sjvn01

IPv6: What the CIO Needs To Know

by sjvn01 ‎07-07-2011 10:47 AM - edited ‎14-07-2011 08:42 AM

The clock has struck midnight. While your carriage may not have turned into a pumpkin, we really are out of IPv4 addresses on the Internet.

Oh sure, in North America, a few addresses left haven't been spoken for yet, but they'll be gone by the end of 2011. And you can buy IPv4 addresses for your growing enterprise for a little while. But the chimes of midnight are ringing in the air: You must start switching over to IPv6.

It's not going to be easy, and you probably want to consider the transition in phases.

I recommend you start your IPv6 deployment by making your external Web, DNS, and e-mail services reachable from the IPv6 Internet.

The good news, though, is that you don't need to switch over your intranet to IPv6 anytime soon. Within the confines of your company, you can still use IPv4. You need to move to IPv6 for your gateways, load-balancers, and outward facing Web and application systems, but at least for a while you can get by with IPv6/IPv4 gateways, dual-stack systems, and the like.

In short, you and your network staff need to learn some new technologies. It would be great if IPv6 was simply backwards compatible with IPv4 so we could easily switch over to tomorrow's IPv6-dominated Internet – but it's not.

A quick review of IPv6 and IPv6 differences to bring you up to date if your eyes are glazing over already: For starters, there's that gigantic difference between the 4.3 billion unique addresses you get with IPv4's 32-bit addressing, and Ipv6's 128 bits worth of address: 340,282,366,920,938,463,463,374,607,431,768,211,456. That's 2 to the 128th power if you're calculating at home. IPv6 addresses are made up of eight groups of four hexadecimal numbers. For example 2011:0422:0000:0000:0000:0000:0433:56cf would be a legal (albeit eye-watering) address.

Fortunately, network administrators seldom need to deal with manually setting IPv6 addresses. IPv6 networks can use stateless auto-configuration to assign addresses without manual intervention.

Just as with your network today, you can use Dynamic Host Configuration Protocol (DHCP). Though to be more exact, it's IPv6-compliant brother DHCPv6.

With DHCP you can only assign unique addresses within your intranet. In the IPv6 Internet, every device should have a unique address. In this stateless IPv6 addressing, each device is assigned its unique IP address by combining a device's LAN Media Access Control (MAC) address with a prefix provided by the network router. Only a few devices — application, DNS, Web and e-mail servers — would have static IP addresses.

That's only the start. To switch your network to IPv6 you need knowledge; an ISP that supplies IPv6; and equipment and operating systems that support IPv6.

Education and IPv6

For the first part, I recommend The National Institute of Standards and Technology (NIST) which recently released Guidelines for the Secure Deployment of IPv6 (PDF). This is an excellent and free 188-page guide. Besides covering the basics, it also does an admirable job of covering IPv6 security issues and how to deploy and management dual IPv4/IPv6 networks. Frankly, it’s the best guide I’ve seen on how to actually put IPv6 to work on a network.

Another document that I think CIOs and admins will find useful is the American Registry for Internet Numbers (ARIN)'s IPv6 Addressing Plans. As you might imagine, with so many possible IPv6 addresses it makes sense to plan how to organize how you assign addresses.

Going beyond the general, look to your network equipment supplier for detailed instructions.

Even with the best guidance in the world, expect an IPv6 deployment to take a while. Many tools your network technicians and administrators have been using for years, such as NAT (Network Address Translation), will no longer be necessary. So all the tricks you've been using to get VoIP to work through NAT, for example, won't be needed anymore.

In addition, no operating system or devices have picture-perfect IPv6 support. Each has its own quirks. Just as with other standards, there's enough wiggle room in IPv6 for hardware and software incompatibilities to creep in. Expect trouble getting equipment and programs working together. I'm not even going to touch the problems you should expect to find when you try to integrate new IPv6 switches and routers with older hardware.

The one thing I can tell you is to learn all you can about both IPv6 theory and practice, and start working on it now. You don't want the day your ISP can't supply your new branch with IPv4 addresses to be the day you tell senior management that you're not ready to deploy IPv6 in the new office.

ISPs and IPv6

You'd think by 2011 all the major ISPs would support IPv6. They don't. Even as you're studying up on IPv6 mechanics, start talking to your ISPs and see what level of support they offer for IPv6. Level of support? Yes, level. What you want is native IPv6 not IPv6 over an IPv4 tunnel.

If your ISP don't support native IPv6, find one that does. Some top ISPs that do include Hurricane Electric, Verizon, and Comcast. Don't just take my word for it though. Check with each prospective ISP and make sure you understand exactly what they offer and where they're offering it.

Hardware and IPv6 Support

When you're talking serious network hardware, you can expect vendors such as Cisco and Juniper to ensure all recent equipment supports IPv6. When it comes to SOHO or consumer-grade switches and routers, though, it's another story entirely.

The quickest way to see what supports IPv6 and what doesn't is to search on the IPv6 Ready Logo Program Approved List. This searchable Web page, supported by the IPv6 Forum, uses a database of IPv6-compliant equipment that's passed a testing program. Not every vendor uses these services or submits their hardware for testing. Still, it's the closest thing you can find today to a one-stop guide to which devices have IPv6 support.

In addition,  network vendors use firmware to update, and sometimes change, IPv6 support. For example, Linksys disabled 6to4, an IPv6-to-IPv4 tunneling feature that has interoperability problems in its hardware, and the company hasn't replaced it with any other kind of IPv6 support mechanism. As of April 2011, that left Linksys without any IPv6-empowered hardware.

Cisco informs me that the recently released Linksys E4200 and the rest of the new E-line will support IPv6. This will be delivered via a free firmware update. What about older Linksys hardware? Good question – and no one has a good answer yet.

Netgear supports IPv6 in much of its equipment, but there's no easy way to find out which switch, router, or what-have-you supports IPv6 or not from the company’s Web site. For now, the only thing you can do is look through each device's release notes.

With D-Link, you can do a site search on IPv6 and get a product list. This network vendor currently supports a wireless router, the DIR-632, and half-a-dozen Gigabit switches.

Apple's AirPort Extreme and Time Capsule both support IPv6. 

Buffalo Technology, like Netgear, also supports IPv6 on some equipment, but makes it even harder to find out which equipment supports it. Here, you actually need to dig into the user manuals to find out what's what. That said, the company has  a series of routers – WZR-HP-G300NH, WHR-HP-G300N and WHR-HP-GN — that use the alternative DD-WRT firmware and it supports IPv6.

Operating Systems and IPv6 Support

Windows 7 and Windows Vista both come with IPv6 ready to go. Indeed, several of Windows 7's network features — DirectAccess and HomeGroup — depend on IPv6. Windows XP users, however, must expressly install IPv6 support

On the Windows server side, you can install IPv6 on Windows Server 2003, but I don't think that's a great idea. Microsoft delivers much better IPv6 support on Windows Server 2008 R2 and several IPv6-enabled networked services as well.

Linux has had IPv6 support for years. To set it up properly, though, you need to set it up manually. Carla Schroder, a Linux and networking expert, has written a pair of IPv6 Linux guides: IPv6 Crash Course For Linux and Another IPv6 Crash Course For Linux: Real IPv6 Addresses, Routing, Name Services, that get you through the setup basics. 

Apple has had automated IPv6 support since Mac OS X 10.4, Tiger. To really take advantage of it, check out this IPv6INT page: Apple Mac OS X IPv6. As the page's author comments, “The IPv6 documentation in Mac OS X is very sparse.” On the Mac server sides, there are some grave omissions. For example, there's no support for DHCPv6.

The bottom line is that on the client side, you shouldn't have any trouble with IPv6 with any of the major operating systems. When it comes to servers, though, you're best off with Windows Server 2008 R2 or one of the Linux servers such as Red Hat Enterprise Linux.

So, put it all together – technical knowledge, an IPv6-savvy ISP, and the right hardware and software – and you're ready to start your journey into the next generation of the Internet.

Article Options
Comments
by John Mann(anon) on ‎17-07-2011 11:41 PM
Options

I wouldn't put my faith in the IPv6 Ready Logo Program Approved List. It's the equivalend of a car roadworthy check.  It tells you that the gear won't break you network -- it doesn't tell you if it has the features and performance parity between IPv4 and IPv6 that you need.

In your "ISP" section you stressed the advantage of native rather than tunneled IPv6.  But in the "Hardware" section, some of those vendors claim "IPv6 support" when all they can do is 6to4 or static tunnels. 6to4 is a D.I.Y experimenatal transition scheme and should be avioded.  All IPv6 transition mechanisms are by design and implementation worse than native IPv6.  But if you have to tunnel, then use a managed service like 6rd or a tunnel broker.

RIPE have a CPE Survey that does a better feature comparison.  Look for DHCPv6 IA_PD so your ISP can delegate a block of IPv6 addresses for you to use in your network.

Or ask your IPv6-capable ISP.  In Australia, Internode only sell IPv6-capable hardware for use on their native dual-stack network.

I rate Mac OS X IPv6 as lower quality than current Windows or Linux.

by sjvn01 on ‎18-07-2011 09:51 AM
Options

I don't have a lot of faith in the Logo program either. For the next few years the only way you'll be able to be really sure that X will work with Y is to test it out.

As for the OSs, Win 7 has some 'quirks' that you need to know about to get it working properly. I suspect, at this point, they all do though.

Steven

Post a Comment
Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
 

The HP Input Output site is sponsored by HP and features articles and content from HP and third-party contributors. Third-party articles and content, while paid for by HP, do not necessarily represent the views and opinions of HP. HP does not endorse this content and is not responsible for its accuracy, availability and quality.

Follow Us
Spotlight
"It's Not My Job" - Handling the Vendor Finger-Pointing Trap Is Teamwork Dead? A Post-Agile Prognosis Improving Your Personal Brand with Social Networking 5 Types of Meetings Every Business Must Explore
┼ Based on energy, paper and toner savings from regular printer usage. Results may vary.