7/28/2019 FutureNet 2009 - IPv6 Coming Ready or Not

1/2

FutureNet 2009: IPv6 coming, ready or not

By BRAD REED, Network World, IDG

New York TimesMay 7, 2009

Although many businesses say they see no economic advantage to deploying IPv6 overtheir networks, several panelists at this year's FutureNet said that they soon may not have

a choice.

IPv6 is a next-generation Internet layer protocol that was designed by the Internet

Engineering Task Force (IETF) to solve the problem of IP address depletion under the

current Internet layer protocol, IPv4. John Curran, the chairman of the board of trustees at

the American Registry for Internet Numbers, said the Internet will run out of IPv4addresses if they continue to be used at their current pace. Needless to say, Curran thinks

this will cause some significant problems.

"On the day when we run out of addresses, none of you are going to notice it on that day,but it's the months that follow that turn out to be the problem," he said at this week's

FutureNet conference in Boston, MA. "Backbones not going to be able to add customersunless they find more address space... the pieces you deal with going to be smaller and

the routing table going to pay the price."

The trouble that IPv6 advocates have run into so far, however, is that individual

businesses right now don't see the logic in investing time and money in IPv6 deployment

during a recession where they have far more pressing and immediate needs. Or as Curran

put it at FutureNet, "People don't see what they need before they actually need it."

Joda Schaumberg, the director of unified collaboration services for Global Crossing, saidduring a FutureNet panel that whole his company has seen a "significant increase" inIPv6 ports and traffic growth, it has had trouble educating enterprise customers about

why IPv6 deployment is so important to their long-term health.

"I was in front of a CIO yesterday and I asked him whether deploying IPv6 was on his

short, medium or long-term list of priorities," he said. "But it wasn't even on his radar."

The security implications of IPv6

Scott Hogg, who is also the coauthor of the Cisco-approved IPv6 Security guidebook and

a regular contributor to Network World's Cisco Subnet blog, told FutureNet attendeesthat IPv6 could pose major security problems for their networks even if they hadn't yet

deployed the new Internet layer protocol. This is because operating systems such as Vista

and Linux are already IPv6 capable and thus any networks that use these operatingsystems might be handling IPv6 traffic without their operators' knowledge. Additionally,

one way that IPv6 addresses connect to each other over IPv4 networks is through

encapsulating IPv6 data in IPv4 packets and then "tunneling" through the older network.

7/28/2019 FutureNet 2009 - IPv6 Coming Ready or Not

2/2

Because the typical firewall is unable to unwrap these IPv4 capsules to inspect the traffic

inside, Hogg said that they could be a way for hackers to break into networks.

"The firewalls don't look closely enough at encapsulated packets because the typical

firewall today has nothing capable of opening up the capsule," he said. "Some vendors

are starting to work together on this problem but they aren't there yet."

Hogg also said that creating dual-stack transition networks that run both IPv4 and IPv6

can create vulnerabilities for networks because they can become vulnerable to attackswith either IPv4 or IPv6 traffic. He said that any enterprise building a dual-stack network

should make sure that it is secure before switching on any IPv6 capabilities. This means

securing the network perimeter first, hardening network devices and building the IPv6

network first from the core and then out to the edges.

"In a lot of ways it's very similar to what you do to secure an IPv4 network," he said.

"The migration strategy should be going from the core on out."

IPv6 only solves part of the problem

Even if every business and ISP were to successfully deploy IPv6 over their network

tomorrow, it still wouldn't solve certain fundamental problems with the scalability of

Internet routing. The IETF acknowledged these problems earlier this year when it formeda working group designed to address the scalability problems caused by multihoming, the

practice whereby customers look to increase the reliability of their Internet connection by

splitting their traffic over multiple carriers. Multihoming can become a problem because

it can increase the size of routing tables to such a point that it will overwhelm routerhardware.

Tom Nadeau, a senior network architect for BT, estimated that "we have 15 years to fixthe routing problem or we're going to need IPv12." Doug Junkins, the vice president of IP

Engineering for NTT America, said that while the problem with routing scalability is

very real, it is still vital to at least start deploying IPv6 now in order fix the moreimmediate addressing problem.

"IPv6 adoption is solving one part of the overall problem, but there's going to need to be

follow-up developments," he said. "My hope is that by deploying IPv6 we will help easethe transition to fixing the routing architecture in the future without having to fix the

address side of the equation again."