IPv6 - Is It Coming Or Not?
Today I have got myself involved in a very interesting discussion on the outlook for IPv6 rollout. I have to confess I have been thinking about the IPv6 from time to time, and my views on the iPv6 are even more radical than ever. Contrary to the public belief of IPv4 address space exhaustion, I think we will ride the NAT kludge for a while... and I am 100% certain the migration to IPv6 will take more than the average of current estimates. But let us start from the beginning.The main difference between IPv4 and IPv6 is the number of hosts that can be addressed on a network. This seems to be obvious, but is not. By number of hosts we should consider the number of publicly available servers, or even aggregation points. For example Google.com counts but my laptop and my cellphone do not, as they are not servers - they are clients. Clients usually sit behind NATs (Network Address Translators), a kludge that allows many client devices on a private network share one common external IPv4 address.
The story of IPv4 address space exhaustion is many years old. I remember a statement from one very knowledgeable network guru in 2003, that we would run out of IPv4 addresses in 3 years. It has been now 5 years since then and we are still nowhere near the exhaustion point.
Why?
- First - NATs are blooming. Every private / corporate / or even access network has NATs. So we have thousands or millions machines sharing a single IP address. We can go with this almost forever...
- Second - with the current generation of Web services, we keep on moving towards a strong client / server / hosted services model. The servers are Google, Yahoo, Facebook and so on... The clients are us (households, even enterprises). Ultimately Google could have just one public IP. Same for Yahoo. The IP switching and routing technologies already in place allow to route all the incoming client requests via a single "server" IP address. I used to have my own email server (occupying one external IPv4 address). Now it is hosted by Google. Same with my web page. If this client / server / hosted services model continues to strengthen (and it does), we may even see a decline in a number of required public IPv4 addresses (OK, this may be an exaggeration, but illustrates well what is happening).
So let us move now to the potentials of the IPv6. It promises every device to be a public host. This means no more hierarchical NATs after NATs, and a completely flat worldwide IPv6 network. What does it bring to the table? And the answer is: Peer to Peer (P2P) connectivity. This is the main differentiator. IPv4, due to its limitations in the public address space and the use of NATs, is very much in line with the current client / server model (public servers and clients behind NATs). On the other hand, P2P allows any device to communicate directly with any other device. Like Your light switch in the US may turn on and off my light bulb in Poland, provided they both have IPv6 addresses. No extra server / service in the middle. Pure Peer to Peer. This is what I mean new applications. When everything is a public host, you suddenly have a completely new playground to invent application scenarios. There are many already waiting (like the mobile VoIP) and many more not yet invented.
And there is more than just enabling Peer To Peer (P2P) communications in IPv6. There is significant support for mobility in IPv6 - concepts of Home Addresses (HA) and Care Of Addresses (CoA), meaning wherever you are, you can always discover a way to your home. And ultimately IPv6 means no more loss of a session while you roam. This makes IPv6 much better suited to support all-IP mobile communications. We may be pretty sure when the new wave of 4th generation (4G) mobile handsets and networks arrive, they will all be IPv6. But do not hold your breath for them in 2008... The world still has not implemented 3G as it should...
But the mobile all-IP P2P, once it comes, will change the world. Finally we will be able to "dial" any other network device directly, without having to consult any "central" authority. Something like dialing a number on a rotary phone versus operator - assisted call, but much much more... BTW, there is a good presentation by Garry Hemminger to follow the subject.
So it all seems bright, looking into the future, but then there is this huge security issue. Are we ready to get rid of our NATs that hide our private hosts from the outside public network and expose every device to the Internet? No way... So while there has been this big promise of IPv6 to free us from NATs, we have quickly realized we need NATs for security reasons. I mean not just pure NATs, but gateways comprising NATs and firewalls. Every household, every company has one or more of them. We feel good and secure behind the firewalls. How would you feel connecting your private computer directly to the public Internet, so it could be pinged and explored by anybody else on the Planet? So while were happy to get rid of those gateways, we would still love to have them. The problem here with IPv6 is the current generation gateways are not IPv6 aware. So to make IPv6 a reality worldwide, we would have to replace those gateways. Millions of them. Unfortunately in my opinion there is no economic driver now to push that replacement. And to push us all up the steep learning curve of IPv6 implementations. The incentives are simply not present yet and the real IPv6/P2P applications are still to come.
You might be interested in these links if you haven't already seen them:
ReplyDeletehttp://www.usipv6.com/6sense/2007/feb/article02.htm
http://www.internetnews.com/infra/article.php/3717426
http://www.networkworld.com/news/2007/121707-how-feds-are-dropping-the-ball-side-1.html
some good info from David Green at Command Info..
ReplyDeleteIPv6 Misinformation vs. Good Information
At Command Information, we hear a lot of hype and misinformation about what people think IPv6 is. Any time we start off a class, conference, sales pitch, or new client project, we try to plainly educate people on “what is IPv6″, and as our SVP Stephen Oronte says, “What IPv6 ain’t”. Now that 2008 is here, and lots of US Federal Government and DoD customers will be switching on IPv6 and carrying out pilots, lets define what IPv6 is, and what its not:
* IPv6 is an upgrade to the next generation of the Internet Protocol to add better scalability & flexibility and a way to add new features in a standardized manner. We upgraded the ARPANet/Internet from Net Congestion Protocol (NCP) to IPv4 in the early 1980s for the same reasons. Now IPv6 is the upgrade to support the next 100 years of operation.
* IPv6 is not a replacement for the Internet as we know it. IPv6 is the Internet - just with some new capabilities. The v4 based parts and the v6 based parts of the Internet will coexist for years while we migrate and they merge. IPv6 was designed with 20+ years of experience with IPv4 and contains all of the upgrades the IETF engineers wish they had thought of back in the ’70s when they designed IPv4 to support the early ARPANet/Internet.
* IPv4 addresses are running out: The big blocks of IPv4 addresses that are assigned by Internet Assigned Number Authority (IANA) will be exhausted around 2010. After that, regional authorities like the American Registry for Internet Numbers (ARIN) will have about a one year supply to hand out to ISPs, wireless carriers, governments, and major corporations when they launch a new service. Once those are gone, the fun starts as we must manage the old address blocks better, and split the old address blocks more - - causing more routing fragmentation and performance issues.
* IPv4 address exhaustion is not a Y2K: Its more like running out of oil. In the case of oil, we know we need to change, and in the long run it will be cheaper and more secure to change, but we have a lot of old infrastructure and old ways of operating. Change will come. We don’t ‘hit the wall’ when IPv4 addresses demand outstrips supply in the 2010-2011, we just accelerate the change to IPv6. The Internet won’t fail when ‘addresses run out’ but it will be increasingly painful to operate many sections of the IPv4 Internet, and especially hard to launch new innovative services. How painful will this be? No one knows really for sure, but an ounce of prevention equals a pound of cure.
* IPv6 is autoconfiguration: Well, IPv6 comes with a great version of ’stateless autoconfiguration’ which is a great way to automate setup of certain parts of your network infrastructure. Since all IPv6 devices can ‘autoconfigure’ with a router and with each other, they can automatically find their local neighbors and routers and establish the ability to communicate over Internet Protocol if they are attached to the same type of network (Ethernet, WiFi, WiMax) and that network is configured properly.
* IPv6 is not complete ‘plug and play’: Devices do not just automatically self configure and talk just because two IPv6 laptops, smartphone handsets, sensors, etc… are close to each other. Other things have to be set up, such as wireless channel settings, security keys, and information still has to be configured about the applications and services available on the network. However - we can easily build a great deal of Zero Configuration (ZeroConf) framework on top of the excellent multicast and peer-to-peer (P2P) features of IPv6 so we can automate setup of almost everything in a network application. IPv6 isn’t complete ‘plug and play’ but its a great enabler for better ‘plug and play’ as we’ve demonstrated - - come see and we’ll show you how to reduce your future integration costs.
* IPv6 is going to change your security: Its time to deal with the fact that a new version of the Internet is here and is operating in our computers, smart phones, routers, and consumer electronics. All organizations need to develop proper security procedures, IA certification and accreditation (FISMA, DIACAP, etc), and ACTUALLY ENFORCE them, or you will find unplanned IPv6 networks, possibly malicious, in your enterprise environment. A little IPv6 security training, consulting, and proper security posture goes a long way. If you have any question if ‘bad guys’ know about IPv6, ask to see a demo of how ‘white hat’ hackers can penetrate an ‘IPv4-only’ network with IPv6 - - and yes, it is trivial to protect against these attacks if you know how.
* IPv6 is not the solution to Internet security: Yes, IPv6 comes bundled with a great implementation of IPsec - and you will eventually be able to architect improved end-to-end security with that - when it is widely enough adopted. IPv6 does not solve all your other security problems, like bad passwords, open firewalls, open wireless access, or sloppy enforcement of a security policy. You need a security policy AND ACTUAL RIGOROUS ENFORCEMENT to have better security. IPv6 networks are no more or less secure - they are just a bigger set of tools for both sides of the attack/defend cycle. Leverage our experts, with actual operational experience building, securing, and penetrating IPv6 networks, to help develop your IA plan.
* IPv6 is here today: You would be hard pressed to buy a modern desktop or laptop computer, Unix or MS Windows based smartphone, router, server, WWW server, firewall, etc. that doesn’t have support for IPv6. Its been in these devices for the last few years. Now many devices come with IPv6 on, and autoconfiguring itself by default. In almost every class of Enterprise application, there are IPv6 versions by major vendors like IBM, Microsoft, HP, Apple. You’ve been accidentally ‘buying some IPv6′ during your regular tech refresh, but we can advise you on how to assure you are buying the whole package at virtually no cost. How does it sound to position yourself for a major tech evolution at almost no cost?
* IPv6 is not expensive to turn on today: You’re trying to determine the ROI from an expensive ‘tech transition’ to IPv6 but you already have the technology - - you just need some expert help to turn it on, secure it, and start to leverage it. We helped our client Bechtel Corporation with their IPv6 implementation, and they are to about 70% of all desktops/servers/networks running IPv6 at a cost of less than 1% of their IT budget. We are at the point now where we are helping them determine the new applications we can enable with IPv6 sensors, asset tracking, P2P collaboration. Look at Bechtel and think, whats your plan? Lead, follow them, or wait till it becomes mission critical?
So - armed with a bit of good information, you have a choice to make - begin IPv6 integration because of a mandate or because others are doing it; or install it because you want future-proof infrastructure, you want to enhance your security posture to cover all your bases, or you want to pilot new applications ready to leverage the change.
Hi, thank you for the comments... We will see how this plays out... In the area of IPv6, my bet is on the wireless VoIP and on the peer to peer connectivity. This will enable galaxies of new applications. Once prevailing, IPv6 will be THE NEW INTERNET.
ReplyDeleteInteresting Information nice..I found the Ip-Address Details finding site named as ip-details.com
ReplyDelete