The switch to IPv6 – on 6 June – shows just how imminent the transition from IPv4 to IPv6 is.
The 32-bit IPv4 address space can support 4.3 billion addresses and IPv4 addresses are running out. In other words, there are no new ones to buy, which is why the advent of IPv6 is so pressing. But businesses seem blissfully unaware of the issues involved in migrating from IPv4 to IPv6.
As the world moves to intelligent, networked devices, every connected device will need an IP address. Every person will have three or more devices; smart meters, cars, medical equipment, fridges and even toasters may have an IP address on the internet. The IP address is a global telephone number, allowing one computer to dial another, but as the demand for addresses grows, so the number of addresses available using IPv4 diminishes. Exacerbating the shortage are developing nations coming online and accelerating the depletion of the IPv4 address space.
So by June there will be no IPv4 addresses left to purchase in the UK. Companies have been buying up blocks of IPv4 addresses to support new internet-facing applications, but the clock is ticking. And eventually, organisations will need to migrate from IPv4 to IPv6, the next version of the internet protocol, which has a 128-bit address space.
IPv4 to IPv6 best practices
There is a great deal to take in, so here are a few steps IT managers and project teams from across all organisations, whether private or public sector, should consider before making the switch. These will not only help to minimise the pain and cost, but will also make sure your business performs as successfully – if not more so – on IPv6 as it currently does on IPv4.
- Think about security. When you make the transition, you will have to reconfigure your firewall. This is of utmost importance. After all, if you leave your firewall open, you are susceptible to a breach. As IPv6 has been designed with improved communication in mind, all devices – whether an iPhone, tablet, laptop or PC - could have access to data that shouldn’t be leaving the office building. Risks could also be introduced at the protocol level, so the compatibility of the entire network infrastructure, plus software and patching, must be up to date.
- Make sure the whole world can communicate with you via e-mail. Does your messaging platform support IPv6? The way your company has e-mail set up will have an effect on its approach to the transition. The compatibility for those who host their e-mail on site will depend on the provider they use. For example, Microsoft Exchange 2007 and 2010 both have good IPv6 support when run on Windows Server 2008, while Zimbra does not yet officially support the new protocol. If in doubt, ask your provider. Meanwhile, if your company has a hosted e-mail platform, then making your e-mail visible over IPv6 is a responsibility that lies with your service provider. As with websites and internet service providers (ISPs), if they are not looking to provision IPv6 in the near future you may need to look into working with providers who are.
- Investigate whether or not your current network provider offers IPv6 capabilities. The reason for this is twofold. Firstly, it will help them to realise there is a demand for IPv6 that needs to be met; and secondly, it will help you decide whether or not you should be looking to work with a more capable network provider who can give you the consultancy and support needed to successfully make the transition. Consider outsourcing the hosting of your website and key applications to a specialist who can make it available over IPv6, rather than IPv4. If you don’t already outsource your website, then outsourcing to a specialist might be an option to make the transition smoother. However, should you wish to keep your hosting on site, you will need to configure your web server to serve IPv6 traffic as well as IPv4.
Source: Nigel Titley, the chairman of 6:UK and Easynet’s Transit and Peering Manager
Lack of awareness
According to Nigel Titley, Easynet transit and peering manager and chairman of 6::UK, the British Computer Society (BCS) has said most organisations are “blissfully unaware” of the implications of the change to IPv6 and the steps they need to take to make sure their businesses are still visible to the outside world over the new protocol.
He says the switch to IPv6 is a long procedure that will affect the fundamental parts of most organisations’ processes, including applications for e-mail, payroll and supply chain management. A number of elements need to be considered – including reconfiguring the entire network infrastructure right from the start of the deployment. There are a number of differences between IPv4 and IPv6 that need to be considered and a simple switch over just won’t work.
Titley warns CIOs need to address a whole host of things that are generally taken for granted in existing IPv4 environments, but will fail to work once IPv6 is in place. “This is particularly important for user network access policies and firewalls, which both need to be reconfigured in advance,” he says.
As Computer Weekly's sister site, searchnetworking.co.uk has reported, organisations should survey equipment suppliers and network service providers to understand their IPv6 plans and capabilities. Create a report listing all of your current network infrastructure and their associated capabilities to support IPv6.
Businesses also need to find out how their WAN and internet service providers will support IPv6.
For instance, in a Gartner report published in July 2011, analysts Lawrence Orans and Greg Young note: “Security professionals will find that IPv6-based solutions for building and monitoring DMZs lag behind the capabilities provided in IPv4 offerings.”
According to Orans and Young, many security vendors have made only limited investments in IPv6 functionality because of a lack of demand from commercial enterprises. Some operational and monitoring solutions presently have no IPv6 support. As a result, the analysts warn that through 2014, the ability to protect and monitor IPv6-enabled DMZs will lag behind IPv4-based DMZs, due to uneven IPv6 support in firewalls, IPSs and operational tools - such as security information and event management that monitor these devices.
Secure hosting specialist The Bunker has tested its services for |Pv6. The Bunker runs a core network with two datacentres, one in Kent, one in Newbury and network POPs in Telehouse running on Brocade over a 10Gbps layer 4/6 network. The company began its IPv6 project two years ago.
“We don't like to be bleeding edge, but ready when the market is ready,” says Paul Lightfoot, managed services director, expanding on the company’s readiness for IPv6. Lightfoot says customers want The Bunker to be IPv6-ready. “We bought some IPv6 transit bandwidth. We knows it works.”
Testing is analogous to Y2K during the millennium transition: “Everyone was worried about Y2K.” With IPv6, he says: “You still have to test your applications, especially legacy applications, which may use hard-coded for IPv6.” In Lightfoot’s experience, equipment built in three to five years should be fit to support IPv6 traffic. “A six-year-old server will probably need new network cards.”
Running a dual stack
Mark Hemsley, head of core networks at The Bunker, says that, in the last two years, as businesses have begun requesting IPv6 support, there has been growing pressure on network suppliers to improve the IPv6 code in network equipment needed to run IPv6 services. The Bunker uses a Brocade MLX platform, which Hemsley says has had IPv6 code from the outset and is reasonably mature.
He says switching from IPv4 to IPv6 is not really feasible as IPv6 services are quite limited. “If you offer an IPv6-only service, you have very limited access because most end users use IPv4. So unless their ISPs are running dual IPv4 and IPv6 stacks or using 6 to 4 tunneling, end users will not be able to access an IPv6-only website.”
So a company will need an IPv4 and an IPv6 website. The IPv6 site will usually have a different domain. Hemsley says the DNS record for the website will also need to be enabled for IPv6. A physical server can have both a IPv6 URL and an IPv4 URL.
Titley from 6:UK says all companies need to make the switch, whether they operate in the technology space or not. For this reason, all CEOs will have received a letter about the change. The network will affect everyone across the company, and, although the move is likely to be seamless, letting them know what’s going on will get them to be more patient in light of any small issues.
According to Titley UK government has seen the importance of a well thought-out changeover and will be making sure that everyone plays their part to make sure that the move is flawless. After all, the internet will inevitably expand and businesses can help it grow by moving with the times. As long as they fully consider all aspects of the switch, they can successfully move over and safely stay fully communicative.
This was first published in February 2012