Broadband

IPv6 is here June 6, 2012: Five tips for going forward

Regardless of opinions of IPv6, it's coming soon and will be part of our lives going forward. Rickatron has a few tips for IT pros on how to manage IPv6.

June 6, 2012 is a big day in the history of Information Technology. On this day, approximately 1% of Internet traffic will leverage IPv6. We’ve all heard of the end of days for IPv4 and wondered if large auctions of private address spaces would be a new gold rush; but IPv6 is the solution we’ll have for the foreseeable future and that’s a good thing. I’ve collected a few tips to deal with IPv6 for IT pros to increase the awareness of IPv6.

#1 Don’t do it if you don’t know it

First of all, don’t mess with IPv6 in a production capacity unless you know what you are doing. If you want to learn IPv6, great! (Please be sure to write blogs about your experience along the way.) But this is the keystone example of where consult funds make sense. Find someone who does know IPv6. Further, it will probably be on Internet connectivity first; and only then  with new equipment or lines.

#2 Internal address spaces will likely remain unchanged. Forever.

This is the silver lining here; we’ll likely be able to maintain our private address spaces for the foreseeable future with technologies that broker our Internet connectivity correctly to the mixed IPv4 and IPv6 Internet. This means our private network investments and configuration can go largely unchanged. Changing all internal addressing schemes is complicated enough; the thought of changing all workstations, servers, printers and network infrastructure to IPv6 doesn’t appeal to me at all. The only exception would be if an internal address space is becoming exhausted (unlikely), conflicts with an Internet IP range (time to correct that 10 year old error!), or the internal IP space is just totally whacked (you know who you are).

#3 Invest in your Internet presence equipment first

This is the area where you will need IPv6 investments. This is the equipment that may deal with an IPv6-only configuration as well as broker connectivity to IPv4 resources on the Internet. Chances are June 6 will be a non-event for everything you have running today. But when the time comes that you add a new Internet connection or set up a new location, IPv6 may become your newest “opportunity” in your IT experience. When that time comes, be sure to do it right the first time.

#4 Security doesn't go away

In fact, it’s more complicated. You need to ensure that the security aspects of IPv6 are addressed to your requirements. This includes both Internal LANs and Internet presences. To the point above, don’t do something where you tell yourself you’ll “clean it up later”. That’s the type of decision that leads to a resume-generating-event later on.

#5 Start testing!

There are quite a number of Internet resources that will tell you how your connection and applications are to perform in an IPv6 world. This is especially critical the moment you receive an IPv6 Internet address. This will likely happen first with a residential connection, as many broadband carriers have started to issue equipment to home subscribers that are IPv6-ready. One way to test that connectivity from the comfort of your web browser is the Test-IPv6.com website. It will tell you how the Internet connection and experience through the browser will perform.

One change, many things need consideration

The key takeaway on IPv6 is when the time comes for you, go about it correctly. Don’t set yourself up for failure from the beginning. Find the resources you need and ensure you are equipped for success. Have you started on the IPv6 journey? What tips can you share so that other IT Pros can learn from what you have been through thus far? Please, share your comments below.

About

Rick Vanover is a software strategy specialist for Veeam Software, based in Columbus, Ohio. Rick has years of IT experience and focuses on virtualization, Windows-based server administration, and system hardware.

13 comments
tech
tech

I'd like to see many more articles about IPv6 from TechRep - thanks Rick! I've played with IPv6 and the question that I keep asking is how is it more secure?!? Taking into account that it's not easily human-readable and the main purpose is to get rid of NAT so "everything" can have a dedicated IP ... I would think this is less secure and many training materials don't really address this issue other than saying "get yourself a secure firewall" which we know is only 1 piece of a solution. I've studied it from CCNP training and Security training which don't really go in depth enough. Thanks CraigC for the DNS point - these are the kinds of technical details I really would like to know - anyone have any IPv6 specific training materials you can point me to?

craigc
craigc

In my opinion, Dual Stack, which is already supported on many systems, including most exisiting descktops is the 'way to go'. Using 'broker' technology should only be used when dual stack (or pure IPv6) is not an option. Truthfuly, pure IPv6 is NOT an option for users at this time, because so many services/servers required are only offered via IPv4. IPv6 really only exists as islands today - but they ARE connecting... slowly. Going forward, as IPV6 begins to spread across the internet, web services and servers will be supporitng both IPv4 and IPv6 for a number of years. Over time, the requirement for IPv4 support will fade away, and eventually be dropped. The only 'tricky' part of IPv4 and IPv6 dual stack is in the DNS servers.. since IPv6 addresses are tried before IPv4. (That is why at this time many sites use the construct ipv6.name.com rather than adding the IPv6 address to www.name.com to avoid users experiencing delays)

rusty.tyson
rusty.tyson

I am ready; I can already spell IPv6 !! All th' e-Best Rusty

Aleksiev.Boris
Aleksiev.Boris

The transition to Ipv6 will it lead to problems for users with windows xp sp3 ?

Rob Kuhn
Rob Kuhn

@Slayer -- It's hard to imagine these days that someone will be using the same router, firewall, etc. 10 years from now. At least on the "outside". :-) If people should happen to find themselves forced to use the same equipment 10+ years from now and it's not IP v6 compatible then it will need to sit behind a IP v6 device/infrastructure that Craig_B was mentioning. The good news is that network equipment for the last few years have already had support for IP v6 built in. Craig_ B's comments is the right and practical approach. It's sort of like preparing your home for an upcoming storm. Start taking the time now to prepare. Perhaps do a quick assessment on your infrastructure and see what will need to be replaced. This sort of reminds of the Y2K scare. Not everything needed to be compliant or replaced. I started the Y2K assessment in my infrastructure in mid-1998, put together an assessment and presented to management (along with a plan) so that I could get proper support and funding to address the effected systems in 1999. In this case, IP v6, it's not as bad as the Y2K thing but it's better to start now. In addition, I would also speak with your ISP/Circuit provider to learn what their plans are along with their time lines. If your public DNS is hosted by another provider, talk with them too. Basically start making notes on what IP v6 touches in your infrastructure (internally and public), score it with a severity (ie: N/A, Low, Medium, High, Critical, etc... or use numbers, whatever works for you) and then use it as a road map. It will most likely be a living-dynamic document so don't worry if things change. HTH ...

Slayer_
Slayer_

I am curious how that will work, I am sure many people are running routers and computers that don't support IPv6 and probably won't for another 10 years at least, so will ISP's be supplying both addresses?

Craig_B
Craig_B

The migration process from IPv4 to IPv6 is going to take years. Over the last couple of years we've had some IPv6 trial days, now IPv6 will be turned on full time for specific sites and ISP. This does not mean IPv4 is being turned off yet. The basic process is dual stack routers so they support both IPv4 and IPv6, update DNS so it includes AAAA records (IPv6 A records), update and test applications, dual stack clients and create any tunnels needed to access the other protocol. Then over time you can remove the IPv4 componets and be an IPv6 only shop. Again, this process will take years,

craigc
craigc

Ok, quick 10 cent tour - from memory - about IPv6. 1 - you don't need or want to care about the IP address assigned to your non server systems. These will be assigned (via dhvpv6) with a dynamic dns update - or auto configured if the system having a DNS enrty is unimportant to you (depending upon your setup preferences). When last I checked, the auto assigned addressing scheme lacked a method to generate a dynamic dns entry. This flaw/shortcoming seems pretty glaring, and I hope they modify this. 2 - Each IPv6 system will have MULTIPLE IPv6 addresses - this is normal with the different addresses having different scopes (purposes/abilities). 3 - Your IPv6 router lets local systems know about the default route - you don't assign one. (via 'router advertisements'). No router? No routes. (Ok, we can get a server to pretent and send out router anouncement messages - radvd) 4 - IPSEC is native to IPv6 (rather than an 'add on' as in IPv4). Any system may communicate via encrypted packets. This is generallly where the 'more secure' part comes in. Sadly, the knife cuts both ways. Since the packet is encrypted from the client, firewalls have NO IDEA what the payload is. Consider a 'bot net' controlled entirely via encrypted communications. How can you differentiate that from valid communincations? Every IPv6 system therefore really MUST have anitvirus protection. (Preaching to the choir in this forum I'm sure.) O'Reilly has a couple of e-books for IPv6 - they're 'dry' (and overpriced) but if you have enough coffee, can provide a lot of info. There are also some online training coures available - make sure you find one with 'working labs'. What you'll really need is experience - set up a test lab if you can. Because it doesn't interact with IPv4, you can't really hurt anything, so it mostly harmless/safe to run IPv6 as a Dual stack. Each OS will have its own set of IPv6 commands - generally very similar to the IPv4 versions you are familiar with.. and then some you might not be familiar with... yet.. :) Of course, until the ISPs present IPv6 to their customers, your IPv6 network can't actually go anywhere... we really need to IPv6 internet, followed by the servers. Until then IPv6 users simply have little to no traffic. And if I may add a personal opinion, avoid IPv6/IPv4 translation type solutions to the absolute best of your abilities. Some may be unavoidable, say for example if only IPv6 addresses are available in mobile/cellular networks before the internet has a complete IPv6 backbone and servers aren't commonly dual stacked. These should be unavoidable exceptions driven by technical limitations and business requirements. Otherwise, dual stack the beasts! Hope that helps and isn't too long. (And that the inevitable 'early morning errors/ omissions aren't too severe.. :) )

Solenoid
Solenoid

Yes, eventually. According to the FAQ at http://www.worldipv6launch.org/faq/ , both will work now and also for the foreseeable future. Years from now, websites will begin offering IPv6 only, but for now those offering IPv6 will also offer IPv4 in parallel. That was my question as well. Working in a mixed OS environment, I'm familiar with NIC settings that Windows XP sp3 lacks IPv6. My conjecture is that once MS stops supporting XP (is that like 2016?), then sites would begin turning off IPv4. It is not determined as yet when this will happen, but it will most likely be once a majority of consumers can manage without it. Executive summary: Not now. Sometime in the future, surely.

Slayer_
Slayer_

It doesn't support IPv6. I have never had need to upgrade it, all my systems are still only 100mbit.

Rob Kuhn
Rob Kuhn

.... will not really need to support IP v6 .. just the broadband device (the cable modem or DSL modem). The home router sits behind the broadband device. That being said, if you own your broadband device then you will, at some point, need to think about replacing it with a IP v6 compliant device which is why you need to speak to your ISP to see what their plans and time line. If you lease/rent the broadband device then I wouldn't worry about it too much because your ISP should replace it. I also believe that when your ISP is about to convert over to IP v6 they will (should) send their customers a notice. I know our ISP did that when they did some large infrastructure upgrade a few years ago. In the announcement they listed the compatible cable modems and what we needed to do. Having said all that, IP v6, I believe, will have more of an impact on corporate networks more so than home networks. Regardless, it's better to start learning and stay up to date on IP v6 because it will be coming. There's no avoiding it now.

nick.franklin
nick.franklin

@slayer when you do upgrade here's an easy way to get ipv6 going - build a cheap pc running Astaro, it's free for home use and it easily sets up an ipv6 tunnel without your ISP having to support ipv6... remember to create some appropriate ipv6 firewall rules tho!