Why the time is now for IPv6 (and it's not for lack of IPv4 addresses)
IPv4 addresses won't disappear immediately, but it's time to move to the new protocols
- By William Jackson
- Feb 04, 2011
One safe prediction at the beginning of this year was that the Internet Assigned Numbers Authority would run out of IPv4 addresses.
It happened Feb. 3, when IANA, which coordinates global IP addressing, distributed the final five /8 — usually pronounced “slash eight” — IPv4 address blocks to the five Regional Internet Registries that dole out IP addresses. So the hopper is empty.
That doesn't mean that IPv4 addresses will disappear. But it is the beginning of the end.
Each /8 address block, the largest blocks allocated, contains about 16.8 million unique IPv4 addresses. After IANA's distribution, the regional registries still have millions of IPv4 addresses to assign, and many large enterprises and service providers already have stockpiles of the addresses in reserve, so IPv4 addresses will be available for some time.
However, the depletion means that with growing demand for Internet connectivity, future growth will increasingly be in the IPv6 address space.
Will agencies 'dance with the Ewoks' on IPv6?
Enabling IPv6, one step at a time
Why the need for IPv6? Blame Vint Cerf.
“When we run out of IPv4 addresses, we are going to be going with IPv6,” said Richard Jimmerson, CIO of ARIN, the regional registry for North America.
This means that 2011 should be the year when the transition to IPv6 gets serious.
The depletion of IPv4 addresses and need to adopt the next generation of Internet protocols should not catch anyone by surprise; it's been foreseen for decades.
“We have been talking about IPv6 for a long time,” said Quing Li, chief scientist at Blue Coat Systems, a network application delivery company.
It has been mostly talk so far, but this will begin to change on June 8, World IPv6 Day. The day will be a global test of the IPv6 infrastructure supported by the Internet Society. Some major Web presences, including Google, Facebook Yahoo!, Akamai, Limelight Networks, Cisco, Meebo, Genius, Juniper Networks and the World Wide Web Consortium, will enable and publish dual stack connectivity to accept IPv6 traffic, providing real world information on a large scale transition.
The goal is to expose potential issues under controlled conditions so they can be addressed before they become problems. The experiences is expected to be transparent for most Web users, but the Internet Society estimates that a small fraction of users, 0.05 percent, could experience problems that day.
North America lags
“People are beginning to think about IPv6 in North America,” Li said. But implementation remains in the pilot and experimental stage. “In some senses, they are behind the curve.”
The volume of IPv6 traffic now is negligible. Within .com and .net — the two largest top-level domains — just .0015 percent of zones have IPv6 address records, said Danny McPherson, vice president of network security research at VeriSign, the global registry for those domains.
Meanwhile, the Internet continues to grow rapidly. VeriSign reported that 3.8 million domain names were added across all top-level domains in the third quarter of 2010, bringing the total to 202 domain name registrations. Pat Kane, VeriSign’s assistant general manager of naming services, said the third quarter usually is a little flat for Internet domain growth because of the summer months, but this year’s level of increase was not unusual.
There is no direct correlation between the growth in the number of domain names and use of Internet addresses, but the servers, devices and individuals hosting and accessing those domains must have addresses. After the IPv6 addresses start coming online to accommodate them, there will be a challenge to ensure that access is available to all online resources for all users, regardless of the IP version used, because the two versions are not interoperable.
“They are for all practical purposes separate networks,” said Jim Lemaster, director of systems engineering at Juniper Networks. Most operating systems and browsers today support IPv6, but enabling the new protocols will require more than that. “The rest of the infrastructure has to be there, as well,” Lemaster said.
Meanwhile, an increasing number of non-PC devices are connecting to the Internet, such as video players, gaming consoles and mobile devices — they don't necessarily support the new protocols. Mechanisms must be in place to ensure not only that IPv6 users can access IPv4 resources and vice versa but also that traffic is not halted along the way at a section of the infrastructure that supports only one of the protocols.
The ideal situation, which is not expected for years or decades, would be an all-IPv6 Internet. Failing that, it is a dual-stack environment in which everyone and everything supports both versions. In the real world, we'll be living with a fragmented infrastructure with translation and gateways that interrupt end-to-end connections, in which decisions will need to be made about routing and preferred connections based on available protocol versions.
Work in progress
For now, that will not be a problem for IPv4-to-IPv4 connections because there are not likely to be many IPv6-only segments to traverse. For links using IPv6 at either end, “there will almost always be a path through the middle,” Lemaster said.
But translations and tunneling around the edges will remain problems, depending on how long it takes for enterprises and service providers to make the transition and enable IPv6.
“It’s a work in process,” ARIN’s Jimmerson said. There are likely to be increases in network overhead, latency, and broken or dropped connections if the growth in IPv6 traffic outstrips the adoption of the new protocols in the infrastructure.
The good news is that there are tools available to smooth the transition and enable the use of both protocols on networks. But there will always be some cost. “They do add a little complexity to managing a network,” Lemaster said.
Security also will need to catch up. Filters and monitors will need to be able to understand and evaluate new services and sites that use both protocols.
“If your URL filter database can’t handle IPv6, how can you provide services?” Li asked. Privacy extensions available to IPv6 addresses could conflict with some services that require or expect unique and stable addresses. Security policies above Layer 4 — which provides transfer of data between systems and is responsible for end-to-end error recovery and flow control, ensuring complete data transfer — will need to be IPv6-capable.
All of this means that administrators need to begin now to implement and enable IPv6 in their systems to avoid problems.
William Jackson is a Maryland-based freelance writer.