even think about it!
Does migrating to IPv6 mean discarding IPv4?
As long as there are still people only using IPv4, you probably need to retain IPv4 functionality. Looking at global statistics (currently only around 5% are using IPv6) this means that most organisations will move to ’dual stack’ systems that allow for both IPv6 and IPv4 for a long time to come.
What are the pros and cons of being an early IPv6 adopter?
• Early adopters hit the steepest part of the learning curve: lack of IPv6 migration experience means they’ll be the ones making the mistakes that later folks will be able to avoid; early implementations will be likely to have bugs; system testing strategies will still be under development and so on
• If your customers and partners are all on IPv4 – like the overwhelming majority in the US and Europe – you could concentrate on building your core business now and not put energy into migrating to IPv6 until needed.
• As a new and unfamiliar protocol, IPv6 may have security loopholes that hackers are the first to discover. Early adopters will need to be more vigilant.
• The longer you wait, the more people will have moved to IPv6, and the more of your potential contacts and customers simply won’t see you, or have access to your goods and services.
• If the world economy takes off again – and IPv6 is one of the factors that could help that to happen – late adopters will be just beginning the migration process while the early adopters will be more free to mop up the opportunities.
This is misleading and I don’t think it is all that relevent
And when is considered ’late’?
Infoblox sees IPv6 as an ongoing challenge for organizations for the next 10 years, with dual stack (IPv4 and IPv6) environments becoming the norm for enterprises over that period.
This is redundant
What about the security issue – isn’t IPv6 designed to be more secure?
IPv6 does have some extra built in security features, but how well do you understand them? Some organizations may not be aware of the differences between IPv4 and IPv6, and leave loopholes to be exploited by hackers.
IPv6 adopters may find that their existing firewalls and routers offer less functionality for IPv6. Any firewall that does not recognise IPv6 addresses might simply pass such packets blindly through. There are also IPv6 tunnels that allow IPv6 packets to be encapsulated inside IPv4 packets – unless your system is protected by deep packet inspection, this could be another way for malicious code to enter your system. It is inevitable that initial IPv6 implementations will have bugs that hackers might discover first.
Then there is the problem of education: with less experience of IPv6, there is more chance of oversights and misconfigurations than with IPv4.
OK, I’m nearly convinced, so how should I prepare for IPv6?
Your IT team needs to do some initial research, educate themselves, have clear migration and test plans for their devices and the whole system. Infoblox offers an IPv6 Resource Center with many tools and tutorials that can help in this process.
It is a long term investment, so it is worth planning carefully to make sure you do not throw money at something that could take years to deliver a return. Here are the important considerations:
• Prepare to automate your core network services before starting – manual processes like Excel spreadsheets or free tools for IPAM, and legacy DNS systems will become a nightmare and prevent you from when you begin managing the surge in much larger IPv6 addresses
• Revise your security policies, because IPv6 security issue are not yet as known and documented as IPv4
• Check your application compatibility with IPv6 – and available upgrades
• Before upgrading to new IPv6-compatible devices, check the risks – how long have they been deployed, what is their reliability and service track record?
• Check your current management and troubleshooting tools and processes – are they compatible with IPv6?
• As well as testing components, be prepared to test the upgraded system as a working whole. Today’s automated test solutions and professional services are designed to cope with such complexity – check them out first.
What about the actual migration process?
• First set up some form of IPv6 test methodology or service, so that nothing will be implemented before you have the means to test it thoroughly. You could equip your own team to do this, or have a third party service lined up
• Then make sure initially that your external services are IPv6 capable, so that any IPv6-only devices will be able to reach your website, e-mail, applications as readily as existing IPv4 users. That way you won’t risk losing potential new customers.
• Your core routing infrastructure must next be upgraded to handle IPv6 traffic – dual-stack upgrades to core and edge routers, end point devices and hosts. DNS AAAA and DHCPv6 too? Some systems, like Microsoft Windows, do require DHCPv6.
• Where IPv6 can not yet be supported, create temporary IPv4 islands and use NAT to allow your IPv6 devices to access them. With these in place, you have bought time to slowly migrate the applications etc out to the dual stack infrastructure as upgrades become available and practical.
Still frightened to go ahead?
Then get advice from specialists who have already helped hundreds of organisations make a comfortable transition to IPv6.
Infoblox not only offers a suite of tools and technologies designed to reduce the time, cost and risk of IPv6 migration and operation, it also offers friendly and experienced professional services to advise and help you on your way.
Tags: Networks & Telco