Getting Ready For IPv6

By Guy Snyder  |  Posted 2011-06-14

Your network has operated with an underlying technology called IPv4 (Internet Protocol Version 4) for as long as you can remember. Now the time has come to transition to the next generation of IP, known as IPv6.

It works similarly to IPv4, but the two are not compatible. Experts say you can make IPv4 and IPv6 work together with no issues, but you need to take the necessary steps now to ensure a successful transition.

Everyone in an organization should be involved in the transition to IPv6, including security, hardware, systems personnel, operations, help desk, end users and sometimes even customers. Getting everyone on board will make the transition go much more smoothly.

To help you get started, there are some general pointers you should follow. The first step is to develop a strategy.

Ask your IT vendor or vendors to help you with this step. They have experience in this area and can save you a lot of time and effort.

The process is not that hard if you do the proper planning. It also does not have to cost your organization a significant amount of money. 

Before you begin the step-by step process of a transition, here are some considerations that are essential: 

•    Do not wait until it is a crisis to start your process—start now.
•    Roll out IPv6 gradually and in phases.
•    Dual stack works well as a transition mechanism.
•    Make sure your vendors offer full IPv6 support, indicated by a “USGv6-tested” or “IPv6-Ready” logo.
•    Training is key—and not just for your technical employees.
•    Do not use Network Address Translation (NAT) if it can be avoided.
•    Enable IPv6 for public-facing services first.
•    Plan security from the beginning. It should never be an afterthought.

Now that you have some basic dos and don’ts about an IPv6 transition, here is a guide for what a typical transition process might look like. Keep in mind that your transition process may differ because of the size of your operation, the global nature of your business, your distributed IT infrastructure, or other business or technology reasons.

1. Identify business objectives.

2. Identify transition priorities.

3. Plan out transition activities.

4. Formulate transition milestones.

5. Determine transition criteria for legacy, upgraded and new capabilities.

6. Develop a process for handling situations in which an asset is not transitioned in the prescribed time frame.

7. Identify the network infrastructure.

8. Define an addressing plan and request the addresses. Typically, this would be a /48 size prefix that you would acquire from your ISP.

9. Identify the information security plan: IPv6 is often enabled by default; consider end-to-end security (host to host) if required.

10. Decide on a transition mechanism. Options include dual stack (typical), tunneling and translation.

11. Develop a network testing strategy, where you should:
•    deploy an IPv6-capable router with limited access control lists (ACLs) applied;
•    establish connectivity to your ISP;
•    set up an internal link with host(s);
•    enable IPv6 on the host systems; and
•    add Domain Name System (DNS) entries.

12. Handle miscellaneous transition items, including:
•    documenting IPv6 policies (e.g., address-assignment methods);
•    measuring performance;
•    reporting; and
•    network monitoring.

13. Perform an application migration, including survey applications for IPv6 capabilities.

14. Establish training needs.

15. Lay out the cost of transition.

16. Roll out production.

17. Enable IPv6 on the wire first.

18. Enable services second.

The key to a major transition like this is to make sure to do the proper planning up front. Check with others who have been through a similar transition. And your ISP is always a good source of information and assistance.

Test everything in a nonproduction environment first, if possible, to avoid downtime. Remember to plan for mistakes with backup plans. Make your job easier by starting now and using a phased approach. Following these steps will help you make a successful transition to IPv6.

Guy Snyder is the secure communications program manager for ICSA Labs, an independent division of Verizon Business that offers third-party testing and certification of security products and network-connected devices, such as printers and faxes. He is helping organizations transition to IPv6.