With IPv4 only containing approximately 4.3 billion IP addresses, is it time to begin using IPv6 on your network?
This topic has become a hot button issue, as many tech enthusiasts have argued the virtues of each protocol. While it is inevitable that the internet will eventually be forced to use IPv6, what are the benefits of enabling IPv6 in your data center now?
Interoperability between IPv4 and IPv6
System administrators are naturally resistant to change. After all, if a network is functioning properly, why change it?
The need for IPv6 was realized decades ago; for whatever reason, IPv6 just hasn’t seemed to catch on until here recently. Is it possible for IPv4 and IPv6 networks to communicate?
At first glance, the answer is no. Each protocal is unique and IPv6 does not natively offer backwards compatability with IPv4. With this in mind, researchers have proposed solutions such as:
- Dual IP Stacks
- IPv6 to IPv4 Tunneling
- NAT-64 Devices & Applications
The most commonly used solution is dual IP stacks. This is where a device will have both an IPv4 and an IPv6 address. The dual IP stack configuration is available on most modern endpoints, switches and routers out of the box.
IPv6 to IPv4 tunneling is most likely used with enterprise apps that require private connections between older devices. In this scenario, an IPv6 tunnel uses encapusalation to move the IPv4 packets to its intended destination. More information can be found in RFC4213.
NAT-64 is a software package or a network device that translates traffic that originates from an IPv6 host. NAT-64 can be used alongside a dual proxy host to allows web traffic to traverse between IPv6 and IPv4 hosts. However, the downsides of this approach should be noted; Certain protocols such as SIP or Skype may not work using the NAT64 translation method.
Why Should My Business Embrace IPv6?
For some businesses, there may not be an urgency to make everything on your network talk using IPv6. For other businesses, the move to IPv6 is critical.
For example, if your organization wishes to publish an app in the iTunes App Store, the app must use IPv6 to communicate. If your app relies upon data being stored in your colocated data center, your workloads must be configured to use IPv6 in order for your iOS app to function properly.
Mobile devices are fueling the move to IPv6. Consequently, content delivery networks such as Akamai are seeing a rapid rise in IPv6 traffic from mobile devices.
“IPv6 in mobile is already widespread and growing,” says Erik Nguyen from Akamai.
“We are also observing faster performance for IPv6 than IPv4 in some US mobile networks that have broadly deployed IPv6,” Nguyen went on to say.
With so many applications being released on Android, iOS and Windows Mobile, your business must begin embracing IPv6 in order to stay ahead of the competition.
IPv6: Security by Obscurity?
An interesting story about IPv6 was recently published by InfoWorld where a security researcher took 10 VPSs and divided them into equal groups of 5.
One group of VPSs would have the SSH port open on IPv4 with the root password set to “password” while the 2nd group would have the same configuration on IPv6.
Believe it or not, the IPv4 group of VPSs was compromised in less than 15 minutes! Botnets continously scan IP ranges for vulnerable services and having SSH setup with “password” as the root password is about as insecure as you can get.
The most amazing fact about this experiment is that the IPv6 VPS hosts were not breached. In fact, the IPv6 servers weren’t even targeted. That will probably change in the near future, but for now, IPv6 could serve as another barrier between your organization and the bad guys.