Managing IPv4 Depletion & Developing an IPv6 Strategy
Since the 1990s, experts have warned of a coming “day of reckoning” for IPv4, as accelerating growth in the number of Internet-connected devices depletes the available IPv4 address space. Past efforts to drive adoption of IPv6 have relied on wildly different estimates of IPv4 exhaustion, but more recent pressures on IPv4 – including the proliferation of mobile Internet devices and the rapid expansion of Internet usage in highly-populated developing nations – have led to expert consensus: the end is nearing for IPv4, and the time is right to develop and execute an IPv6 networking strategy.
The sky, however, is not falling. Organizations have several options for managing the effects of imminent IPv4 depletion on their operations and service offerings. This research note focuses on the following:
- Understanding the drivers for an IPv6 strategy.
- Examining the approaches for IPv6 implementation.
- Identifying appropriate IPv6 strategy elements.
Developing and executing an IPv6 strategy will allow IT leaders to avoid disruptions resulting from increasingly serious IPv4 depletion challenges, and will form the basis for a cost-effective and orderly transition from IPv4 to IPv6 technologies.
Since the publication of the IPv6 protocol in 1998, widespread adoption of IPv6 has lagged behind the expectations of networking experts. Most organizations whose users are primarily consumers of Internet services have stayed the IPv4 course; in contrast, manufacturers of network and end-user devices, and telecommunications service providers are substantially further in terms of executing IPv6 strategies. Until recently, the additional cost of enabling IPv6 within an existing IPv4 infrastructure, the perceived absence of an imminent threat to the IPv4 status quo, and the lack of significant revenue-driving opportunities related to offering IPv6 services, have influenced most organizations to defer IPv6 implementations.
Each of these factors has evolved over the past decade:
- IPv6 has been built into endpoint operating systems since the mid 2000s, and network vendors have implemented IPv6 support features in software (patches for older, capable devices) and hardware (newer devices) since the early 2000s. As such, key pieces of IPv6-aware technology are already in place within most organizations.
- Depletion of the limited IPv4 address space has serious adverse implications in the near term for established organizations looking to expand their numbers of Internet-connected systems, as well as for those needing to deliver services to new IPv6-only clients.
- The growing number of IPv6-enabled and IPv6-only networks, services, and systems (especially mobile devices) that are deployed globally creates opportunities for organizations to explore new revenue-generating services using IPv6 (e.g. smart grids, the “Internet of Things”). Some of this recent IPv6 growth is driven by large content providers (e.g. Google/YouTube) moving to deliver native access to new IPv6-only clients, while other growth is driven by regulatory requirements (e.g. US government IPv6 readiness directives to federal agencies).
Given these changes, the time has come for organizations that have not yet initiated an IPv6 deployment plan to develop a strategy for adopting IPv6.
What It Is & How It Works
IPv4 provides support for approximately 4 billion (232) uniquely addressed Internet-connected devices, and experts’ converging estimates indicate that this entire address space will have been allocated by late 2011 or early 2012. Individual organizations may be able to conserve and maximize use of their allocated pools of IPv4 addresses, perhaps delaying the direct impact of IPv4 address space exhaustion by several months or even years, but it is clear that connectivity pressures will continue to mount for organizations that do not pursue an IPv6 strategy.
In contrast, IPv6 provides for 2128 (3.4x1038) unique addresses. Like IPv4, the IPv6 address space is not infinite, but it is inconceivably large and essentially inexhaustible. IPv6 also provides native support for IPsec data encryption, enhanced multicast packet transmission, improved mobile networking, and true “end-to-end” connectivity, among other important technical benefits. Other IPv6 enhancements enable reductions in the overall cost of managing increasingly large and complex networks.
Most organizations’ network components and end-user devices are already capable of handling IPv6 traffic to some extent, which begs the question: Can’t organizations simply “turn on” IPv6? In fact, small amounts of IPv6 traffic may be running through most organizations already, though without the benefit of enhanced network management and security capabilities that have been put in place as IPv4 networks have evolved.
A substantial net-new cost element may be associated with additional infrastructure for IPv6 and the operation of its core network services already in place for IPv4 networks (e.g. DNS and DHCP, router and firewall management, bandwidth management, intrusion detection/prevention, and more). As IPv6 deployment progresses, the costs associated with maintaining IPv4 capabilities will decrease and ultimately, be eliminated.
Sifting through the Options
How pressing is your organization’s internal IPv6 requirement? If the lack of available IPv4 address space alone is fuelling a rush towards an IPv6 strategy, consider these options in order to buy time:
- Reorganizing public IPv4 addresses.
- Expanding use of private IPv4 addresses and Network Address Translation (NAT).
- Acquisition of additional public IP address space.
Until recently, IPv4 addresses were not typically considered a scarce resource. As such, many organizations will find that they are able to reclaim (the preferred option) or reorganize (the more time consuming alternative) blocks of IPv4 addresses to maximize existing IP allocations.
Organizations may also free up public IPv4 space through the use of private IP addressing. Systems that communicate exclusively within an organization’s internal networks will function properly when assigned private IP addresses, but if access to or from any external resource is required, NAT is needed. Overhead from managing widespread NAT deployments, and NAT limitations for end-to-end connectivity (with consequences for many network-centric applications), can make broad implementations of private IP impractical.
Organizations have always been able to acquire new blocks of public IPv4 space to satisfy growth requirements. A market for public IPv4 addresses will continue to operate in some form, but the pressures of dwindling supply (from the depleted IPv4 address pool) and increasing demand (from organizations desperate to acquire additional IPv4 space) will make this option more and more costly.
Each of these three methods for maintaining IPv4 address space has potential merit, but each is no more than a stopgap, with associated costs. In the relatively near future, strategies for IPv6 will be required, though these conservation approaches provide the opportunity to consider IPv6 systematically.
With a sufficient inventory of IPv4 addresses to satisfy current and projected internal needs over the next one to three years, attention can be turned to developing an IPv6 coexistence and migration strategy. If, however, an organization’s projected need for additional IP connectivity outstrips available IPv4 addresses, the IPv6 strategy may require more substantial initial investments of capital and labor.
The distributed nature and critical importance of today’s Internet highlights two key requirements for IPv4 and IPv6 coexistence:
- For many years, there will be IPv6-capable clients on existing IPv4 networks that require communication with new IPv6-only resources.
- Similarly, there will be new IPv6 clients that require communication with existing IPv4-only resources.
Three complementary approaches are available to address IPv6 transitional requirements and the need for backward compatibility:
- Dual-stack technologies, which allow network clients to communicate with networked resources using IPv4 or IPv6 as appropriate. As noted above, modern endpoints and network devices typically have dual-stack capabilities.
- Tunneling technologies, which allow IPv6 traffic to and from IPv6-only and dual-stack systems to traverse IPv4-only networks.
- Translation and proxying technologies, which allow IPv6-only clients to access IPv4-only resources. This could be external IPv6-only endpoints requiring access to internal IPv4-only resources, or internal IPv6-only endpoints requiring access to either internal or external IPv4-only resources.
Organizations with adequate IPv4 space can use the dual-stack capabilities embedded in endpoints and network devices to ensure that IPv4 and IPv6 functionality coexist transparently during migration. During build-out of an internal IPv6 network, increasing volumes of IPv6 traffic between internal dual-stack endpoints and IPv6 network resources (internal or external) can be tunneled across the existing IPv4 network – in many cases, automatically. As noted above, many organizations’ networks are already being used to transport small amounts of IPv6 traffic from existing dual-stack endpoints across automatically-established tunnels.
For endpoints running older IPv6-aware operating systems (e.g. Windows XP SP2/SP3), automatic tunneling may not be available without additional system configuration. In such cases, tunnels must be configured manually; updating such systems to a more modern operating system during normal equipment refresh cycles is strongly recommended as a means to simplify blended IPv4/IPv6 environments and avoid elevated transition costs.
Before a fully IPv6-aware network is in place, IPv6-to-IPv4 translation and application proxying technologies may be a necessity. If IPv6-only connectivity requirements exist (e.g. for internal IPv6-only systems, or for customers or business partners connecting from IPv6-only networks), client access to specific IPv4 resources can be translated, and if necessary, proxied on a case-by-case basis.
In contrast, there is no forward compatibility between IPv4 and IPv6. Networked devices that support IPv4 only (e.g. older PCs, SCADA devices) will become isolated from the growing IPv6 Internet, though typically with minimal impact to organizations. Over time, as part of scheduled system refreshes, such devices can be replaced with or upgraded to IPv6-aware systems as required.
Organizations must develop strategies for IPv6, or risk being unable to participate fully in the IPv6-based Internet of the future. Info-Tech recommends:
- Focus on the network first. Leverage IPv4 conservation strategies and IPv4/IPv6 transitional technologies to maintain endpoint functionality while planning and executing your network-centric IPv6 deployment.
- Manage costs and risks. IPv6 network services must be designed and must operate in parallel with existing IPv4 network operations. A robust IPv6 test bed allows system and network administrators to gain experience with IPv6 without risking production networks and servers, but may introduce additional costs to organizations that do not have such testing environments.
- Understand what is involved. With endpoint transition strategies in place, major elements of a network-focused IPv6 strategy include:
- Inventorying network infrastructure and identifying upgrade and test requirements.
- Defining and implementing IPv6 address allocation (subnetting) and assignment (DHCP/auto-configuration) plans.
- Enabling IPv6 DNS services.
- Configuring IPv6 routing protocols and securing the IPv6 network.
- Monitoring and managing the IPv6 network.
- Configuring native IPv6 on other services and applications (FTP, e-mail, web servers) and enabling native IPv6 remote access.
- Leave endpoints to the end. Once the IPv6 network has been deployed, IPv4/dual-stack endpoints can be migrated to native IPv6 on a prioritized basis, or as systems are replaced.
IPv4 addressing is the technical underpinning of today’s Internet, but the Internet of the future is already being built using IPv6. Organizations need to execute a network-centric IPv6 strategy over the next one to three years, supported by transitional techniques for managing the migration from IPv4 to IPv6 technologies on existing endpoints.