Top 10 Myths About IPv6
Take a closer look at 10 myths and set the record straight about this enigmatic protocol.
Here is a headline that could have appeared in 2005: "IPv6 is Finally Here." And in 2007: "After Delays, It's IPv6 Time." Two years ago: "IPv6, the New Addressing Scheme, Arrives."
You get the idea. IPv6 has been on the cusp of happening for almost as long as the Mets have been waiting for a no-hitter. Well, we all (or at least the sports fans among us) know what happened last Friday night. So perhaps the dawn of IPv6 really is upon us, finally.
On June 8, 2011, the Internet Society held World IPv6 Day. On that day, service providers, content owners, consumer electronics firms and others turned on IPv6 functionality for a day. While some kept it enabled, most turned it off. Tomorrow, the idea is that the same constituencies will flip the "On" switch - and leave it on. It is World IPv6 Launch Day.
This is not puffery. It is incredibly hard, painstaking work by engineers looking to make sure that every line of code that "knows" an IP address is 32 bits long in a certain format also "knows" that it could also be in IPv6 format, 128 bits long. This is a major accomplishment for ISPs and application providers around the world. The router and edge device providers have mostly done their homework years ago, but the ISPs and app providers are largely just getting there.
PCWorld offers a good general backgrounder, with some interesting information on the security ramifications of the new addressing scheme. Forbes also addresses the security issue, through a guest post by VeriSign CSO Danny McPherson. It's a good news/bad news scenario. Experts agree that IPv6 is inherently safer, with more security built in. However, there are more gaps ready for exploitation, especially if proper steps aren't taken.
Here are McPherson's words of caution:
However, if network administrators aren't ready for IPv6 in their operating environments, meaning full functional parity from a security and operational perspective, then they really need to disable IPv6 entirely and deploy new devices and hardware in a very calculated manner. As an industry, we've already observed IPv6 being used to compromise systems "under the radar" of IPv4-only sensors, and several folks have reported IPv6 being expressly enabled by miscreants in order to exfiltrate data, facilitate malware propagation, and enable botnet C&C infrastructure and distributed denial of service: attacks.
The idea that IPv6 has been unduly delayed is to a great extent an exaggeration. The concerns over security are a great example of why this is taking a long time. While it's true that the process has been slow and that some companies dragged - and continue to drag - their feet, the massive nature of the transition must be considered. It is not an overstatement to say that it is more ambitious than assigning a new street address to every home and office in the world. It is even more complex because a physical address is static, while IP addresses are constantly in flux.
Tomorrow marks a significant milestone. But it is just one in a long transition and not the end of the story.