IPv6: Not A Simple Renumbering
April 16, 2010
A decade ago, organizations went through a massive overhaul of their IT infrastructure in an effort to prevent the massive outages anticipated with Y2K. Now they need to decide whether a similar investment will be needed again. Publicly routable IPv4 address allocations are going to reach exhaustion in the next two years, if the projections from the Number Resource Organization (NRO) are to be believed. Soon after that, finding IPv4 addressing won't be easy. Carriers have been gradually preparing themselves for the migration to IPv6. Many are closely looking at installing NATing technology to extend the life of IPv4. Meanwhile the Federal Acquisition Regulation (FAR) will change as of July 1 requiring all hardware and software purchased by US agencies to be IPv6 compatible.
But the enterprise is another matter. Adoption of IPv6 early on by enterprises will ensure an easier transition to the new addressing scheme, argue proponents. The fact remains, however, that moving to IPv6 too early will create significant problems for enterprises. Yet organizations have other priorities. "IPv6 is tomorrow's protocol," says one CIO who asked not be named. The client wants to go there, but the stark reality is that it would bring more chaos to an already chaotic place. It's not just making sure that the requisite IP stacks are loaded on the necessary equipment.
The change to IPv6 requires a fundamental assessment of core services and a revaluation of security of the network. "You need to look at testing more than just the IPv6 stack itself as IP addressing will be embedded within networking services running over that equipment," says Dave Kresse, CEO of Mu Dynamics, a provider of IPv6 testing equipment and services. Protocols such as SIP, SMTP, RTFP and, of course, HTTP all embed IP addressing within them. Organizations need to be sure that these and others will continue to work over their new protocol suite despite the change.
What's more, security will be a huge concern for organizations deploying IPv6. Years of testing have gone into insuring the security of IPv4. Organizations now need to deal with how to ensure that known exploits over IPv4 do not succeed when passed over IPv6. Similarly, tunneling schemes that include exploits in IPv6 tunneled over IPv4 will likely traverse firewalls that would otherwise have been caught over native IPv4.
At the same time, organizations can't assume that their network application will continue to run as expected. Take SIP, for example. Soft phones compatible with IPv6 are available from vendors such as Counterpath, but handsets, for example, are another matter, says Timothy Winters, a senior manager over at the University of New Hampshire InterOperabilty Laboratory (UNH-IOL), one of two organizations currently accredited by the National Institute of Standards and Technology (NIST), to perform the U.S. Government IPv6 (USGv6) compliance testing.