What is IPv6, what if you don’t transit to it and how to do it best—find out!
By Dilin Anand
Internet protocol (IP) is a system of rules by which data is sent digitally across a network. It sends data as packets, called datagrams, over the network. Each of these data packets consists of a header and a payload. The header contains data such as the sender’s and receiver’s addresses, while payload contains the actual information.
IPv4 is the fourth and also the most widely deployed version of IP . It is this popularity that has ultimately led to the need for an updated IPv6 protocol.
As IPv4 increased in popularity and more devices used it, the Internet has almost run out of IPv4 address space. IPv4 uses 32-bit addresses, which gives a total of 232 addresses. This means that it has a limited space of 4,294,967,296 addresses. The fact that this address space could exhaust soon was not anticipated by the original designers.
What happened to IPv4?
Internet-enabled devices like smart- phones and tablets are flooding the market. Almost all the smart devices released these days require an always- ’on’ Internet connection to run various applications and other functions. This always-’on’ status causes the device to retain its IP address indefinitely, preventing others from getting it. This has caused the address uptake by service providers to escalate rapidly and the Internet to run out of IP address space.
Historically, inefficiencies plagued the initial address allocation, as the classful network allocation followed back in the eighties was inadequate to reflect reasonable usage. Even after the problem was discovered and a re- design of the addressing system using a classless network model done, it be- came clear that this would not prevent IPv4 address exhaustion, and a major change to the Internet infrastructure was needed.
What if you don’t transit to IPv6?
Exhaustion of IPv4 address was un- derstood half a decade ago, but it did not seem an imminent threat so people ignored it. A slumping economy also had a hand in changing the focus to other issues. But now it has become an important concern.
There are workarounds like NAT and tunneling solutions that allow one to dodge the transition. But in such workarounds, in-line processing will add latency to the system, and sticking to an outdated protocol will increasingly degrade the performance. Firewalls will also create problem and the system security might go for a nose-dive.
Communities like Anonymous are waiting for the transition, to go about on a hacking spree. Firewalls won’t recognise IPv6 traffic until these are programmed to do so—meaning lega- cy systems would allow IPv6 packets to go straight through them.
There are IPv6 botnet and mali- cious code packets already doing the rounds searching for unsuspecting victims. If an organisation does not re- quire IPv6, it is recommended to block all IPv6 traffic until transition.
How to transition to IPv6?
Before you take the jump, be aware that transitioning to IPv6 is not as easy as toggling a switch. It will require running both protocols simultaneously unless, of course, one decides to alienate all IPv4 customers. The time when IPv4 is not needed at all lies years away. But the security and performance implications of not switching to the new protocol are serious as well.
So consider both sides before deciding. A phased approach is always a smart and cost-effective way to transit. The first phase of migration should be to establish the IPv6 transition team to define the team action plan. The following actions need to be taken then:
Network readiness assessment
Security should always be the top priority. If IPv6 devices are already active in a network, a gaping hole in security might exist. Therefore assessing your network and identifying IPv6-enabled equipment should be the first step. This also includes risk and cost analysis.
Doing this will also allow to deduce how much new equipment are to be purchased. Most of your recent purchases have a high probability of being IPv6-ready. Most companies like ZTE, Cisco and Huawei have been adding IPv6 capabilities to their rout- ers for some time now.
Moreover, since compatibility with IPv6 networking is mainly a software or firmware issue, a lot of hardware might not require replacement. Timely analysis in this regard might save a lot of funds.
Create a software inventory. Just like software or firmware updates for routers and other networking gear, there is also the question of the operat- ing systems being used in an IT eco- system supporting the new protocol. So one needs to make sure that all the software is inventoried. For instance, Microsoft Windows 7 can already han- dle IPv6 traffic, but Windows XP SP2 cannot. So computers running Windows XP SP2 needs to have the IPv6 part installed and activated manually via command line:
c:\ netsh interface ipv6 install
“The end justifies the means.”
A common mistake while setting the goal is to confuse between end goals and mean goals. While end goals define outcomes where one cannot compromise, mean goals form the paths to reach the end goal. First, one should understand the benefits that the company hopes to derive. Perhaps, it might have important clients and business partners on the IPv6 network. Or the company hopes to grow its business on the new Internet.
Whatever it be, understanding this will help to decide how to transition. Early adopters may phase in IPv6 across the enterprise and begin application development. On the other hand, there might be companies that block all the IPv6 traffic from their networks and prolong deployment until they deem it to be robust enough. And then there are companies in between which while allowing traffic through their firewall, will still shy away from investing heavily until all the issues are sorted out.
Develop a migration plan.
Whichever criteria a company belongs to, ultimately IPv6 will be embraced. It should ensure that the transition is done smoothly and steadily. One can begin by designing trial scenarios and then testing them. This requires developing migration scenarios and test cases, conducting the tests and evaluating the test results. If the test results are positive and successful transition is achieved in the test case, one can go ahead.
Initiate IPv6 transition.
The initial transition should be restricted to one section only . This allows easier analysis and problem-solving. It also allows to control the risk involved in case of a mishap. Once the transition is complete, the service should be monitored continuously and all IPv6 operational gaps identified. Note down the new security measures needed to filter and monitor the IPv6 traffic. Security measures implement-ed for IPv4 should also be in place for IPv6 traffic.
After the networking hardware is upgraded or installed, software and firmware enabled and security tools for the new network configured, you are ready to go. Simply allow the IPv6 traffic to start flowing across the net- work and marvel at the ingenuity of the next-generation Internet!
First published in EFY magazine March 2012.