IPv6 has been on almost every IT team’s “to implement next year” list, but with World IPv6 Day happening on June 6th, many websites will be making the switch and staying there. Jim MacLeod, product manager, and the team from WildPackets have taken a closer look at 10 myths and set the record straight about this enigmatic protocol to help the transfer go more smoothly.
Click through for 10 myths about IPv6 identified by WildPackets.
IPv6 has been in development for 20 years. Initial work on “IP Next Generation” started in 1992, and was standardized as IPv6 in 1998. By 2008, it was deployed well enough on the Internet that the 2008 Olympic Games website supported IPv6. On June 8, 2011, several major websites test-enabled IPv6 for “World IPv6 Day”. IPv6 is time-tested and ready for production.
IPv6 isn’t a patch for IPv4, it’s a new network-layer protocol that can operate on the same wire. It doesn’t require you to disable IPv4, so you don’t have to change your existing IP addressing scheme. While there’s a unique opportunity to re-architect, you can just deploy it in parallel with your current IPv4 addressing.
IPv6 is of course fully routable, with strong support of such major protocols as OSPF, IS-IS, and BGP.
The main difference that IPv6 brings is addresses are 4 times longer than IPv4, giving a total of almost 400 trillionX3 different addresses (3.4 * 10^38). You may be concerned that you won’t be able to remember an IPv6 address. However, the underlying structure is the same, subnet and host. With a little planning, you’ll still be able to read an IPv6 address as “host 7 on subnet 2”, since your subnet and host addresses are completely under your control using routing and DHCPv6. Just because you have a lot of digits in your address doesn’t mean you can’t fill them with zeros.
Most users won’t notice anything different about using IPv6. IPv6 is supported by all major PC operating systems and all major Internet client apps — like Web browsers. IPv6 carries the same protocols as IPv4, like TCP and UDP. It resolves addresses the same way, using DNS, in a manner that’s transparent to anyone not using “raw” IP numbered addresses.
For legacy applications and users who use numbered IPv4 addresses, the good news is that there’s no need to turn off IPv4 just because you’ve added IPv6. You can keep running IPv4 as long as you need to.
IPv6 doesn’t require NAT. This is a good thing. NAT “hides” the internal network behind one outside address. However, NAT security is only as good as the firewall policy: a bad policy is as insecure as no policy at all, with or without NAT. NAT wasn’t built for security, it was a patch to extend the life of IPv4, and like many patches: it breaks things. NAT just makes understanding the network harder for both intruders and administrators. IPv6 is scary because it shows that Emperor NAT has no clothes.
There’s also a method of auto-configuring IPv6 that uses the PC’s MAC address in the IPv6 address. If that’s a privacy concern for you, just use DHCPv6, which will also make understanding your network easier for you.
IPv6 is rumored to be more secure than IPv4 because it supports IPSec VPN. However, IPSec only provides security if you set it up, and it’s also available for IPv4. IPSec doesn’t make IPv6 any more secure than IPv4
This myth isn’t entirely false: the large addresses make IPv6 harder to “scan” than IPv4. An intruder in your network can’t run a quick ping sweep across your network. The number of possible IPv6 addresses gives even a small network as many addresses as today’s Internet. However, this exception isn’t entirely true, as there are tricks with IPv6 neighbor discovery to find PCs without scanning.
The global Internet has reached the point where some parts of the world — mostly in Asia — are out of “new” IP addresses. It’s still possible to get online because the ISPs are using NAT, but using NAT on IPv4 causes more problems than moving to IPv6.
Some of the areas that have run out of new IPv4 addresses are the same areas that are experiencing the most economic growth. Reaching those markets will soon require the use of IPv6.
Even after IPv6 is widely deployed, IPv4 isn’t going to disappear immediately. IPv4 will likely be routed across the Internet for years to come, and inside corporate networks for long after that. Lots of networks are using legacy protocols in parallel with IPv4. Similarly, IPv4 will likely live on in parallel with IPv6.
After the success of World IPv6 day in 2011, this year brings “World IPv6 Launch” on June 6, 2012. A long list of major websites have pledged to turn on IPv6 and keep it on. To make IPv6 more accessible these sites will be joined by many ISPs and home router vendors. After World IPv6 Launch, IPv6 should be possible for anyone who wants to use it on the Internet.
This is the most dangerous myth of all. All major PC operating systems support IPv6, enabled by default. If you think your network is not carrying IPv6, it probably just means that you don’t know about it. Even if you have IPv6 routing turned off, tunneling protocols like Teredo allow a host to have a public IPv6 address, even when behind NAT. That means that the PC is directly connected to the IPv6 Internet with only its own firewall to protect it.