Hackers Target IPv6

Momentum Building

Security threats aside, there is a growing business case for IPv6 that is getting harder to sweep under the rug. Banks and online brokerages already face the challenge of losing communication with international customers whose networks no longer support IPv4.

t-mobile
Companies like Telefonica and T-Mobile are embracing IPv6 in a big way, especially for their European bases. And the U.S. government, which has been steadily migrating to IPv6, is clamoring for providers and vendors to deliver more IPv6 products and services.

"You never want to be in a position where you can't interact with your customers," says Keith Stewart, director of Brocade Communications Systems Applications Delivery Products. Nevertheless, sharing the prevalent view among network vendors, Stewart sees a gradual migration to IPv6.

"A wholesale upgrade to IPv6 across the Internet is neither practical nor effective," Stewart says. "Customers need a balanced, practical approach." He notes that service providers, who consume addresses faster than anyone else, are first in line for IPv6 upgrades, followed by content hosts (Google and Facebook), and finally end-users, whose home routers are still 99% IPv4-based.

When Brocade needed to move to IPv6, it took existing load balancers and turned on IPv6 translation to public-facing services, preserving IPv4 connectivity on the internal network. "The public stack is the most important. Pick a smaller project where you can make a business case to communicate with IPv6 customers. When building out your next set of services, demand that it's dual-stack capable or translation-capable for older IPv4 architectures. This allows you to build a business-facing ROI as your teams gain competence with IPv6. Any transition should be designed to be seamless for the end user," Stewart says.

Juniper Networks reports that up to now the majority of its customers requesting IPv6 services are from the education and government sectors, specifically university research labs and governmental units seeking to comply with federal IPv6 mandates.

Juniper predicts increased IPv6 activity for 2012, especially among service providers. "IPv4 address exhaustion is becoming a significant problem for our customers around the world," says Alain Durand, director of software engineering, Platform and Systems Division CTO group. Even so, Durand expects that most IPv6 deployments will be smaller projects with IPv6 implemented as an "add-on" (dual-stack) to existing IPv4 public-facing services. "To deal with the growing shortage of IPv4 addresses, customers always have the option of adding another layer of NAT," Durand says.

While there is no way to predict with certainty exactly how long it will take until all IPv4 addresses are exhausted, the daily statistics compiled by Geoff Huston, chief scientist at APNIC, are frequently cited as a reliable source. Huston's model, which is based on public data sources derived from data published by the IANA and the Regional Internet Registries, predicts full depletion of all remaining unallocated IPv4 addresses by 2014.

However, it is important to note that Huston's model does not factor in addresses which may be held by private organizations for future use or sale. For example, it would not factor in the more than 600,000 IPv4 addresses recently acquired by Microsoft under its purchase of bankrupt Nortel's assets. While it may be safe to assume that sufficient IPv4 addresses will be available in the near term, many predict costs to rise as the supply dwindles.

Without established best practices for IPv6, many network managers have been reluctant to act. But with increasing security threats and concerns about losing communication with customers who are already migrating to IPv6-only systems, waiting for others go first and doing nothing in the meantime isn't the 'position-neutral' stance that it might seem.

The planning phase is a good time to establish or re-establish ties with a trusted network vendor who can provide architecture and security guidance, together with scalable solutions for a broad array of migration options.

Perschke is co-owner of two IT services firms specializing in web hosting, SaaS (cloud) application development and RDBMS modeling and integration. Susan also has executive responsibility for risk management and network security at her companies' data center. She can be reached at susan@arcseven.com.

Read more about lan and wan in Network World's LAN & WAN section.

Subscribe to the Business Brief Newsletter

Comments