Even though the transition started roughly ten years ago, there is still much confusion as to the intricacies of the migration from IPv4 to IPv6. IPv4 is version 4 of the Internet Protocol that we have been using since the early 80’s, using a 32-bit address such as 18.104.22.168. Currently, there are less than 10% of these IP addresses left in the global pool of unallocated IPv4 addresses. IPv6 is version 6 of the Internet Protocol, using a 128-bit address such as 3412:2003:3545:30de:680a:9876:32cd:302d. IPv6 addresses are normally written with hexadecimal digits and colon separators. The IPv6 address database possesses the capability of hosting 340,282,366,920,938,463,463,374,607,431,768,211,456 addresses. To put this into perspective, there are as many IPv6 addresses as there are grains of sand on the earth!
The IPv6 conversion will also completely eliminate the need for IP masquerading in the form of Network Address Translation (NAT). Since so many IP addresses will be in circulation, there will no longer be any pressure on the IP address space. If there is no pressure on the IP address space, then there is no reason to translate the private addresses to the public addresses and back again which means there is no longer a necessity for NAT.
One of the greatest challenges organizations have to contend with is handling large and unwieldy IPv6 addresses. Two familiar mechanisms have been adjusted to assist with addressing the challenges of working with exceptionally large IPv6 addresses. With IPv6, DHCP has been largely modified with a stateless auto-configuration mechanism where routers send out “router advertisements” that contain the upper 64 bits (network portion) of an IPv6 address and hosts generate the lower 64 bits themselves, mostly by using their ethernet physical or MAC address, in order to form a complete address. Therefore, the IPv6 network has been identified and new devices can be added quite easily without the need to “reserve” IP addresses as we do with the current IPv4 process.
The second modification deals with modern Domain Name System. DNS software is capable of sending and receiving packets larger than 512 bytes. If a DNS server doesn’t indicate this capability in its request, the root server will fit as much as possible within the 512-byte packet and mark it as “truncated,” which is the indication that the request should retry over TCP rather than the usual UDP. Older DNS software shouldn’t have any problems either, as long as the firewall doesn’t block DNS packets larger than 512 bytes or DNS requests over TCP.
The global Internet utilization trend is moving towards mobile media and applications. The greatest demand for IPv6 is being driven by mobile smart phones. Today, it is not uncommon for mobile phones to support multiple multimedia applications such as YouTube or even live television. However, even with recent advances, the U.S. Market lags in not just mobile media but mobile applications behind Asian Pacific and European regions. The compelling advantage in the Asian Pacific region is the proliferation of IPv6 where mobile devices have Internet addressable IP addresses. This empowers each device to not only initiate new outbound connections but also to have new inbound connections initiated to it. Media companies working with mobile providers can deliver content directly to IPv6 enabled applications, rather than waiting for the device to connect and request information.
However, this goes far beyond mobile applications and allows any device to be IPv6 enabled and Internet connected. We are starting to see IP enabled televisions, DVRs, DVD players and other media devices, but with the drive for home automation we will start to see refrigerators, washing machines, along with other appliances, not to mention other systems such as HVAC, lighting and surveillance systems. We are also starting to see IP based car systems, where your mobile phone can control a variety of automobile functions. Some vehicles are even coming with WiFi systems. Realistically, just about anything else that you plug into an outlet can be Internet enabled and acquire a unique IP address.
Japan began implementing their Internet Protocol switch in the late 90’s, years before the transition was even considered mandatory. The Japanese prime minister used his executive power to boost the migration by offering tax breaks to companies that switched to IPv6. Considering China and India possess populations of 1,337,700,000 and 1,181,263,000 respectively, it is no wonder that Japan, China and South Korea developed IPv6 in Asia back in 2005.
In the United States, there is no definitive migration plan to convert businesses to IPv6 addresses. The U.S. Contains 5% of the world’s population, yet has 60% of the supply of IPv4 addresses. This advantage in availability of the majority of IPv4 address space, along with a lack of any mandate, has kept the U.S. market from completing the transition. Asia has 60% of the world’s population and not enough IPv4 addresses to support their infrastructure explosion. IPv4 and IPv6 will need to coexist during the transition, which creates an apathetic approach to the migration in the first place. Businesses do not feel forced to make the switch and thus will remain with IPv4 addresses until the switch is dire enough to keep their customers on board and their paychecks afloat. Even if there is no immediate draw to support IPv6, organizations need to ask themselves one simple question: “When IP addresses run out, how will they communicate with organizations that are only IPv6 enabled?”
Another challenge involves security surrounding IPv6. At first, vulnerabilities may pose a threat to newly implemented IPv6 addresses. Most security tools such as access control devices, threat management tools, hardware appliances and host based intrusion detection programs have not been programmed to inspect IPv6 packets to the extent that is needed. Data on these packets can bypass most network security. The Windows firewalls do not handle IPv6 so these packets would pass through uncontested. However there are some very effective threat management tools such as Palo Alto Networks that support access and application control, along with threat management.
There are many challenges associated with the migration of IPv6, yet many beneficial outcomes. The sooner businesses support IPv6, the better. The specific transition period from when IPv4 addresses are depleted to the full integration of IPv6 can either be blissfully short or frighteningly drawn out.