Ed Horley provides a convincing case for the many reasons why you need to get an IPv6 plan in place now and how to overcome some of the common challenges along the way.
Guest Blog Post by Ed Horley
I gave an Interop IPv6 presentation titled “Getting Serious About IPv6 – Go Big or Go Home” in Las Vegas on April 3, 2014. Since then, ARIN announced it has moved to Phase 4 (down to its last /8 of IPv4 – that happened on April 23, 2014). I think what surprised people the most (based on the feedback I got from the session) was that my argument about adoption for IPv6 had little to do with ARIN running out of IPv4. After all, this is what everyone talks about, that there are no more IPv4 addresses. My argument is:
You have already deployed IPv6… you just didn’t know it.
At this point, you may be scratching your head saying Ed is crazy, what is he talking about? Let me point out that all major OS platforms (and different flavors of those platforms) support IPv6 and have for a while now. It turns out that IPv6 is enabled (on by default) and preferred in almost all cases. To top it off, there are IPv6 transition technologies in Windows, there are zerconf capabilities in all the OSs, there is support for mDNS or LLMNR, and to top it all off, IPv6 has several address mechanisms per active interface on a host. If you add this all up it is highly likely that you have deployed IPv6, you just didn’t do it in a structured and controlled manner the way you did your IPv4 deployment.
If you have deployed IPv6 (congratulations by the way) but didn’t do any planning, what challenges do you now face?
First, do you understand the impact of turning off IPv6? Often when I point out that all the host OSs are running IPv6 many people want to jump immediately to shutting off IPv6. While this is possible (sort of), the question you should ask is, “will this impact my existing services?” Think carefully before you just start shutting off IPv6. Remember, it is enabled and preferred and if your existing production network is using IPv6 for some of its network traffic you will have a production outage while you disable IPv6. Furthermore, you might not even know all the applications that ARE using IPv6, have fun troubleshooting that one. Even after you think you have turned off IPv6 on your equipment, how often do you actually audit and check to see if it is running? Does it get re-enabled with OS patches and updates? What about third party equipment that runs on your network or wireless/wired guest network? How about BYOD and those devices that you can’t control the networking stack? The reality is, even though you think you are simplifying your workload, you aren’t. You will still need to set up sniffers that can detect and capture IPv6 traffic, otherwise, how will you know it is NOT running on your network? You will still have to collect and analysis log files that contain both IPv4 and IPv6. You will still have to write and maintain policy and security rules that include both IPv4 and IPv6.
At this point, it must be obvious, why not just adopt and support IPv6 if you have to do all this work for it anyway?!?
To make matters even more interesting, I argue that if you have industry compliance requirements and you do not have a plan for IPv6 (off, on, whatever) then there is no way you can say you are in compliance of an audit. Why? Because how do you pass an audit when you have a protocol running on your network you don’t understand, can’t get any information from and aren’t even watching?
What challenges do you have once you realize you need to have some sort of IPv6 plan in place?
I have heard repeatedly that education for staff is the biggest issue around IPv6. Does your team know anything about IPv6? Would they even know it if they saw it? ARIN has some great education resources available at https://getipv6.info along with the IPv6 info center and if you want specific IPv6 and Windows knowledge then consider picking up my book.
The next common challenge is getting your policies (IT, security, purchasing, etc.) modified to include and be thinking about IPv6. For instance, will you purchase the right equipment that supports IPv6 the “first” time or will you have to buy it all again in one to two years? Adopting newer OS platforms becomes easier because these newer platforms support IPv6 from the start. But what do you have to do for older systems? Initially, you really won’t notice anything until your service provider truly depletes their IPv4 address space. Then they will be forced to starting adopting and deploying IPv6 but they will use various methods in the meantime to extend the life of IPv4. They will most likely utilize a tool called Carrier Grade NAT (CGN). CGN breaks IPv4 uniqueness at a much larger scale. We used to hide a single household or commercial company behind a common IPv4 address, now we will hide an entire city, county or larger unit of people. CGN exasperates IPv4 port exhaustion issues; it compounds stateful NAT issues, along with just slowing things down.
Finally, what problems will you see happen as IPv4 runs out? It is going to get harder and harder for your employees to get public IPv4 at home. This can potentially cause problems for VPN, VoIP, Video, Collaboration and Gaming (depending on how those technologies are deployed). If third parties and employees start getting IPv6 through their service provider and you stay on IPv4 only, then their connection will have to be proxied to you. Because the session is proxied, you lose the ability to have end to end connectivity, something taken for granted in our IPv4 only world.
Lack of IPv6 has real world costs and impacts, and you are simply kicking the can down the road with the potential for even greater pain the longer you wait to adopt.
How do we start down the IPv6 path of enlightenment? What do we need to do next?
Well, as I mentioned earlier, education has been identified as the key thing people need, at all levels. This means you need to invest in educating your staff on how to design, deploy, operate and maintain a network running IPv6 and also one doing dual-stack. You will need to have an education plan and resources in place for your company to learn all this. Most importantly, this does not happen overnight, you need to start NOW! Why? Because once your staff is educated it is much easier to build a plan. A plan needs to be tailored to your company needs and requirements. You need to include testing and validation of network, operating systems, apps and everything in between to insure you are on the right path. Oh, and you will need a lab – trust me on this one. You will need people from every team involved in the education and training. Why? Because while IPv6 at first glance appears to be a networking only function you will quickly discover that your application, database and help desk teams will need to know, understand and troubleshoot it. You will also need to understand the business impacts of starting the adoption of IPv6. Seriously? Did he just say business impacts? Yes, you many have critical home grown business applications that do not work with IPv6. You might have partners in the world that only have IPv6 as a protocol option. You likely want to understand what the impacts will be before you run into an unpleasant surprise along the way. If the majority of your business is on, from, or coming across the Internet then supporting IPv6 is critical to your business.
Let’s say I still have not convinced you. You still don’t believe you will be using IPv6 anytime soon in your company. Well, the last holdout OS in the market that did not support IPv6 was Windows XP and Microsoft end of support happened on April 8 2014. This means if you are deploying a newer OS (Microsoft Windows, Apple iOS and OSX, Android, Linux, FreeBSD, CentOS, etc.) of some kind, guess what? Yes, that is right, you will be dealing with IPv6 regardless of how much you want to avoid or ignore it.
IPv6 is the future and the future is NOW!
Ed Horley is the Practice Manager for Cloud Solutions and Practice Lead for IPv6 at Groupware Technology in the San Francisco Bay Area. Ed is actively involved in IPv6 serving as the co-chair of the California IPv6 Task Force and additionally helping with the North American IPv6 Task Force. He has presented at the Rocky Mountain IPv6 Summit, the North American IPv6 Summit, the Texas IPv6 Summit in addition to co-chairing and presenting at the annual gogoNETLive IPv6 conference in Silicon Valley. He has also presented on IPv6 at both Microsoft TechEd North America and Europe, at TechMentor in Redmond, Orlando and Las Vegas, at InterOp in Las Vegas and at Cisco Live in North America and Europe. Ed is the author of Practical IPv6 for Windows Administrators from Apress (2013). He is a former 10 year Microsoft MVP (2004-2013) and has spent the last 18+ years working in networking as an IT professional. Ed enjoys Umpiring Women’s Lacrosse when he isn’t playing around on IPv6 networks. He maintains a blog at http://www.howfunky.com/ where he covers technical topics of interest to him and is on twitter at @ehorley.