The push for IPv6: a CSIRO case study

Australia's national science agency, the CSIRO is blazing the IPv6 trail.
Written by Josh Taylor, Contributor

Australia's national science agency, the Commonwealth Scientific and Industrial Research Organisation (CSIRO), is blazing the Internet Protocol version 6 (IPv6) trail.


(Credit: World IPv6 Day)

The last of the 4.3 billion Internet Protocol version 4 (IPv4) addresses were doled out in February 2011, meaning that as the number of people and devices connected to the internet continues to grow, it will be vital for the world to shift to IPv6 to cope with demand.

Companies, governments and people everywhere are today marking World IPv6 Day, a day when ISPs, network vendors and internet companies like Google, Yahoo and Facebook intend to permanently enable IPv6 for their products and services.

John Gibbins, IT security operations team leader at the CSIRO, already has IPv6 permanently enabled on much of the organisation's infrastructure. Gibbins decided to get the CSIRO onto IPv6 back in November 2007, after attending an IPv6 summit.

"I hunted around and found no one [in the CSIRO] was actually working on it yet. I thought in a research environment like ours, it would be quite important," he said. "The government policy at the time was that you were supposed to start preparing for it and testing for it, but don't actually implement it."

The CSIRO has 6500 research staff in 57 sites across Australia and overseas, so the migration was no small task.

"We went ahead and deployed it in bits, and slowly expanded, finding out what things broke — with any operating system or any new network stack, there is going to be bugs in it."

Gibbins said that he started with a test environment with a test firewall outside the CSIRO network, and, after that went well, the test environment was brought inside of the production firewall to allow tests to be done within the real network.

"One of the first subnets I enabled was where my desktop was, just so I could connect to the outside world through the firewall and slowly add in [other desktops] and start convincing people we need this throughout the organisation," he said.

"The basic concept that I had was that I wanted to have it available on the network infrastructure first, on the assumption that someone is going to come along at a later stage and say they need it. I was expecting people to say they needed it before we pushed it out to people."

He said that it was vital that he get experience in deploying IPv6 before anyone even asked for it, otherwise, "that's when you're asking for trouble".

The transition went smoothly, according to Gibbins, but there were occasional software problems, such as programs with just 15-character fields for IP addresses that couldn't handle the 128-bit IPv6 addresses.

"We had one piece of software for allocating addresses for our visitor network, which recorded the IP address, and because it was writing to a database, every update was failing if the user was coming into IPv6. It just silently failed."

Gibbins opted not to use stateless address auto-configuration (SLAAC) for address configuration on the network, and instead opted for Dynamic Host Configuration Protocol (DHCP). While this works well for any Windows system on Vista or later versions and on Linux boxes, Gibbins said that there are problems with Apple products and Windows XP, which do not support DHCP for IPv6. Most of the organisation (around 90 per cent) was running Windows, and about half of that was already on Windows 7.

The CSIRO's internet connection is mainly provided by AARNet, which has converted to IPv6, so some things were already made easier. Gibbins was able to find the necessary routers and switches, but early on, there were problems with getting firewalls and load balancers that were IPv6 compatible.

Gibbins said that in general, the upgrade to IPv6 had been done on a shoestring budget, and had mainly been paid for through natural refreshes of existing hardware.

"We would have been spending most of this money anyway. We've been putting in some small firewalls, which has probably only cost us somewhere between $10,000 and $20,000. Load balancers tend to be more expensive, but we've got fewer of them," he said, adding that it is better to upgrade now than to wait.

"One of the bigger problems with IPv6 is that if you leave it to the last minute, and you suddenly have to replace all of your hardware to support IPv6, that's when it is going to cost you more. You're at a big advantage starting earlier. Ideally, you should have been starting this four years ago."

The Australian Government Information Management Office (AGIMO), which oversees government agency IT deployment, agrees with this sentiment — it moved early on IPv6, saying in 2008 that it wanted government agencies to have external-facing systems to be IPv6 capable by the end of 2012. Scott Wallace, AGIMO's acting first assistant secretary for policy and planning, said that the government is on track to meet that deadline. He said that one of the challenges agencies have encountered so far is that agency-refresh cycles do not align with the milestones set out to migrate to IPv6, but that AGIMO has worked around that.

"In order to avoid unnecessary investment and rework, AGIMO has worked with agencies to add flexibility to the plan where necessary," Wallace told ZDNet Australia.

Despite pushes from organisations like AGIMO and the CSIRO, Gibbins believes that legacy systems are still going to hinder adoption of IPv6.

"It's one of these things that will dribble away. We still have Windows 98 and NT4 boxes on our network. I think if we searched hard enough, we would find Windows 3.1 boxes that aren't on the network," he said. "We're going to keep running IPv4 for a long time. The key thing is, when you've got all of your main services up, and have people able to run all of their commodity stuff over IPv6, that is when I would consider [the process] to be complete."

Advice for IPv6 migration

Scott Wallace believes that companies and government agencies looking to migrate to IPv6 should:

  • Create a plan, breaking the transition process into achievable tasks and setting reasonable timeframes for the tasks to be completed

  • Implement a process whereby agencies measure and report their progress on achieving the tasks of the transition

  • Implement a training program specifically targeted at providing their network and other technical people with skills in IPv6

  • Aim for a result that has both IPv4 and IPv6 systems operating in a manner that is seamless to their clients.

Gibbins believes that people should be sure to communicate to their vendors that IPv6 is something that they want, and to be sure to "nag" people within the organisation to get on the IPv6 bandwagon.

"Basically, I've been nagging people for four and a half years, saying that every new thing we put in, we should be looking at IPv6. We've still had issues. We've had network-based storage, where the vendor is still not supporting IPv6, so we're essentially putting in file servers that are only accessible via IPv4," he said.

"The hard part is actually convincing the data-storage people that this is an important issue. If they have to go to a more expensive solution for IPv6, they're going to say that IPv6 is not important to them. I just nagged people. If you say it often enough, people believe you."

Editorial standards