This is the time for change. We need to change the way millions of network engineers work with their networks. We need to change the way millions of developers design their applications. We need to change the way millions of companies purchase equipment and services. And we need to change without disrupting the current service on the corporate LAN, in the home and across the Internet. That’s a huge task. Of course, this will not be either quick or simple. While IPv6 gets more and more traction, there’s still resistance out there. Let’s look at IPv6 in the news flow and see what we learn from it.
IPv6 is international and growing
Googling for IPv6 or IPv6 news generates a lot of links. From the first page you see something different. A lot of the links are in Asian script. Why is this happening? The Internet was created in the USA. In the start, the 32 bit address space was a universe with no limits. Addresses was plenty and huge address blocks was allocated for US entities. When Asia connected to the Internet, we where already aware that the 32 bit IPv4 address space would run out, that it wasn’t enough. This means that there are huge differences in numbers of addresses per capita around the world. Asia needs IPv6 in order to deliver the same service as a normal Internet customer gets in the US. And they use the Internet to share their experience. Google sees that and serves me links in many languages.
Trying to understand the size of the current Internet is almost impossible. Trying to understand the growth rate is even more impossible. Look at the number of devices we’re adding. The growth of mobile, home and business connections in new countries in the Internet community. You don’t have to google for more than a few minutes on “Internet Growth” to understand that you need to change your perspective on things. IPv6 is the only way, and many are already implementing it. Mark Ward at BBC news recently published an article based on RIPE NCC’s IPv6 usage report. Norway is leading the IPv6 implementation race, Sweden is #5 after the Netherlands, Malaysia and Japan. Try to find USA on the top 20 list…
“There was more use of IPv6 in Asian nations, he said, because there were no more IPv4 addresses available to allocate to that region. To continue expanding and adding new customers, web firms in Asia had to adopt IPv6.”
Even with multiple layers of IPv4 NAT, with this growth there’s no way we can keep the Internet together unless we get more addresses. IPv6 is the only solution, regardless if we implement NAT or not.
IPv6 – so small so you can ignore it
Trevor Pott recently published an article on The Register named “Finally, it’s the year of Linux on the desktop IPv6! Are you following protocol?“. This article is focusing on the World IPv6 Launch and claims that no one will care, nothing will happen and seems to indicate that since no one else cares, why should you?
“Despite the trebling hype amongst the networking nerd community, World IPv6 Launch Day is set to be yet another day when the internet at large yawns, hits the snooze button and rolls over to go back to sleep. While IPv6 is unquestionably the inescapable future, the world at large isn’t in a particular hurry to get there.”
“For the vast majority of us, World IPv6 Launch Day is set to be another damp squib. Maybe next year…”
Now, I’m looking for quotes that irritate me, of course. He also states a few important things: Vendors are not delivering, so transition to IPv6 is a pain for companies. Your local ISP has not added IPv6, so even if you want to, you can not easily add native IPv6 to your network. We need to learn from that and raise the pressure on vendors of products and services. This is not something you can ignore and let someone else do. You have the money to spend, you are in control. Use that to add pressure.
IPv6 – big enough for attackers to care
As the user base grows the security interested people follow, on both sides. Apple has got into the limelight lately, as their platforms has reached a large user base and gets some attention. IPv6, while still a small amount of Internet traffic, it has a large amount of devices around that are IPv6-enabled, much thanks to Microsoft that has IPv6 everywhere and even claims that Windows does not work as expected without IPv6.
Axel Pawlik, managing director of RIPE NCC, has recently published a comment on the ZDnet UK site discussing this.
“Most security incidents are caused by human error, either as the result of a programming error or through misconfiguration. In this sense, IPv6 is no different to IPv4. The real concern is the lack of experience and training for those IT professionals dealing with IPv6, which makes these mistakes more likely.”
“There is very little difference in the way you secure IPv6 compared with IPv4, because the environment in which both protocols sit is the same. Mitigation against these issues comes down to training and testing.
However, the impact of human error is unavoidable, and many of the real-world IPv6 lessons will come from trial and error. To lessen the impact, it is key for the technical community to document and share best practices and experiences to limit any widespread security issues from arising.”
The lesson to learn from Axel is that we need to lab, learn and test IPv6 early, regardless if you are a network user, manager or application developer. Don’t forget that you can start with an IPv6 tunnel - you don’t have to wait for your provider to deliver IPv6. Axel points out that RIPE has a very informative web site at www.ipv6actnow.org – which is a good starting point!
Transition to IPv6 in the cloud – watch out for bumps in the road
Lori MacVittie at F5 Networks have published an article on ZDnet UK discussing what the migration to IPv6 means for Cloud and Infrastructure as a service providers.
“As we’ve never attempted such a large transition before with the internet on its present scale, we must be prepared to cut everyone a bit of slack. It is no trivial task that the internet as a whole is undertaking. If we understand the complexity of the task before us, we should be able to cope with the inevitable bumps in the road.”
This is important. We need to start soon and share the experiences of the mistakes – and the solutions. Happy Eyeballs was one bump on the road that the community handled, fixed and now it’s time to move on to the next bump. It sounds like a kamikaze strategy, but it’s the only way forward. As Lori says, we haven’t got a test network the size of the Internet and with the same level of complexity. We need to start the migration and learn by practice in smaller scale than the whole Internet, but larger than the internal test beds.
Executive summary: Invest in IPv6 knowledge today.
We need to lab, learn, test and start the migration to IPv6 now by implementing dual stack services. When purchasing new products and services, make sure you put as much pressure as possible on vendors to support IPv6. If there is no other way than to buy IPv4-only today, make sure you let them know that this is not going to be acceptable next time around. They need user feedback with money attached to change. You have the money, they want it. Simple math says that they will listen if enough companies with money say the same thing.
That’s all for today. Follow the links and learn more. Set up your lab and start some internal training. Just do it.