IPv6 is coming, and we've reported in this series some of the issues network operators have to deal with in the near future. Two issues that require more than just checking boxes on a to-do list concern compliance and security. However, making sure the IPv6 network is as compliant and secure as the existing IPv4 network can be accomplished with the proper planning.
In the Part 1 of this three-part series on the IPv6 transition, Network Computing looked at how some enterprises need to pay more attention to IPv6 than others; Part 2 covered how to operate an IPv4 and an IPv6 network simultaneously in what experts call dual-stack mode. We wrap up the series today with a few tips on how to make sure the IPv6 network is as secure and well-managed as the one it is replacing.
The transition from IPv4 to IPv6 is required because the world is running out of IPv4 addresses due to the proliferation of Internet-connected devices. It started with computers and servers and expanded to virtual servers, home game consoles, appliances, myriad monitoring devices and, soon, automobiles. The mere 4 billion IP addresses under IPv4 will expand to "trillions and trillions" of potential addresses under the IPv6 standards, says Leslie Daigle, chief Internet technology officer for the Internet Society (ISOC), a global nonprofit organization promoting IPv6. Mark June 6 on the calendar for IPv6 Day 2012, a date on which several household name Web properties are expected to be IPv6-ready.
How individual sites and networks become compliant depends on how much IPv6 impacts them and how much planning they do. Security compliance may actually be relatively easy because it is so deeply embedded in IPv6, says Jon Oltsik, an analyst with Enterprise Strategies Group.
The IPSec standard is baked into IPv6 rather than bolted on, as it is with IPv4, he says. That can be reassuring, but there are still a few things to make sure to do before rolling out an IPv6 network.
"You really can't make that transition until your firewalls support IPv6 and your [intrusion detection and prevention] supports IPv6 and you've migrated all your access control list rules from IPv4-compliant devices to IPv6-compliant devices, so that's the big issue," says Oltsik.
Migrating compliance to an IPv6 environment requires a clear understanding of what kinds of application and user traffic are traversing the network, cautions Jim Frey, managing research director at Enterprise Management Associates.