Enterprise IPv6 TransitionBy MartinLevy | Posted 2011-01-28 Email Print
An IPv4 corporate network is simply not enough. When your employees travel with mobile devices, they are likely to encounter wireless access points and 3G networks that assign only IPv6 addresses.
Let’s say that your corporate network has plenty of IP Version 4 addresses and uses lots of neat tricks, such as CIDR (Classless Inter-Domain Routing) and NAT (Network Address Translation) to extend address space. So why should your enterprise transition to IP Version 6 now? The answer lies in a wave of developments in both government and the private sector—both here and abroad.
In this age of mobility, having an IPv4 corporate network is simply not enough. When your employees travel with mobile devices, they are likely to encounter wireless access points and 3G networks that assign only IPv6 addresses. Indeed, AT&T, Verizon and others have announced that they will stop offering IPv4 addresses to smartphones around the end of 2011. So, even if your corporate network has plenty of IPv4 addresses, your employees may find themselves without connectivity unless there’s full IPv6 support for their mobile devices.
Global connectivity also necessitates a transition to IPv6. If a customer abroad with pure IPv6 connectivity wants to access a Website that has only a public-facing IPv4 address, no communication will take place because no practical v6 to v4 relay service is provided globally. If tunnels—or more likely a CGN (Carrier Grade NAT)—are in the path, throughput via the tunnel could be less than if your Web server were native IPv6.
Adopting IPv6 creates opportunities, too. Some software systems, such as Microsoft Direct Access in Windows 7, require IPv6. IPv6’s globally reachable address space is also more supportive of certain systems—such as peer-to-peer collaboration technologies—that do not behave well in the presence of NAT.
In addition, IPv6’s 128-bit addresses allow for more efficient route aggregation and simplified network configuration. Features such as Internet Protocol Security and multicast packet transmission are built into IPv6, and IPv6 networks can feature stateless autoconfiguration, which provisions addresses automatically.
These factors are converging to create a clear mandate: If your enterprise does not have an IPv6 transition plan yet, now is the time to act.
How to Begin the Transition
To begin the transition, your IT staff and system administrators should attend IPv6 training sessions, begin learning about your ISP’s IPv6 connectivity offerings, and replace hardware and software systems that do not support IPv6.
It is essential to train network personnel on the nuts and bolts of IPv6. Old habits die hard, and many technologists will be reluctant to go from an IP address such as “127.0.0.1” to an address such as “2001:470:0:76::2.” Plus, syntax that looks like “fe77::1%eth1” can take some getting used to. In addition, IPv4 devices usually have just one IP address per network interface, while IPv6 features multiple addresses per interface.
On the up side, the IPv6 addressing scheme has many advantages and corrects various legacy IPv4 addressing issues. And while IPv4 usually has just one default gateway, IPv6 promotes multiple default gateways that advertise themselves with Router Advertisement messages (ICMPv6-ND). IPv6 endpoints may also send Router Solicitation messages explicitly.
To simplify the transition to a public-facing Website (for example, www.example.com), consider offering two URLs: www.example.com and www.ipv6.example.com. The former would have an “A” Domain Name System (DNS) record and the latter would have an “AAAA” DNS record. (These two URLs can correspond to the same machine.)
Finally, don’t ignore the importance of updating the applications that run in the data center. Custom networking applications—often written by contractors long gone—are likely to be IPv4-centric. User interfaces with IP address fields that support only dotted-quad notation, log parsers and field validators must all be rewritten. Also, internal data structures must change to support the 128-bit IPv6 address. Network monitoring tools and intrusion-detection software also must be upgraded to support IPv6.
Because IPv4 address-space exhaustion is inevitable, the issue is not whether to transition to IPv6, but when. Content Delivery Networks (such as Limelight or Akamai) hope to become fully IPv6-compliant well before 2011 is over.
ARIN (American Registry for Internet Numbers) officials recommend that Website operators enable IPv6 by Jan. 1, 2012. All U.S. government public-facing servers are slated to be IPv6-compatible by September 2012, and internal federal systems must use IPv6 by 2014.
Remember: A carefully managed transition is better than one done in a panic. Failing that, remind your team that once your transition to IPv6 is complete, you’ll never have to worry about address exhaustion again: IPv6 provides each person on Earth with more IPv6 addresses than there are atoms in a ton of carbon. 3
Martin Levy is the director of IPv6 strategy at Hurricane Electric, an Internet backbone and colocation provider based in Fremont, Calif.