It's time to ask your network management vendor about IPv6

With Windows Vista using dual IPv4 and IPv6 stacks and small network management vendors adding IPv6 monitoring tools, analysts Forrester advise that now is the time to consider how - or if - you will manage the updated protocol.

It may be time to ask your network monitoring and management software vendors about their plans for IPv6 visibility.

IPv6 visibility is "moderately critical," said Phil Hochmuth, senior analyst for Yankee Group. "It's something that's on everyone's checklist … everyone is going to have to have in the future and everyone will have support for it eventually, whether they are network equipment makers or network management software makers. It's better to do it sooner rather than later."

Broad adoption of IPv6, the new version of Internet Protocol, is still a few years away, but experts have been urging enterprises to pave the way for a smooth migration now by having IPv6-ready infrastructure in place or by ensuring that the networking team has sufficient skills for rolling out and managing an IPv6 network. Network managers who can see IPv6 adoption on the horizon may want to ask their preferred network management and monitoring vendors what their plans are for IPv6.

"If a tool isn't designed to monitor IPv6 traffic, it won't see it," said Steve Schuchart, principal analyst with Current Analysis. "What you're basically asking is: 'Will my electric meter check the flow of my water?' It won't."

This week, Lancope, a network behavioral analysis vendor, updated its StealthWatch product to track IPv6 traffic. StealthWatch tracks Netflow and other flow data to establish baselines of network behavior and then alerts administrators about anomalous behavior or takes action on that behavior based on established network policies.

"I don't think it's going to really help any enterprises put out any fires … or relieve any major IPv6 pain points right now," Hochmuth said. "But it definitely shows Lancope has a pretty good long view of what's going to be needed down the road."

Schuchart said the tool will appeal immediately to organisations that are deploying IPv6 today. Most businesses will probably shrug off the announcement.

Although the initial demand for IPv6 capability isn't especially high, Lancope CTO Adam Powers said there is some need for it.

"It's surprising how many customers have IPv6 traffic running around that they might not be aware of," Powers said.

Microsoft's Vista operating system is a source of a lot of unanticipated IPv6 network traffic. Vista operates with a dual stack, running in both IPv6 and IPv4 simultaneously. While plenty of hardware and software have this capability, Vista is one of the first operating systems to have IPv6 enabled by default.

"You could have a lot of IPv6 traffic running around on your network as a result of Vista, or you could have resources in the Pacific Rim where IPv6 is popular," Powers said. "Or you might be a federal customer under mandate from higher up [to adopt Vista]."

A lack of IPv6 visibility can also muck up a company's compliance efforts, he said. PCI DSS, the credit card industry's data security standard, holds as a core requirement that companies have visibility and control over network traffic flows, something that unseen IPv6 traffic could undermine.

Schuchart said he doubted that Vista deployments are really posing an IPv6 problem for most enterprises. "If I'm going to do a Vista deployment on an enterprise scale, I'm going to turn off IPv6 in Vista," he said. "Because these kinds of implementations are generally pushed out by a single imaging software, you turn it off once, and you turn it off for everyone. I suppose it's possible there is some Vista IPv6 out there, but there's no route for it to take to the outside. You might have IPv6 traffic on a local segment, but there's nothing for it to talk to."

Many network equipment manufacturers are providing some basic tools now that give enterprises visibility into IPv6 networks, Schuchart said, but those tools are similar to the basic tools the vendors provide for IPv4 networks.

"This is why third-party monitoring and management tools exist," Schuchart said. "They provide greater reporting, greater monitoring and some specific features that companies are looking for. And they need that for IPv6, too. By getting into that early, when companies do go to IPv6, they'll be able to look at Lancope and say, 'Hey, these guys are old hands. We're good.' "

Kevin Conklin, vice president of marketing for Mazu Networks, a competitor to Lancope, said IPv6 capabilities are in his company's product roadmap for late next year.

"From our standpoint, in the enterprise market in the United States we have not seen any requirement for it," Conklin said. "From the government market we are being asked to put a stake in the ground for future direction. It's in our product calendar for late 2009."

Conklin said Mazu definitely needs to have IPv6 capabilities in the future, but broad adoption is still several years away. Bringing IPv6 to Mazu's products today would take up engineering resources that would be better used delivering other types of functionality to customers today, he said.

This story first appeared at

Read more on Data centre networking