With IPv6 being turned on, is keeping IPv4 a bad idea?
- By William Jackson
- May 25, 2012
The Internet Society is promoting the World IPv6 Launch on June 6, when Internet service providers, hardware manufacturers and Web-based companies will permanently enable the next generation of Internet Protocols on their products and services.
This move is voluntary, but it also is inevitable as the world’s supply of new IPv4 addresses runs dry and new customers and devices coming online begin using the new addresses. The focus of the transition so far has been turning on the new protocols, but some people already are turning their thoughts to the need to turn off IPv4, which has served the Internet well since its inception.
“I don’t like the idea of dual-stack networks,” said Chris Smithee, network security manager for Lancope, a vendor of network monitoring tools. He said he believes we should move beyond enabling IPv6 and turn off IPv4. “It’s a problem for businesses to have IPv4 now.”
All-in: VA sets date to shut down IPv4
World IPv6 Launch date set; Google, Facebook, MS on board
Dual-stacking is a common way now for accommodating both IPv4 and IPv6 on a network, so that users of both protocols will be able to access online resources. It works, and for the time being it appears necessary because the huge majority of Internet traffic today remains IPv4. For all of the potential advantages the new protocols offer in improved security and functionality, the driver for the transition remains IPv4 address exhaustion. Organizations are enabling IPv6 because they have to, but there is no pressure to do away with the existing protocols.
But Smithee says that’s the wrong way to think about it. The issue should not be demand, but network security. “They need to be turning to IPv6 because of the external risks of not doing so,” he said.
An IPv6 network will not necessarily be more secure than IPv4, but the complexities of running a dual-stack network mean that type of network is likely to be less secure. That point was made by Steve Pirzchalski, IPv6 program manager for the Veterans Affairs Department, when he announced last year that the VA would be turning off IPv4 in October 2014. “Leaving Version 4 on forever is going to introduce a security problem,” he said.
VA turned IPv6 on for its main website, www.va.gov, last year, and a waiver will be required for the use of IPv4 for either internal or external traffic as of fiscal 2015.
In addition to the challenges of operating and managing what will essentially be two networks, some feel that IPv4 has become too kludgy. The need to eke out its more limited address space has led to technologies such as Network Address Translation, which allows the use of numerous private addresses behind a single IP address. NAT has helped to extend the life of IPv4 and can even provide some security benefits by hiding network segments. But some observers say NAT and other tools have broken the Internet by eliminating address-to-address connectivity.
“IP addresses are becoming meaningless because of NAT,” Smithee said. NAT complicates the job of monitoring network traffic and of filtering and blocking traffic based on addresses.
Smithee said that rather than waiting for IPv6 traffic to increase, networks should force the issue by moving users to the new protocols and abandoning IPv4 in favor of a coherent network running one protocol.
Whatever the arguments for such a move, it is not likely to happen soon on a wide scale. “I don’t think it’s a concept that has been properly socialized,” Smithee said. “For most of our customers, the transition is going to take years.”
In the meantime, the experiences of organizations such as the VA that force the move to IPv6 more aggressively will provide useful lessons to the rest of the Internet on the challenges and benefits of making the leap.
William Jackson is freelance writer and the author of the CyberEye blog.