Presentation on theme: "What happened to IPv5? and other oft asked IPv6 questions The Internet Society, IPv6 and You Susan Estrada."— Presentation transcript:
What happened to IPv5? and other oft asked IPv6 questions The Internet Society, IPv6 and You Susan Estrada
Is the Internet about to run out of IP address numbers? Yes and no. For the version of the Internet Protocol that underpins the Internet today (IPv4) there is a limited amount of unused space remaining. While estimates vary, based on recent trends it is anticipated that the current pool of unallocated IPv4 addresses will be consumed sometime around 2010 - 2011. However, an enormous amount of IP address space exists under IPv6. IPv6, in fact, was specifically designed to fix the address limitations of IPv4. IPv6 addresses have been available for allocation since 1999 and the RIRs, ICANN, ISOC and others are encouraging network operators to apply for IPv6 addresses and implement IPv6 in their networks. Refer to the following announcements from: AfriNIC APNIC ARIN LACNICICANN AfriNIC APNIC ARIN LACNIC
What is IPv6? IPv6 is the new version of the Internet address protocol that has been developed to supplement ( and eventually replace ) IPv4, the version that underpins the Internet today.
What happened to IPv5? Version 5 of the IP family was an experimental protocol developed in the 1980s. IPv5 (also called the Internet Stream Protocol) was never widely deployed. Since the number 5 was already allocated, this number was not considered for the successor to IPv4. Several proposals were suggested as the IPv4 successor, and each was assigned a number. In the end, it happened that the one with version number 6 was selected.
How does IPv6 solve the problem of IPv4 address exhaustion? Simply by having a lot more address space to uniquely identify devices that are connected to the Internet. IPv4 has a theoretical maximum of about 4 billion addresses whereas IPv6 has an unthinkable theoretical maximum: about 340 trillion, trillion, trillion addresses. In actual use, IPv6 addresses are structured for routing and other purposes and as a result the number of addresses available is effectively less, but still extremely large. For the end user, the large amount of IPv6 address space means: Home users will generally be given blocks of addresses sufficient to number multiple networks and thousands of devices. (In contrast, under IPv4, home users today typically get a single address.) Enterprises and small businesses will generally be given enough to number a substantial number of networks and tens of thousands of devices; while larger sites will get significantly more.
What happens when IPv4 address pool is finally depleted? Existing devices and networks connected to the Internet through IPv4 addresses will continue to work as they do now. In fact, IPv4-based networks are expected to co- exist with IPv6-based networks at the same time. However, for network operators and other entities that rely on Internet numbering allocations, it will become increasingly difficult and expensive (and eventually prohibitively so) to obtain new IPv4 address space to grow their networks. The cost and complexity associated with keeping track of and managing remaining IPv4 address space efficiently will also increase. Therefore, network operators and enterprises will need to implement IPv6 in order to ensure long-term network growth and global connectivity.
Network Address Translation devices (NATs) allow many computers to use the same IPv4 address. Wont more NATs solve everything? No. Deploying more NATs is not an adequate long-term solution. NATs can work reasonably well for certain applications, such as allowing multiple users in a small office or home network to access simple Web pages or mail services. Computers that sit behind NATs, however, do not have true end-to-end Internet connectivity. NATs complicate many real time and innovative Internet applications, such as Internet telephony and multimedia distribution. This can be particularly problematic for large corporate networks and users that want to run sophisticated applications, and also for those who are developing new applications. In addition, diagnosing and fixing problems on a network full of NATs is generally much harder than on a network without them. Furthermore, as the difficulty of obtaining IPv4 address space increases, it is inevitable that some sites will only support IPv6. IPv6, therefore, will be required to ensure global connectivity. Top Top
But wont we still need NATs for security? No. All the security features provided in an IPv4 NAT box can be provided by an IPv6 router with firewall capabilities, without the need to modify the address.
Are there other advantages to IPv6 besides increased address space? The main advantage of IPv6 is that it provides much more address space. Being a more recent protocol, IPv6 does have a few design improvements over IPv4, particularly in the areas of autoconfiguration, mobility, and extensibility. However, increased address space is the main benefit of IPv6.
I've heard some people say IPv6 is more secure than IPv4, while others say it is less secure than IPv4. What is this about? Debates concerning IPv4 versus IPv6 security often focus on different aspects of network deployment. It has been said that IPv6 supports improved security because the specifications mandate the inclusion of the IP Security (IPsec) suite of protocols in products. In IPv4, including IPsec is optional, but it is commonly available. Because the IPsec protocol suite is designed to be indifferent to IP versions, the technology works generally the same way in both IPv4 and IPv6. In this way, the benefits of using IPsec are similar in either environment. The increased address space provided by IPv6 does eliminate the need to use NAT devices, which are pervasive in many IPv4 networks. Broadly speaking, security is harder to deploy and troubleshoot when NATs are present in a network as they disrupt IP layer traceability and therefore security audit trails. In addition, the address rewriting that NAT performs is considered by some security protocols to be a security violation. Thus, with the increased address space eliminating the need to use NATs, IPv6 potentially facilitates deployment of end- to-end security. Many of the IPv6 security issues reported today have to do with vulnerabilities in individual products, not the IPv6 protocol. IPv4 is widely deployed and individual IPv4 products have gone through the recurring cycle of discovering and fixing security vulnerabilities and other bugs. Because IPv6 products are comparatively new, they have not benefited from similar experience. Consequently, security vulnerabilities in IPv6 products will need to be discovered and repaired, just like for other products. Also, the operational practices built up over many years for IPv4 networks will have to be adapted for IPv6. New practices will need to be developed for the dual stack IPv4 and IPv6 environment. This will be accelerated as more network operators deploy IPv6 and continue to exchange information about experience and best practices through established operators groups, the IETF Operations area, and other forums. Overall, maintaining network security will continue to be a challenging undertaking in both IPv4 and IPv6 contexts. Neither protocol provides a simple solution to the complexities associated with securing networks. Like with IPv4, network operators should become educated on IPv6 security practices and keep up-to-date with developments as they plan for and deploy IPv6.
Is IPv6 ready for deployment now? There are three basic aspects involved in the deployment of IPv6: the protocol, the products, and the operational practices. The IPv6 Protocol IPv6 has benefited from over 10 years of development within the Internet Engineering Task Force (IETF). The core standards have been stable for many years and deployed in both research and operational contexts. In addition to the core specifications, IPv6 includes a large number of individual standards that have a more limited applicability and are only needed in specialised environments. Additional development work will continue in these areas as new issues are discovered in response to deployment-specific scenarios. Like the continuing evolution of IPv4, there will always be updates and additions to IPv6 in response to deployment experience. Thus, even though the core IPv6 specifications are stable, there will continue to be ongoing work on IPv6-related specifications. IPv6 Products The core IPv6 specifications are becoming increasingly available as a standard part of products and service offerings. However, not all products are fully IPv6 capable at this time and some significant upgrade gaps remain, especially in low-end consumer equipment. Similarly, while many software applications and operating systems (especially in open source code) have already been updated for IPv6, not all products (including some from major vendors) are fully IPv6 ready. It is best to check with specific vendors on the IPv6 readiness of their individual products and services. In addition, in-house application software or custom code that interfaces with the network will likely need updating for IPv6. IPv6 Operational Practices Operational practices built up over many years for IPv4 networks will have to be adapted for IPv6. There is growing experience in the deployment of IPv6 in research networks and R&D projects, while some production networks (primarily in Japan and Korea) have been running IPv6 for a number of years. IPv6 traffic today, however, remains small in comparison to IPv4. As more network operators deploy IPv6 and continue to exchange information about experience and best practices through established operators groups, the IETF, and other forums, the community knowledge level will grow. In summary, IPv6 is ready for deployment, but additional effort is needed to make its use pervasive. The IETF, equipment vendors, application developers, network operators and end users all have roles to play in ensuring the successful wide-spread deployment of IPv6.
How much will the transition to IPv6 cost? Since network needs and businesses differ, IPv6 transition strategies and related costs will also vary between organisations. Hardware and software vendors are increasingly integrating IPv6 as a standard feature in products, allowing organisations to deploy IPv6 as part of routine upgrade cycles. For many organisations, operational costs, including staff training, and one-time administrative costs to add IPv6 to management databases and documentation, are likely to constitute the majority of the cost of upgrading to IPv6. Organisations that run in-house customised software will experience additional costs to upgrade these programs to IPv6, and enterprises that have test/release processes will see a marginal additional cost for the IPv6 configuration tests. For end-users, operating systems such as Mac OS X, Windows, and Linux now incorporate IPv6 within their latest releases and will automatically use IPv6 if it is available. Applications are expected to follow as the global demand for IPv6 increases.
I have enough addresses today. Why should I bother implementing IPv6? IPv6 is an important part of ensuring continued growth and accessibility of your services to the rest of the Internet and emerging markets in particular. As the Internet progressively becomes a dual IPv4/IPv6 network, ensuring that you are IPv6 enabled will be critical for retaining universal Internet connectivity for your clients, users, and subscribers, business partners and suppliers. Indeed, as the difficulty and cost of obtaining IPv4 address space increases, it is inevitable that some sites will only support IPv6. Connectivity with such sites (and customers) will require IPv6. It is also worth considering what services and devices may need to be supported over the next few years as the remaining IPv4 pool become depleted. Your existing address allocations may be insufficient to support a sudden increase in the number of connected devices per person (as many organisations experienced with the rapid deployment of IP-enabled wireless handheld products and similar devices a few years ago).
Is there a specific date when everything needs to be upgraded to IPv6? No. There is no specific date when everything must be upgraded to IPv6 (although some organisations, including governments, have already identified target dates for their own IPv6 implementation. IPv6 and its transition mechanisms have been designed for a long period of co-existence with IPv4 and it is expected that IPv4-only systems and applications will survive for many years. However, IPv6-only systems are expected to arise and many of these users are likely to be in emerging business markets and developing countries. Implementing IPv6 requires planning and with IPv4 address pool exhaustion expected around 2010-2011, planning needs to start now. Network operators and administrators should already be incorporating IPv6 into their network upgrade and procurement plans.
When will I need to turn off IPv4? Possibly never. The purpose of deploying IPv6 is to ensure network growth and continued interconnectivity when IPv4 address space becomes depleted and difficult to obtain. In addition, as the global Internet continues to expand, it is likely that some Internet sites will only be available via IPv6. To avoid problems, one should be fully IPv6-enabled by the time IPv6-only sites start appearing. However, in practice, it is only the public (or user) facing part of an enterprise's infrastructure that needs to be IPv6 enabled at the outset. The back-end infrastructure - which users do not interact with directly - can continue to be based entirely on IPv4, so long as that is the most cost-effective approach. (Enterprises may determine that it is more cost-effective to progressively turn off IPv4 in parts of their network once it is no longer needed or in significant use.) One should expect, however, that it might never be cost-effective (or possible) to upgrade certain legacy systems. Thus, it will likely be a decade or more before enterprise sites find themselves in a position to consider completely turning off IPv4. In practice, there is no need to turn it off so long as IPv4-only applications still remain in use.
I run an ISP with a block of IPv4 address space. Can I just convert that into IPv6 space? You will need to obtain new IPv6 addresses in addition to your existing IPv4 address blocks. IPv4 address space that you have today can still be used in a dual IPv4-IPv6 environment. The RIRs all have policies that make it straightforward for an ISP with IPv4 space to apply for and receive IPv6 address space. You should contact the RIR for your region or your ISP for more information on how to acquire IPv6 addresses. It may also be good idea to use this opportunity to redesign your addressing plan, taking advantage of the greater flexibility of IPv6 to assign subscriber address blocks more optimally. Similarly, customer sites may use IPv6 as an opportunity to redesign and optimise their internal addressing plan. However, it may be possible to re-use an existing subnet addressing plan within the new IPv6 block, if that is preferred.RIR for your region
I run IT services. What should I be doing now to get ready? Plan for IPv6 as you would for any major service upgrade. Do an audit of your current IPv6 capabilities and readiness. Assess the level of IPv6 technical knowledge within your staff and make plans for staff development and training that will support IPv6 implementation. Think about which of your services will lose business if they are only accessible to IPv4-users and make them a priority for IPv6 capability. For example, you may plan to implement an IPv6-enabled front-end Web server immediately, before converting your internal network. Remove obstacles to enabling IPv6 including identifying any legacy systems that can not be upgraded, and choose a solution for them (most likely, the solution will be an application level proxy that can support both IPv4 and IPv6 for the remaining lifetime of that system). Plan upgrades and purchases so that you dont find yourself needing to deploy and enable IPv6 but discover at a late stage that you are not ready because a key system dependency is not IPv6 capable. Contact your vendors to find out about IPv6 support in their current products and future releases and ask your ISP about their plans to support IPv6.
ISOC is looking at IPv6 education HELP!?/:<0 http://www.isoc.org/educpillar/resources/ipv6_faq.shtml Leslie Daigle at ISOC –email@example.com@isoc.org Susan Estrada at Aldea –firstname.lastname@example.org@aldea.com