IPv6: Finally Here?
The 6th of June this year has been dubbed the World IPv6 Launch Day, and while participants of last year’s World IPv6 Day, put up a 24-hour demonstration of their planned support for the new Internet protocol, there is anticipation that this year, IPv6 will finally be turned on, for real, in a more massive scale.
Research company Ovum principal analyst, Mike Sapien said, “In addition to the ‘Launch’ term being used for this year’s event, more customers are starting to realise the importance of addressing support for IPv6 now.”
World IPv6 Day is an event organised by the Internet Society, a non-profit organisation that wants to promote a free and open Internet. Its chief Internet technology officer, Leslie Daigle described, “There is no question that we are running out. In February 2011, the last block of the 4.3 billion IPv4 addresses were assigned from the global supply to the Regional Internet Registry organisations which, as their name implies, are the not-for-profit organisations that manage the allocation and registration of Internet addresses within regions of the world.
“Today, there is no remaining IPv4 address space to be distributed in the Asia Pacific region, and IPv4 address space is expected to run out in Europe this year, in the U.S. next year, and in Latin America and Africa in 2014.” She added that only 12-percent of businesses had started plans for transition but another six-percent indicated they have no awareness of IPv6 at all.
An obvious catalyst is the lack of IPv4 address space; in contrast IPv6 is ready with 340 trillion, trillion, trillion (undecillion or 10 to the 36th power) addresses. But Sapien also sees other factors for the migration to IPv6 – proliferation of devices, mobile access to resources and B2C applications are driving customer support for IPv6. In fact, an Ovum report reveals that B2C applications are one of the common drivers.
Sapien said, “This isn’t really a complete migration – it is more of a dual-support capability that will be enabled for many years to come.
“Government regulations will also drive this support. We are increasingly seeing government promoting deployment of IPv6. This combined with mobile device support and mobile access to Web resources are the main drivers for most businesses. Customers will need to take a good inventory of their IT resources that are now IPv4, have a phased plan for dual IPv4/IPv6 support and implement this plan. This planning also needs to include third-party partners, resources and links that can be easily overlooked. Now is the time for customers to go beyond planning and get to the test and implement phase.”
What is the industry saying?
Google’s Chief Internet Evangelist, Vint Cerf said the World IPv6 Launch represents a major milestone in the global deployment of IPv6. Vint Cerf explained that when the Internet launched in 1983, its creators never thought that billions of computers and mobile devices will be using it to go online. “Without the rollout of Internet Protocol IPv6, which formally begins today for participating websites and other organisations on the Web, we won’t have the room we need to grow,” Cerf added.
Giant networking solutions provider Cisco also chipped in with president and CEO of Cisco System, John Chambers saying, “At Cisco we are committed architecturally to IPv6 across the board: All of our devices, all of our applications and all of our services.” Daigle had said, “Top global websites are turning on IPv6 permanently, and almost 50 access networks are turning it up as a regular service.” Included are ISPs in 22 countries as well as over 2,000 websites, including four of the top five rated websites – besides Google.com, there is Facebook.com, Yahoo.com and YouTube.com.
|Akamai tracks the increase in IPv6 traffic volume starting June 6th, 2012 (Source: Akamai)|
These aren’t the only ones who can lay claim to supporting IPv6 and ultimately any company that is directly or indirectly in the business of the Internet; providing it, enabling it or using it; may inevitably end up supporting this new protocol. But new concerns are starting to emerge, the biggest of which is security.
Off the bat, IPv6 is designed with IPSec which enables security in ways that IPv4 could not because it was developed at a time when security wasn’t a primary consideration. IPSec is mandatory and ensures that each data packet is encrypted and authenticated. But if IPv6 isn’t properly managed, all these built-in security will come to naught.
In a Forbes.com report, Danny MacPherson, chief security officer for VeriSign had shared the following issues:
- Translating IPv4 to IPv6 (because it will take some time before all systems are running on v6) itself can be a pitfall. Because IPv4 and IPv6 are not “bits on the wire” compatible, translating traffic from IPv4 to IPv6 will inevitably result in middle boxes mediating transactions as they move through the network. There are too many opportunities for poor implementations and vulnerability exploitation as a result
- Unlike IPv4′s variable header size, IPv6 has a 40-byte fixed header, but introduces add-on “extension headers” that may be chained and require complex processing by various systems: these could overwhelm firewalls and security gateways.
- During a long period of “transitional co-existence” IPv6 adoption may require large network address translation protocol translation devices, end system or intermediate translation devices and protocols. But these devices complicate the network and operations and could break useful functions like geo-location or tools that security administrators use to identify and mitigate malicious network behaviours (e.g., blacklists and traffic filters).
- Because of IPv6′s sparse address space, active scanning of infrastructure for unauthorised or vulnerable systems is much more complex than with IPv4. These capabilities need to be augmented with network access controls and active measurement systems that trigger vulnerability scanning.