FutureNet 2009 - IPv6 Coming Ready or Not
Transcript of FutureNet 2009 - IPv6 Coming Ready or Not
-
7/28/2019 FutureNet 2009 - IPv6 Coming Ready or Not
1/2
FutureNet 2009: IPv6 coming, ready or not
By BRAD REED, Network World, IDG
New York TimesMay 7, 2009
Although many businesses say they see no economic advantage to deploying IPv6 overtheir networks, several panelists at this year's FutureNet said that they soon may not have
a choice.
IPv6 is a next-generation Internet layer protocol that was designed by the Internet
Engineering Task Force (IETF) to solve the problem of IP address depletion under the
current Internet layer protocol, IPv4. John Curran, the chairman of the board of trustees at
the American Registry for Internet Numbers, said the Internet will run out of IPv4addresses if they continue to be used at their current pace. Needless to say, Curran thinks
this will cause some significant problems.
"On the day when we run out of addresses, none of you are going to notice it on that day,but it's the months that follow that turn out to be the problem," he said at this week's
FutureNet conference in Boston, MA. "Backbones not going to be able to add customersunless they find more address space... the pieces you deal with going to be smaller and
the routing table going to pay the price."
The trouble that IPv6 advocates have run into so far, however, is that individual
businesses right now don't see the logic in investing time and money in IPv6 deployment
during a recession where they have far more pressing and immediate needs. Or as Curran
put it at FutureNet, "People don't see what they need before they actually need it."
Joda Schaumberg, the director of unified collaboration services for Global Crossing, saidduring a FutureNet panel that whole his company has seen a "significant increase" inIPv6 ports and traffic growth, it has had trouble educating enterprise customers about
why IPv6 deployment is so important to their long-term health.
"I was in front of a CIO yesterday and I asked him whether deploying IPv6 was on his
short, medium or long-term list of priorities," he said. "But it wasn't even on his radar."
The security implications of IPv6
Scott Hogg, who is also the coauthor of the Cisco-approved IPv6 Security guidebook and
a regular contributor to Network World's Cisco Subnet blog, told FutureNet attendeesthat IPv6 could pose major security problems for their networks even if they hadn't yet
deployed the new Internet layer protocol. This is because operating systems such as Vista
and Linux are already IPv6 capable and thus any networks that use these operatingsystems might be handling IPv6 traffic without their operators' knowledge. Additionally,
one way that IPv6 addresses connect to each other over IPv4 networks is through
encapsulating IPv6 data in IPv4 packets and then "tunneling" through the older network.
-
7/28/2019 FutureNet 2009 - IPv6 Coming Ready or Not
2/2
Because the typical firewall is unable to unwrap these IPv4 capsules to inspect the traffic
inside, Hogg said that they could be a way for hackers to break into networks.
"The firewalls don't look closely enough at encapsulated packets because the typical
firewall today has nothing capable of opening up the capsule," he said. "Some vendors
are starting to work together on this problem but they aren't there yet."
Hogg also said that creating dual-stack transition networks that run both IPv4 and IPv6
can create vulnerabilities for networks because they can become vulnerable to attackswith either IPv4 or IPv6 traffic. He said that any enterprise building a dual-stack network
should make sure that it is secure before switching on any IPv6 capabilities. This means
securing the network perimeter first, hardening network devices and building the IPv6
network first from the core and then out to the edges.
"In a lot of ways it's very similar to what you do to secure an IPv4 network," he said.
"The migration strategy should be going from the core on out."
IPv6 only solves part of the problem
Even if every business and ISP were to successfully deploy IPv6 over their network
tomorrow, it still wouldn't solve certain fundamental problems with the scalability of
Internet routing. The IETF acknowledged these problems earlier this year when it formeda working group designed to address the scalability problems caused by multihoming, the
practice whereby customers look to increase the reliability of their Internet connection by
splitting their traffic over multiple carriers. Multihoming can become a problem because
it can increase the size of routing tables to such a point that it will overwhelm routerhardware.
Tom Nadeau, a senior network architect for BT, estimated that "we have 15 years to fixthe routing problem or we're going to need IPv12." Doug Junkins, the vice president of IP
Engineering for NTT America, said that while the problem with routing scalability is
very real, it is still vital to at least start deploying IPv6 now in order fix the moreimmediate addressing problem.
"IPv6 adoption is solving one part of the overall problem, but there's going to need to be
follow-up developments," he said. "My hope is that by deploying IPv6 we will help easethe transition to fixing the routing architecture in the future without having to fix the
address side of the equation again."