Convergence: IPv6 migration - a necessary pain?

So many advantages, so much trouble - can you afford to ignore the basis for the next-generation net?

There are so many reasons why IPv6 is a good thing - from allocating sufficient IP addresses to allowing more elegant networking. But will it be a major strain for your IT department? Simon Marshall has been asking around… The proliferation of devices connected to the internet and the applications users want to run are beginning to squeeze the capabilities of Internet Protocol version 4 (IPv4) to its limit. A rapidly diminishing supply of unique IP addresses is driving the migration to IP version 6 (IPv6), and it’s a problem that may be another potential banana skin for network managers. That's because they will need to maintain support for both IPv4 and the nascent IPv6 – in other words, devices will need to be backwards and forwards compatible. It’s a situation many network managers will soon wish they were never in. IP telephony, 3G phones and peer-to-peer (P2P) networking are just three of the emerging technologies that are demanding more from IPv4 than any workaround can give. And it's not just instant messaging and next generation mobile and wireless applications that need their own addresses. Online games consoles, internet-enabled washing machines and in-car telematics and remote telemetry systems could also benefit from having an IP address. Luckily, and following nearly a decade of to-ing and fro-ing between industry invested interests, IPv6's core specifications have at least been agreed. According to French research firm Idate, in a report commissioned by the French telecoms regulator ART, IPv4 addresses could well have run out by the turn of the decade, bringing the whole net economy to a standstill. But while Version 6 offers some numerical benefits like 2128 more addresses and 220 different classes of service, it could easily push IT operational and capital expenditures to breaking point. Oddly enough, the current address shortage could be exacerbated by the lumpiness of address distribution. The whole of China has for instance been allocated just nine million global IP addresses – Stanford University alone has twice that and US government has an allotment of 168 million addresses. By the end of 2001, just 9 per cent of allocated IP addresses had been reserved for the whole of Asia. Yet communications is booming in these markets – Korea and broadband, China and mobiles, Japan both. “There is necessarily a shortage of addresses in some regions but that they are allocated in such a way that much of the available address space is wasted,” says Paul Meakin, global solutions manager for converged networks at Damovo. “There’s been mention of reallocating many unused large blocks but it has largely come to nothing.” This is why Asian equipment vendors like Hitachi and NEC and governments in Japan and Korea have been at the forefront of raising the IPv6 banner – it has extensive economic benefits for the region. Europe’s technology leaders like Alcatel, Ericsson and Nokia are also supportive of IPv6 because of the need for hundreds of millions of mobile IP addresses to support the hoped-for boom in mobile. On the one hand, a forced conversion is always more expensive than a planned one but migrating to IPv6 quickly is no simple matter for network managers. They are unlikely to see the benefits of taking a proactive approach for a number of years. Every device on the network - including firewalls, servers, workstations, laptops and IP phones - will need to be upgraded to support IPv6. Even where this can be done with a free patch or service pack, it will nonetheless be a colossal undertaking. While telecoms service providers are more accepting in having to upgrade all their IP hardware to IPv6, this process will probably bring few conceivable benefits to end user organisations. For corporates, Network Address Translation (NAT) and other IP add-on technologies are doing an adequate job in managing network traffic. It makes sense to vendors – who can sell more equipment – and to governments who see technology as an economic driver to begin the migration. But the case for an early move is much less clear for the enterprise user. Until now, NAT has resolved the issue of assigning private IP addresses behind a firewall to all connected devices, while only needing a single global address. The firewall/NAT function has also been useful for separating trusted and untrusted traffic. A patchwork solution, it has been largely responsible for a lack of corporate interest in IPv6. After all, if it works, why look at fixing it? “The migration from IPv4 to IPv6 is so painful that nobody is going to do it just because it's fashionable. If you want or need the P2P communications capabilities enabled by IPv6 you will do it. If not, you will not,” argues Antti Kankunnen, chief technology office for Tellabs International. “The worst part is that, most probably, network managers are going to be forced to maintain both capabilities.” The three key means of managing forward and backward compatibility – dual protocol stack, tunneling and translation – can cause a headache for network management in terms of operation costs, staff training and troubleshooting. “Enterprises are just not seeing it as a critical concern,” argues George Georgiou, of systems integrators Omnetica, formerly Siemens Business Systems. “And I don’t believe we should convince them otherwise. I think they’re right.” Even so, IPv6 may arrive in the enterprise by stealth. Most new firewalls and routers are dual stack, supporting both versions 4 and 6. Free upgrades to existing network equipment are also usually offered by vendors. From the client point of view, Service Pack 1 of Windows XP also has version 6 support although it’s not turned on by default. “Enterprises won’t deliberately upgrade PCs to support version 6 but they will continually upgrade their Windows OS and that will bring version 6 in,” explains Patrick Grossetete, IPv6 product manager EMEA for IP specialist Cisco Systems. One of the definite plus points of version 6 for network managers is auto-configuration. Currently, every time a company merges or changes ISP, a wholesale upgrade of IP addressing is generally needed. Auto configuration in IPv6 could make this much simpler while also making DHCP servers increasingly redundant. Its quality of service capabilities are also an improvement on deploying the current version of Diffserv on IPv4 because IPv6 contains new functions like bandwidth reservation and delay bounds. Inherent security both in the public and private realms bolsters IPv6's case. Although end-to-end security can be provided at an application level in IPv4, it offers little support for a standardised IP-level security function. IPv6, though, includes support for authentication, data integrity and confidentiality. “IPv6’s flexible header extension ensures that the packet is actually coming from the host indicated in its address source. This authentication is particularly important to safeguard against spoofers who configure a host to generate packets with forged source address,” explains Jerome Law at Vanco. Spoofing is now the most common form of denial of service attack. It's understandable why many are reluctant to be early adopters – they have a considerable amount of IPv4 investment they need to protect. The question they face is what will happen when an unstoppable force meets an immovable object? IP version 6 – key qualities: - improved addressing and routing - simplified header - packet level support for qualities and classes of service - improved security in terms of authentication, message integrity and - privacy - less administration due to improved auto-configuration and re-configuration, - improved support for mobility