There has been much speculation over the years as to whether IPv6 will be a benefit or burden to businesses and Internet users. When I am asked this question, my answer is usually “both.”
First and foremost, it is important to remember that the transition to IPv6 is inevitable. The last few IPv4 addresses are in the final stages of being allocated.
Cisco has predicted that the Internet will quadruple in size over the next four years, and that there will be 15 billion Internet-connected devices by 2015. While IPv4 only allows for about four billion IP addresses, IPv6 will allow the world’s seven billion people to have 15 billion devices each, and still be infinitesimally utilized. Additionally, IPv6 is designed to be more effective in terms of security, reliability and ease of management.
The best part of IPv6 in my opinion, however, is that it will negate the need for Network Address Translation (NAT). While NAT has been an effective fix for the address exhaustion problem that has occurred with IPv4, it is not beneficial from a security standpoint because it allows a single IP address to be used for a multitude of devices.
This grouping of devices behind a single address enables cyber attackers to essentially hide behind it, preventing those tracking them from being able to pinpoint their identity. Because IPv6 offers virtually limitless amounts of IP addresses, every single user and device on the Internet can be uniquely identified, vastly improving security.
The negative side to IPv6 comes not with the protocol itself, but with its slow adoption rate. Today, only a miniscule percentage of Internet traffic is IPv6, and many organizations are hesitant to migrate to the new protocol due to the technology upgrades involved in making the transition. While major technology vendors have long been preparing for the cutover to IPv6, many smaller application providers have not; forcing end-user organizations to replace some of their technology systems in order to make the transition.
Still, waiting around for others to upgrade before you do is not the right approach. All organizations need to at least be developing strategies around when and how they will make the leap to IPv6. Overall, this is a classic case of “prepare now or scramble later,” and “later” is coming sooner than most people realize.
Efforts such as World IPv6 Day have been instituted to help encourage the transition. On June 8, 2011, as part of World IPv6 Day, several high-profile organizations tested their websites on IPv6 in preparation for the impending cutover. Early adopters such as Google, Cisco, Facebook and Microsoft are paving the way, but for the Internet to continue functioning properly for everyone, all companies and government organizations need to be on board.
Unfortunately, if the transition to IPv6 is not made in a timely fashion, alternative solutions will prevail, jeopardizing the future security of the Internet.
One proposed method, Large Scale NAT (LSN) a.k.a., Carrier-Grade NAT (CGN), allows for literally thousands of users to share a single IP address (versus a single household or business being allowed to share via traditional NAT). As you can imagine, the security implications would be dire if LSN/CGN experienced widespread adoption.
What to do
So what should you do about it? End users themselves should not have to do much about this if the world’s businesses handle the situation appropriately. For businesses, there is really no silver bullet for a smooth transition. The best advice I can give to CIOs and IT administrators is to do your research and become well-educated on IPv6 and its implications to your organization. Figure out exactly what you need to do to transition to the new protocol and begin enacting a plan to make it happen soon.
Here are some specific things to consider when planning the transition to IPv6:
- Do all your desktops and terminals provide IPv6 support?
- If you have some systems that must remain on older operating systems and run IPv4 stacks in the short term, will they need to communicate to systems that will transition to IPv6? If so, will you run a dual stack on these systems allowing IPv4 and IPv6, or will you deploy gateways?