IPv6 migration has been on the horizon since at least 2003, but according to many experts, the time is now here to begin making the transition from IPv4, if you haven't already. The federal government has set a self-imposed deadline of 2008 for its agencies to migrate to IPv6, causing many enterprises to wonder whether they need to follow suit. In this crash course, you'll find answers to your top IPv6 questions, including what IPv6 is, how it differs from IPv4, and how to begin making the transition.
In this guide:
- What is IPv6?
- How is IPv6 different from IPv4?
- Are we really running out of IPv4 addresses?
- How do I make the transition?
- How will IPv6 affect application management?
IPv6 (Internet Protocol Version 6) is the latest level of the Internet Protocol (IP), now included as part of IP support in many products including the major computer operating systems. Formally, IPv6 is a set of specifications from the Internet Engineering Task Force (IETF). IPv6 was designed as an evolutionary set of improvements to the current IPv4. Network hosts and intermediate nodes with either IPv4 or IPv6 can handle packets formatted for either level of the Internet Protocol. Users and service providers can update to IPv6 independently without having to coordinate with each other.
The most obvious improvement in IPv6 over IPv4 is that IP addresses are lengthened from 32 bits to 128 bits. This extension anticipates considerable future growth of the Internet and provides relief for what was perceived as an impending shortage of network addresses.
IPv6 describes rules for three types of addressing: unicast (one host to one other host), anycast (one host to the nearest of multiple hosts), and multicast (one host to multiple hosts). Additional advantages of IPv6 are:
- Options are specified in an extension to the header that is examined only at the destination, thus speeding up overall network performance.
- The introduction of an "anycast" address provides the possibility of sending a message to the nearest of several possible gateway hosts with the idea that any one of them can manage the forwarding of the packet to others. Anycast messages can be used to update routing tables along the line.
- Packets can be identified as belonging to a particular "flow" so that packets that are part of a multimedia presentation that needs to arrive in "real time" can be provided a higher quality-of-service relative to other customers.
- The IPv6 header now includes extensions that allow a packet to specify a mechanism for authenticating its origin, for ensuring data integrity, and for ensuring privacy.
Recently, the American Registry for Internet Numbers (ARIN) announced that v4 addresses would be history by 2012. Loki Jorgenson, chief scientist with Apparent Networks, said ARIN recently changed its position from being neutral on IPv6 to actively encouraging it.
Jorgenson agreed with ARIN's estimation and said it could be just under five years before IPv4 addresses run out completely, but that projection is modest and made on the assumption that there won't be an IPv4 usage increase in the meantime. The five-year prediction is based on current usage rates, where ARIN doles out a certain number of IPv4 addresses per year. A usage increase could deplete the pool of addresses much sooner than anticipated.
"It's a very gray, slushy kind of boundary where [we don't know] how much time that buys us," Jorgenson said, again stressing that it could be some time in 2010 or 2011 when the pool of IPv4 addresses runs dry. Adding to that confusion, he said, is the possibility that companies and agencies that have hoarded an excess of IPv4 addresses could sell them off as the supply dwindles, creating a short reprieve from total depletion.
In a recent presentation at the Burton Group Catalyst Conference, John Curran, chairman of ARIN's board of trustees, said that 68% of v4 address space was allocated as of June. Of the remaining 32%, only 19% is openly available, while 13% is unavailable.
Curran said the dwindling address pool changes past estimations of address depletion. Several years ago, it was estimated that addresses would be gone by 2020 or 2025. About two years ago, that estimation changed to 2017. Now (as Jorgenson mentioned), 2012 seems more likely, Curran said during his presentation.
Migrating from an existing IPv4 network to an IPv6 network need not be done in one big step, thanks to new technology that provides gateway services between each, such as the BIG-IP IPv6 gateway from F5 Networks. BIG-IP provides a full proxy for traffic between IPv4 and IPv6, allowing all traffic to be translated for consumption by either IPv4 or IPv6 end points. This allows organisations to stage their migration gradually as demand for IPv6 increases.
Loki Jorgenson said that as v6 devices become available, companies should look into running a dual-stack model: networks that run both on v4 and v6, similar to a half-duplex/full-duplex deployment.
Silvia Hagen agreed that many companies will choose a dual-stack model, which will ease the transition, but that will create an additional workload going forward because v4 and v6 will require two separate security concepts and two routing protocols.
On the vendor side, many major networking companies are designing and producing IPv6-compatible products. Hexago, for example, has been working with IPv6 for roughly 10 years, according to Bruce Sinclair, the vendor's CEO. Since Hexago released its Gateway6 product three years ago, it has been helping companies migrate from v4 to v6.
Sinclair said there are several ways to make the transition. The first is to go dual-stack with both v4 and v6 in production as two separate networks. Second, companies can take the tunnelling approach, where traffic essentially jumps over the nodes that haven't been converted. Last is translation, which is using a product on an edge or device basis to make v4 and v6 compatible.
Hexago makes the Gateway6, a product that buys time and saves money as companies transition from v4 to v6. Gateway6 provides IPv6 connectivity over IPv4 wireline or wireless networks. IPv6 applications and services can be deployed over existing networks without forklift infrastructure upgrades. The appliance uses standards-based tunnelling to provide access from a backbone to the edge of the network.
Overall, Jorgenson recommends that companies start planning now to have IPv6 ready in a two- to five-year timeframe. If a company is v6 capable now, it should start experimenting to get its feet wet, then devise a fuller implementation plan and schedule.
With IPv6, there are significant changes that improve network device management. First, the increase in IP addressing from 32 to 128 bits is accompanied by an increase in the structure and allocation of addresses. The IPv6 address is comprised of a global routing prefix, a subnet ID, and an Interface ID (the portion local to a link within a LAN). The global unique portion of the address space is distributed hierarchically according to the network infrastructure topology through IANA. This allows the global routing table for IPv6 to be small, avoiding some scaling issues common with BGP routing today.
Second, there are enough addresses in IPv6 to give perhaps every square inch on the planet Earth a unique IP address. While this enables virtually any device you can imagine to be on the Internet, autoconfiguration uses DHCPv6, a simple upgrade to the current DHCP protocol, and doesn't reflect much of a difference from a security perspective. On the other hand, keep an eye on stateless autoconfiguration. This technique allows systems to generate their own IP addresses and checks for address duplication. This decentralised approach may be easier from a system administration perspective, but it raises challenges for those of us charged with tracking the use (and abuse!) of network resources.