Wednesday, October 19, 2011

Migration from IP V4 to IP V6

What is IPv6?

IPv6 (Internet Protocol Version 6) is the latest level of the Internet Protocol (IP), now included as part of IP support in many products including the major computer operating systems. Formally, IPv6 is a set of specifications from the Internet Engineering Task Force (IETF). IPv6 was designed as an evolutionary set of improvements to the current IPv4. Network hosts and intermediate nodes with either IPv4 or IPv6 can handle packets formatted for either level of the Internet Protocol. Users and service providers can update to IPv6 independently without having to coordinate with each other.

How is IPv6 different from IPv4?

The most obvious improvement in IPv6 over IPv4 is that IP addresses are lengthened from 32 bits to 128 bits. This extension anticipates considerable future growth of the Internet and provides relief for what was perceived as an impending shortage of network addresses.

IPv6 describes rules for three types of addressing: unicast (one host to one other host), anycast (one host to the nearest of multiple hosts), and multicast (one host to multiple hosts). Additional advantages of IPv6 are:

  • Options are specified in an extension to the header that is examined only at the destination, thus speeding up overall network performance.
  • The introduction of an "anycast" address provides the possibility of sending a message to the nearest of several possible gateway hosts with the idea that any one of them can manage the forwarding of the packet to others. Anycast messages can be used to update routing tables along the line.
  • Packets can be identified as belonging to a particular "flow" so that packets that are part of a multimedia presentation that needs to arrive in "real time" can be provided a higher quality-of-service relative to other customers.
  • The IPv6 header now includes extensions that allow a packet to specify a mechanism for authenticating its origin, for ensuring data integrity, and for ensuring privacy.

    Are we really running out of IPv4 addresses?

    Recently, the American Registry for Internet Numbers (ARIN) announced that v4 addresses would be history by 2012. Loki Jorgenson, chief scientist with Apparent Networks, said ARIN recently changed its position from being neutral on IPv6 to actively encouraging it.

    Jorgenson agreed with ARIN's estimation and said it could be just under five years before IPv4 addresses run out completely, but that projection is modest and made on the assumption that there won't be an IPv4 usage increase in the meantime. The five-year prediction is based on current usage rates, where ARIN doles out a certain number of IPv4 addresses per year. A usage increase could deplete the pool of addresses much sooner than anticipated.

    "It's a very gray, slushy kind of boundary where [we don't know] how much time that buys us," Jorgenson said, again stressing that it could be some time in 2010 or 2011 when the pool of IPv4 addresses runs dry. Adding to that confusion, he said, is the possibility that companies and agencies that have hoarded an excess of IPv4 addresses could sell them off as the supply dwindles, creating a short reprieve from total depletion.

    In a presentation at the Burton Group Catalyst Conference, John Curran, chairman of ARIN's board of trustees, said that 68% of v4 address space was allocated as of June. Of the remaining 32%, only 19% is openly available, while 13% is unavailable.

    Curran said the dwindling address pool changes past estimations of address depletion. Several years ago, it was estimated that addresses would be gone by 2020 or 2025. About two years ago, that estimation changed to 2017. Now (as Jorgenson mentioned), 2012 seems more likely, Curran said during his presentation. (From IPv6 readiness is key as IPv4 peters out by Andrew Hickey)

    Most recently, the IPv4 address pool drained from the Internet Assigned Numbers Authority (IANA). Learn what the IANA's IPv4 depletion means for enterprises in this tip.

    For more information, read IP address depletion hastens IPv6 adoption by Loki Jorgenson, or read this interview with IPv6 expert Scott Hogg: Does your business network need an IPv6 transition? Who needs IPv6?

    How do I make the transition?

  • Migrating from an existing IPv4 network to an IPv6 network need not be done in one big step, thanks to new technology that provides gateway services between each, such as the BIG-IP IPv6 gateway from F5 Networks. BIG-IP provides a full proxy for traffic between IPv4 and IPv6, allowing all traffic to be translated for consumption by either IPv4 or IPv6 end points. This allows organizations to stage their migration gradually as demand for IPv6 increases. (From How will IPv6 affect application management? by Karl Triebes)
  • Loki Jorgenson said that as v6 devices become available, companies should look into running a dual-stack model: networks that run both on v4 and v6, similar to a half-duplex/full-duplex deployment.
  • Silvia Hagen agreed that many companies will choose a dual-stack model, which will ease the transition, but that will create an additional workload going forward because v4 and v6 will require two separate security concepts and two routing protocols.
  • In your IPv4 to IPv6 transition, learn in this tip how IP formats are used to convert IPv4 addresses to v6 addresses.

    How will IPv6 affect application management?

  • With IPv6, there are significant changes that improve network device management. First, the increase in IP addressing from 32 to 128 bits is accompanied by an increase in the structure and allocation of addresses. The IPv6 address is comprised of a global routing prefix, a subnet ID, and an Interface ID (the portion local to a link within a LAN). The global unique portion of the address space is distributed hierarchically according to the network infrastructure topology through IANA. This allows the global routing table for IPv6 to be small, avoiding some scaling issues common with BGP routing today.
  • Second, there are enough addresses in IPv6 to give perhaps every square inch on the planet Earth a unique IP address. While this enables virtually any device you can imagine to be on the Internet, it poses a potential nightmare for an administrator to manage all the address assignments. Fortunately, IPv6 includes a feature (made of numerous smaller features) called Autoconfiguration of Nodes. This is essentially a next generation replacement of DHCP and ARP that is available in all IPv6 networks and allows you to connect a new device to the network without even minimal configuration. It also makes it much simpler to re-address your network if you change ISPs (and are thus allocated a different global routing prefix), because all you have to do is change the configuration of your router, and your entire network will re-acquire new addresses with the new prefix. This is a huge reduction in the network management burden.
  • With the increased features of IPv6 come some potential management issues. IPv6 provides native support for security, termed IPsec. Encryption may or may not include some of the header information depending on which mode is used to form the VPN, which can reduce the amount of active traffic management that can be applied to the flows between clients and servers. Managing the security policy between the endpoints (IKE) can be tricky as well if you need to implement that yourself; this is one of the main things an IPsec based VPN provides. Of course, IPsec can be strong but brittle in certain remote-access situations such as accessing a corporate network from a mobile device, further adding to the management burden by an IT department trying to provide such services.

No comments: