IPv6 is Your Friend and Your Foe

  • Do you intend to make your current desktop environment public, or will you retain a NAT gateway to obscure your machines?
  • Will your current applications support IPv6? Public-facing servers should likely run a dual stack for IPv4 and IPv6 resolution to provide the best chance of making sure that services are available to the broadest range of users.
  • Will your current routing/switching/wireless environment support IPv6? If not, do you simply need a code upgrade or is a hardware refresh involved?
  • If you are planning to keep portions of your network infrastructure on IPv4:

    • Will those systems need to communicate to the IPv6 systems and vice versa?
    • Where will gateways/proxies/translators need to be employed?
    • Do your existing network monitoring tools have IPv6 visibility? More and more vendors provide this, but not all do. Upgrading to IPv6 may require you to re-examine your monitoring strategies.
    • For monitoring, do you have a way to separate IPv4 and IPv6 traffic statistics to ensure that hosts you are expecting to send IPv6 traffic are in fact doing so?

    In addition to having to upgrade some of their systems, many organizations also worry about not knowing how their infrastructure will behave once the new protocol is in place. While this is a valid concern, it is still not a good reason to ignore the fact that IPv6 is coming and there are technologies out there that can help alleviate this issue.

    For example, flow-based network monitoring and anomaly detection solutions that support both IPv4 and IPv6 can show IT administrators exactly what is going on inside their network at any given time.

    [Editor’s Note: Lancope sells flow-based network monitoring and anomaly detection solutions.]

    These types of technologies can answer questions surrounding how network devices and applications are behaving before, during and after the transition, helping to mitigate any anomalies that arise before they become a serious issue.

    For companies that have not yet been considering their switch to IPv6, the bad news is that it has to start happening now. The good news is that you are not alone, and that this is something every company around the world will need to undertake in the very near future. Many companies have already begun laying the groundwork, and there are plenty of resources, experts and technologies out there to help ease the transition.

    As the leader of Lancope’s product management team, Joe Yeager is responsible for the innovation and advancement of the six StealthWatch product lines. Prior to Lancope, Yeager was a Product Manager for HP in its Application Security Center division where he oversaw WebInspect, an industry-leading Web application security solution. At HP, Yeager successfully brought large-scale product releases to a market. Yeager holds a B.S. in Computer Science from the Georgia Institute of Technology.