With IPv6 being turned on, is keeping IPv4 a bad idea?

The Internet Society is promoting the World IPv6 Launch on June 6, when Internet service providers, hardware manufacturers and Web-based companies will permanently enable the next generation of Internet Protocols on their products and services.

This move is voluntary, but it also is inevitable as the world’s supply of new IPv4 addresses runs dry and new customers and devices coming online begin using the new addresses. The focus of the transition so far has been turning on the new protocols, but some people already are turning their thoughts to the need to turn off IPv4, which has served the Internet well since its inception.

“I don’t like the idea of dual-stack networks,” said Chris Smithee, network security manager for Lancope, a vendor of network monitoring tools. He said he believes we should move beyond enabling IPv6 and turn off IPv4. “It’s a problem for businesses to have IPv4 now.”


Related coverage:

All-in: VA sets date to shut down IPv4

World IPv6 Launch date set; Google, Facebook, MS on board


Dual-stacking is a common way now for accommodating both IPv4 and IPv6 on a network, so that users of both protocols will be able to access online resources. It works, and for the time being it appears necessary because the huge majority of Internet traffic today remains IPv4. For all of the potential advantages the new protocols offer in improved security and functionality, the driver for the transition remains IPv4 address exhaustion. Organizations are enabling IPv6 because they have to, but there is no pressure to do away with the existing protocols.

But Smithee says that’s the wrong way to think about it. The issue should not be demand, but network security. “They need to be turning to IPv6 because of the external risks of not doing so,” he said.

An IPv6 network will not necessarily be more secure than IPv4, but the complexities of running a dual-stack network mean that type of network is likely to be less secure. That point was made by Steve Pirzchalski, IPv6 program manager for the Veterans Affairs Department, when he announced last year that the VA would be turning off IPv4 in October 2014. “Leaving Version 4 on forever is going to introduce a security problem,” he said.

VA turned IPv6 on for its main website, www.va.gov, last year, and a waiver will be required for the use of IPv4 for either internal or external traffic as of fiscal 2015.

In addition to the challenges of operating and managing what will essentially be two networks, some feel that IPv4 has become too kludgy. The need to eke out its more limited address space has led to technologies such as Network Address Translation, which allows the use of numerous private addresses behind a single IP address. NAT has helped to extend the life of IPv4 and can even provide some security benefits by hiding network segments. But some observers say NAT and other tools have broken the Internet by eliminating address-to-address connectivity.

“IP addresses are becoming meaningless because of NAT,” Smithee said. NAT complicates the job of monitoring network traffic and of filtering and blocking traffic based on addresses.

Smithee said that rather than waiting for IPv6 traffic to increase, networks should force the issue by moving users to the new protocols and abandoning IPv4 in favor of a coherent network running one protocol.

Whatever the arguments for such a move, it is not likely to happen soon on a wide scale. “I don’t think it’s a concept that has been properly socialized,” Smithee said. “For most of our customers, the transition is going to take years.”

In the meantime, the experiences of organizations such as the VA that force the move to IPv6 more aggressively will provide useful lessons to the rest of the Internet on the challenges and benefits of making the leap.

 

About the Author

William Jackson is freelance writer and the author of the CyberEye blog.

Reader Comments

Wed, Jan 30, 2013 John Carter Mars

IPv4 is antiquated, archaic, and ugly. Anyone who still uses it is a backwards flat-earther red neck. Anyone who refuses to upgrade should be sent on a one-way trip to Arcturus.

Tue, May 29, 2012 Casualreader US

Completely agree with Packetguy. These security wonks need to get over themselves. If you really want it to be secure, turn them both off! IPv4 is going to be around forever, so you better figure out how to make as secure as you can with that foregone knowledge.

Tue, May 29, 2012 Somedude L.A.

One thing left out of this article: training. I don't care how many years you've used IPV4, in my case 20, you know nothing about IPV6 since they have virtually nothing in common. Wrapping your head around IPV6 is no small matter and to convert your network, let alone you hardware, and then be able to do troubleshooting is a monumental task for small companies. This whole thing is going to take many years to shake out. Think of it this way: I was told we had to know the metric system because it will take over everything in the U.S. in the next 5 years, that was 1974...

Mon, May 28, 2012 packetguy US

Any call for cutting off IPv4 at this early stage in the move to IPv6 is stupid and pointless. You can't drop v4 until most people have added v6 to heir networks. Dual stack is a necessary evil, and we must roll up our sleeves and deal with the security issues. Let's focus on helping everyone into the v6 world rather than this sort of idiotic posturing, which seems to be a misguide attempt at manipulation through fear.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above