So the question is, when does it make sense for a company to switch their network infrastructure from IPv4-only to IPv6 compatible, and what is the best way to execute this? Based upon in-depth research of this question using varied sources and case studies, a recommendation of implementation with tentative timeline for a given corporation will be made. Clear definitions and history of IPv4 and IPv6 will be provided. The purpose of this research paper is not to explain the IPv4 and IPv6 specifications in grave detail, but to give enough overview so that pressing issues associated with IPv6 deployment are understood.
Gained efficiencies, security concerns, and competitive advantages associated with IPv6 implementation will be discussed. Answering this research question will give the reader additional insight into the challenges and priority of IPv6 implementation, helping to understand the significance, potential issues, and urgency concerning IPv6 deployment for corporations and individuals alike. Introduction For decades, the topic of IPv4 address exhaustion has been of concern to the IT community.
The Internet Assigned Numbers Authority (IANA) is at the forefront of this topic, as they are responsible for the global IP address space management. On February 3, 2011, the NRO (Number Resource Organization) released an article, stating that the last two top level (/8) blocks of free IPv4 addresses were assigned, depleting top level address space, and that major organizations need to switch to at least become IPv6 compatible. The article says, “This has been a historic day in the history of the Internet…. The future of the Internet is in IPv6.
All Internet stakeholders must now take definitive action to deploy IPv6. ” (NRO, 2011). Over one year later, the vast majority of US and international corporations still haven’t changed their infrastructure to IPv6. However, awareness is rising, even though corporations do not seem to be feeling the effects at this time. While there are gains to be realized from switching from IPv4 only to IPv6 compatible, it is important that proper integration takes place so as to not jeopardize business continuity and security.
Understanding what IPv4 and IPv6 mean, as well as understanding the history to their emergence further helps understand the future of IP technology, as well as priority for making the switch happen for an individual or corporation. Definition and Brief Explanation/History of IP Protocols The IPv4 and IPv6 Internet Protocols have been in existence for decades, and in particular, the acknowledgement of limited IPv4 addresses has been identified for decades as well. Stallings (2009) defines the Internet Protocol (IP) as “A standardized protocol that executes in hosts and routers to interconnect a number of independent networks”.
IPv4 is the fourth version of the IP, and was widely deployed around the world. IPv6 is the sixth version of the Internet Protocol. IPv4 was first developed in 1981 (Postel, 1981) and IPv6 was developed in 1998, adding several design enhancements to IPv4, the major change being the use of 128-bit IP addresses (Deering, S. , Hinden, R, 1998). With approximately 4. 8 x 1028 addresses for each of the seven billion people alive in 2011, it hard to imagine the exhaustion of these addresses in IPv6 protocol (Census, 2012). There are also 264 address spaces in a standard subnet in IPv6.
This means many complex IP address handing techniques that were employed in IPv4 such as Classless InterDomian Routing (CIDR) are not necessary in IPv6 protocol, making network management more efficient (Deering, S. , Hinden, R, 1998). Larger IP addresses simplify allocation of addresses, enabling efficient route aggregation and implementation of special addressing features (Deering, S. , Hinden, R, 1998). Even though these enhancements were apparent for IPv6, these features alone were not sufficient motivation to deploy IPv6 compatible technologies as a whole.
A few companies did start IPv6 deployment however, which gave some insight into the challenges associated with migration. Having an understanding of IPv4 and IPv6 protocols, history, and improvements in IPv6 upgrade help to grasp the overall status and significance of migration to IPv6, helping other corporations in their decision in whether or not migration is necessary for them at this point in IPv6 existence. Security Considerations With security being of upmost importance in business, it is important that IP security stays as the forefront of people’s minds when converting from IPv4 to IPv6, not causing any issues.
While IPv6 does offer additional security features that were not available through IPv4, it also supplements this with security flaws that must be properly accounted for by IT security professional to ensure a properly secured network. This can be especially challenging when one considers that there aren’t many skilled IPv6 security professionals in the market, simply because IPv6 is in its infancy, so there aren’t many opportunities to gain this experience. One article from the Information Security Journal goes into detail about how security professionals can secure various configurations related to IPv6 and transition networks.
A transition network is defined as “a mix of IPv4 and IPv6 protocols and allows IPv4 services to be reached by IPv6 users, and vice versa” (Chasser, 2010). Some of the IPv6 changes that were implemented to improve networking efficiency included simplified header for routing efficiency, header extensions and options for more efficient forwarding of packets, increased “jumbogram” packet sizes in IPv6, and mandatory inclusion of Internet Protocol security (IPsec), which is used to for encapsulation of packets so that “middleman” attacks on packet transmissions throughout a system are in effective (Chasser, 2010).
However, even with improvements made by IPv6, other security breaches arose within IPv6 specifications. One example of a new security breach that is not an issue with IPv4 is the opportunity to corrupt header packets source addresses, because IPv6 protocol requires a new router header on its packets for networking efficiency gains over IPv4 specifications. Doing so also created an opening for Denial of Service (DoS) attacks (Chasser, 2010).
The way to counteract this attack would be “…verifying the waypoint router address appear only once in the header and by using ingress/egress filtering to ensure the source addresses are correct for the destination address” (Chasser, 2010). Another article talks about how because of the larger IP address pool, blacklisting will become more of a challenge, as James Lyne, director of technology strategy at security firm Sophos, “…estimates around 90% of web filtering tools used by business today rely on blacklists. ” (Ashford, 2011).
These are only a couple of many examples of security concerns that must be accounted for when configuring a secure IPv6 or transition network. An important takeaway from analyzing the details of security related to IPv6 is to realize the opportunity for error in securing the network if proper training, experience, and testing is not executed. One should not be “learning on the job” when securing an IPv6 environment, which is difficult considering there is limited real life opportunity for gaining hands-on experience in IPv6 security.
This may be one of the reasons why some corporations are employing the “wait-and-see” tactic to try to learn from others’ migrations, take their lessons learned, and then apply it to their hardware and software security configurations before implementation (Ashford, 2011). While IPv6 implementation may be mission-critical for some, lack of IPv6 training and hands-on experience in security may be compelling enough to steer companies away from IPv6 implementation until it is absolutely necessary for their business. IPv6 Deployments
In the currently business atmosphere, depending upon one’s nature of business, IPv6 implementation can be mission-critical for some, but not as important for others. In the mid-2000s, the DOD (Department of Defense) had plans to start moving its IP infrastructure away from IPv4 to IPv6 in an attempt to address the depletion of IPv4 addresses issue. “’We have a good case for IPv6. We need it for ad hoc networking and mobility,” says DOD’s Kris Strance (Miller, 2007). A multi-year migration plan is now set in motion for allocation of IPv6 addresses, within a phased implementation method.
The article talks about how changing the routers to handle additional memory that IPv6 warrants is not a big issue. Rather, the more complex challenge is to rewrite and retest applications to be IPv6 compatible versus IPv4 compatible. The article also states that “…addresses will be assigned to networks in a hierarchical model that will leave many untouched” (Miller 2007). This means that IPv6 implementation will be slowly phased into network systems, and affected IP addresses will be hanged to IPv6 addresses as underlying technology and applications that use the IP addresses are reprogrammed.
Another article regarding the deployment of IPv6 by the DOD highlights some of the key issues associated with internal deployment, such as security, application interoperability, and priority of phased implementation (Sekelsky, Strange, 2008). In the excerpt, it says, “Defense gives highest priority to incremental improvements that immediately satisfy wartime requirements, such as those in Iraq and Afghanistan, using existing systems.
This limits resources for planning, implementing and mitigating the risk of inserting new capabilities, such as IPv6, that have long-term benefits… The transition has its challenges. IPv6 must be carefully managed to ensure that no security risks are introduced. For example, during the transition period. Defense users would have a mix of IPv4 and IPv6 addresses, which makes interoperability and security across Defense complicated. In addition, IPv6 technology and standards are still evolving. Therefore, Defense must ensure that IPv6 systems and programs bought today can be upgraded with advanced features. ” (Sekelsky, Strange, 2008).
While the DOD acknowledges the challenges associated with implementation, they are still pushing to implement IPv6 solution for its major internal benefits associated with networking simplification. IPv6 deployment is also rapidly occurring with LTE providers, as IPv4 address exhaustion on the Internet will force an increasing amount of mobile clients to connect to the Internet with IPv6 only addresses. IPv6-IPv4 translation will also be necessary, but will cause performance issues. One academic journal says “… LTE (“4G”) phones and the myriad other LTE-equipped mobile devices will eventually be IPv6-only.
ARIN (American Registry for Internet Numbers) advised LTE providers that IPv4 depletion is imminent and LTE providers have prepared for a day that new LTE users will be IPv6-only. Obviously this new wave of IPv6-only users will want to access IPv4-only sites, so the carriers are setting up massive farms of servers to do the translation. There are two problems with this. First, the translation is expected to be slow. Second, geo-location will mistakenly identify users as being where the server farm is, not where the user is.
That means if your Web site depends on advertising that is geo-targeted, the advertisements will be appropriate for the location of server farm; not where your users are. Since LTE is mostly used in mobile devices, this is particularly pressing. ” (Limoncelli, 2011). A slightly different IPv6 implementation strategy is to focus on one “thing” that can be gained by adoption, and make the necessary changes to achieve that enhancement. This was done in the case of Nokia, which saved phone battery power from IPv6 adoption, as their phones ceased to have to constantly send pings to the NAT servers to keep sessions alive (Limoncelli, 2011).
Focusing on the “one thing” also added management backing for approval of the project, as the purpose of the work effort was clearly communicated. This article succinctly points out how one’s corporation can be affected by IPv4 address exhaustion. Also, If a given corporation were to never switch from IPv4 to IPv6, then this would cause increasing performance issues for IPv6-only customers trying to connect to corporate websites, thus losing a competitive advantage in the market.
Given that some companies( like Ebay. com and Amazon. om, for example) greatly depend on their Internet presence, this could eventually hinder the corporation with direct loss in revenue due to lack of customer support/service. So the ultimate point is that while IPv6-only presence on the Internet may be quite small as of 2012, it will become an increasing issue over the coming years, and corporations will lose their competitive advantage in the business environment if the proper measures aren’t taken. Concluding Remarks The researched works regarding IPv6 implementation have clearly shown that companies need to at least be aware of IPv6 technology, as IPv6 adoption is increasing over time.
Sources researched have shown that IPv6 migration can have significant impact on one’s business, if not in the short term, then in the long term due to loss of competitive advantage in one’s market. For any corporation that does not currently support IPv6 internally or externally, depending upon available funds, I would suggest that companies at least start researching and increasing awareness of IPv6 technology. Implementation of IPv6 infrastructure does not have to be done all at once, and can be phased in, starting with external IPv6 support.
Support of external IPv6-only addresses on the Internet could help a corporation maintain business continuity for their customers, increase performance, and in some cases, ensure geo-location related services are not compromised. The most compelling argument against IPv6 implementation is security concerns, mainly due to the lack of expertise in IPv6 security. For the casual individual consumer, as long as one’s external-facing router is eventually IPv6 compatible, no major issues should arise. ISPs should be switching IP connections and equipment as necessary, so these changes should be relatively invisible to the consumer (Poole, 2012).
All in all, while IPv6 adoption may turn out to be mission-critical for some going forward, it does not require major changes for most corporations, and may even be invisible to the casual consumer. As long as security is at the forefront, then mission-critical migrations for corporations should be phased in over a multi-year period, giving IT security staff the proper training and exposure needed.