Discussion on:
View:
Show:
The migration process from IPv4 to IPv6 is going to take years. Over the last couple of years we've had some IPv6 trial days, now IPv6 will be turned on full time for specific sites and ISP. This does not mean IPv4 is being turned off yet. The basic process is dual stack routers so they support both IPv4 and IPv6, update DNS so it includes AAAA records (IPv6 A records), update and test applications, dual stack clients and create any tunnels needed to access the other protocol. Then over time you can remove the IPv4 componets and be an IPv6 only shop. Again, this process will take years,
I am curious how that will work, I am sure many people are running routers and computers that don't support IPv6 and probably won't for another 10 years at least, so will ISP's be supplying both addresses?
@Slayer -- It's hard to imagine these days that someone will be using the same router, firewall, etc. 10 years from now. At least on the "outside". 
If people should happen to find themselves forced to use the same equipment 10+ years from now and it's not IP v6 compatible then it will need to sit behind a IP v6 device/infrastructure that Craig_B was mentioning.
The good news is that network equipment for the last few years have already had support for IP v6 built in.
Craig_ B's comments is the right and practical approach. It's sort of like preparing your home for an upcoming storm. Start taking the time now to prepare.
Perhaps do a quick assessment on your infrastructure and see what will need to be replaced. This sort of reminds of the Y2K scare. Not everything needed to be compliant or replaced. I started the Y2K assessment in my infrastructure in mid-1998, put together an assessment and presented to management (along with a plan) so that I could get proper support and funding to address the effected systems in 1999.
In this case, IP v6, it's not as bad as the Y2K thing but it's better to start now.
In addition, I would also speak with your ISP/Circuit provider to learn what their plans are along with their time lines. If your public DNS is hosted by another provider, talk with them too.
Basically start making notes on what IP v6 touches in your infrastructure (internally and public), score it with a severity (ie: N/A, Low, Medium, High, Critical, etc... or use numbers, whatever works for you) and then use it as a road map. It will most likely be a living-dynamic document so don't worry if things change.
HTH ...
If people should happen to find themselves forced to use the same equipment 10+ years from now and it's not IP v6 compatible then it will need to sit behind a IP v6 device/infrastructure that Craig_B was mentioning.
The good news is that network equipment for the last few years have already had support for IP v6 built in.
Craig_ B's comments is the right and practical approach. It's sort of like preparing your home for an upcoming storm. Start taking the time now to prepare.
Perhaps do a quick assessment on your infrastructure and see what will need to be replaced. This sort of reminds of the Y2K scare. Not everything needed to be compliant or replaced. I started the Y2K assessment in my infrastructure in mid-1998, put together an assessment and presented to management (along with a plan) so that I could get proper support and funding to address the effected systems in 1999.
In this case, IP v6, it's not as bad as the Y2K thing but it's better to start now.
In addition, I would also speak with your ISP/Circuit provider to learn what their plans are along with their time lines. If your public DNS is hosted by another provider, talk with them too.
Basically start making notes on what IP v6 touches in your infrastructure (internally and public), score it with a severity (ie: N/A, Low, Medium, High, Critical, etc... or use numbers, whatever works for you) and then use it as a road map. It will most likely be a living-dynamic document so don't worry if things change.
HTH ...
It doesn't support IPv6. I have never had need to upgrade it, all my systems are still only 100mbit.
@slayer when you do upgrade here's an easy way to get ipv6 going - build a cheap pc running Astaro, it's free for home use and it easily sets up an ipv6 tunnel without your ISP having to support ipv6... remember to create some appropriate ipv6 firewall rules tho!
.... will not really need to support IP v6 .. just the broadband device (the cable modem or DSL modem). The home router sits behind the broadband device.
That being said, if you own your broadband device then you will, at some point, need to think about replacing it with a IP v6 compliant device which is why you need to speak to your ISP to see what their plans and time line.
If you lease/rent the broadband device then I wouldn't worry about it too much because your ISP should replace it.
I also believe that when your ISP is about to convert over to IP v6 they will (should) send their customers a notice. I know our ISP did that when they did some large infrastructure upgrade a few years ago. In the announcement they listed the compatible cable modems and what we needed to do.
Having said all that, IP v6, I believe, will have more of an impact on corporate networks more so than home networks.
Regardless, it's better to start learning and stay up to date on IP v6 because it will be coming. There's no avoiding it now.
That being said, if you own your broadband device then you will, at some point, need to think about replacing it with a IP v6 compliant device which is why you need to speak to your ISP to see what their plans and time line.
If you lease/rent the broadband device then I wouldn't worry about it too much because your ISP should replace it.
I also believe that when your ISP is about to convert over to IP v6 they will (should) send their customers a notice. I know our ISP did that when they did some large infrastructure upgrade a few years ago. In the announcement they listed the compatible cable modems and what we needed to do.
Having said all that, IP v6, I believe, will have more of an impact on corporate networks more so than home networks.
Regardless, it's better to start learning and stay up to date on IP v6 because it will be coming. There's no avoiding it now.
Yes, eventually. According to the FAQ at http://www.worldipv6launch.org/faq/ , both will work now and also for the foreseeable future. Years from now, websites will begin offering IPv6 only, but for now those offering IPv6 will also offer IPv4 in parallel.
That was my question as well. Working in a mixed OS environment, I'm familiar with NIC settings that Windows XP sp3 lacks IPv6. My conjecture is that once MS stops supporting XP (is that like 2016?), then sites would begin turning off IPv4. It is not determined as yet when this will happen, but it will most likely be once a majority of consumers can manage without it.
Executive summary: Not now. Sometime in the future, surely.
That was my question as well. Working in a mixed OS environment, I'm familiar with NIC settings that Windows XP sp3 lacks IPv6. My conjecture is that once MS stops supporting XP (is that like 2016?), then sites would begin turning off IPv4. It is not determined as yet when this will happen, but it will most likely be once a majority of consumers can manage without it.
Executive summary: Not now. Sometime in the future, surely.
In my opinion, Dual Stack, which is already supported on many systems, including most exisiting descktops is the 'way to go'. Using 'broker' technology should only be used when dual stack (or pure IPv6) is not an option.
Truthfuly, pure IPv6 is NOT an option for users at this time, because so many services/servers required are only offered via IPv4. IPv6 really only exists as islands today - but they ARE connecting... slowly.
Going forward, as IPV6 begins to spread across the internet, web services and servers will be supporitng both IPv4 and IPv6 for a number of years. Over time, the requirement for IPv4 support will fade away, and eventually be dropped.
The only 'tricky' part of IPv4 and IPv6 dual stack is in the DNS servers.. since IPv6 addresses are tried before IPv4. (That is why at this time many sites use the construct ipv6.name.com rather than adding the IPv6 address to www.name.com to avoid users experiencing delays)
Truthfuly, pure IPv6 is NOT an option for users at this time, because so many services/servers required are only offered via IPv4. IPv6 really only exists as islands today - but they ARE connecting... slowly.
Going forward, as IPV6 begins to spread across the internet, web services and servers will be supporitng both IPv4 and IPv6 for a number of years. Over time, the requirement for IPv4 support will fade away, and eventually be dropped.
The only 'tricky' part of IPv4 and IPv6 dual stack is in the DNS servers.. since IPv6 addresses are tried before IPv4. (That is why at this time many sites use the construct ipv6.name.com rather than adding the IPv6 address to www.name.com to avoid users experiencing delays)
I'd like to see many more articles about IPv6 from TechRep - thanks Rick! I've played with IPv6 and the question that I keep asking is how is it more secure?!? Taking into account that it's not easily human-readable and the main purpose is to get rid of NAT so "everything" can have a dedicated IP ... I would think this is less secure and many training materials don't really address this issue other than saying "get yourself a secure firewall" which we know is only 1 piece of a solution. I've studied it from CCNP training and Security training which don't really go in depth enough. Thanks CraigC for the DNS point - these are the kinds of technical details I really would like to know - anyone have any IPv6 specific training materials you can point me to?
Ok, quick 10 cent tour - from memory - about IPv6.
1 - you don't need or want to care about the IP address assigned to your non server systems. These will be assigned (via dhvpv6) with a dynamic dns update - or auto configured if the system having a DNS enrty is unimportant to you (depending upon your setup preferences). When last I checked, the auto assigned addressing scheme lacked a method to generate a dynamic dns entry. This flaw/shortcoming seems pretty glaring, and I hope they modify this.
2 - Each IPv6 system will have MULTIPLE IPv6 addresses - this is normal with the different addresses having different scopes (purposes/abilities).
3 - Your IPv6 router lets local systems know about the default route - you don't assign one. (via 'router advertisements'). No router? No routes. (Ok, we can get a server to pretent and send out router anouncement messages - radvd)
4 - IPSEC is native to IPv6 (rather than an 'add on' as in IPv4). Any system may communicate via encrypted packets. This is generallly where the 'more secure' part comes in. Sadly, the knife cuts both ways. Since the packet is encrypted from the client, firewalls have NO IDEA what the payload is. Consider a 'bot net' controlled entirely via encrypted communications. How can you differentiate that from valid communincations? Every IPv6 system therefore really MUST have anitvirus protection. (Preaching to the choir in this forum I'm sure.)
O'Reilly has a couple of e-books for IPv6 - they're 'dry' (and overpriced) but if you have enough coffee, can provide a lot of info. There are also some online training coures available - make sure you find one with 'working labs'. What you'll really need is experience - set up a test lab if you can. Because it doesn't interact with IPv4, you can't really hurt anything, so it mostly harmless/safe to run IPv6 as a Dual stack. Each OS will have its own set of IPv6 commands - generally very similar to the IPv4 versions you are familiar with.. and then some you might not be familiar with... yet.. Of course, until the ISPs present IPv6 to their customers, your IPv6 network can't actually go anywhere... we really need to IPv6 internet, followed by the servers. Until then IPv6 users simply have little to no traffic.
And if I may add a personal opinion, avoid IPv6/IPv4 translation type solutions to the absolute best of your abilities. Some may be unavoidable, say for example if only IPv6 addresses are available in mobile/cellular networks before the internet has a complete IPv6 backbone and servers aren't commonly dual stacked. These should be unavoidable exceptions driven by technical limitations and business requirements. Otherwise, dual stack the beasts!
Hope that helps and isn't too long. (And that the inevitable 'early morning errors/ omissions aren't too severe.. )
1 - you don't need or want to care about the IP address assigned to your non server systems. These will be assigned (via dhvpv6) with a dynamic dns update - or auto configured if the system having a DNS enrty is unimportant to you (depending upon your setup preferences). When last I checked, the auto assigned addressing scheme lacked a method to generate a dynamic dns entry. This flaw/shortcoming seems pretty glaring, and I hope they modify this.
2 - Each IPv6 system will have MULTIPLE IPv6 addresses - this is normal with the different addresses having different scopes (purposes/abilities).
3 - Your IPv6 router lets local systems know about the default route - you don't assign one. (via 'router advertisements'). No router? No routes. (Ok, we can get a server to pretent and send out router anouncement messages - radvd)
4 - IPSEC is native to IPv6 (rather than an 'add on' as in IPv4). Any system may communicate via encrypted packets. This is generallly where the 'more secure' part comes in. Sadly, the knife cuts both ways. Since the packet is encrypted from the client, firewalls have NO IDEA what the payload is. Consider a 'bot net' controlled entirely via encrypted communications. How can you differentiate that from valid communincations? Every IPv6 system therefore really MUST have anitvirus protection. (Preaching to the choir in this forum I'm sure.)
O'Reilly has a couple of e-books for IPv6 - they're 'dry' (and overpriced) but if you have enough coffee, can provide a lot of info. There are also some online training coures available - make sure you find one with 'working labs'. What you'll really need is experience - set up a test lab if you can. Because it doesn't interact with IPv4, you can't really hurt anything, so it mostly harmless/safe to run IPv6 as a Dual stack. Each OS will have its own set of IPv6 commands - generally very similar to the IPv4 versions you are familiar with.. and then some you might not be familiar with... yet..
Of course, until the ISPs present IPv6 to their customers, your IPv6 network can't actually go anywhere... we really need to IPv6 internet, followed by the servers. Until then IPv6 users simply have little to no traffic.And if I may add a personal opinion, avoid IPv6/IPv4 translation type solutions to the absolute best of your abilities. Some may be unavoidable, say for example if only IPv6 addresses are available in mobile/cellular networks before the internet has a complete IPv6 backbone and servers aren't commonly dual stacked. These should be unavoidable exceptions driven by technical limitations and business requirements. Otherwise, dual stack the beasts!
Hope that helps and isn't too long. (And that the inevitable 'early morning errors/ omissions aren't too severe..
) - Keyboard Shortcuts:
- Prev
- Next
- Toggle
