For a decade, IPv6 proponents have pushed this upgrade to the Internet’s main communications protocol because of its three primary benefits: a gargantuan address space, end-to-end security and easier network administration through automatic device configuration. Now it turns out that one of these IPv6 benefits — autoconfiguration — may not be such a boon for corporate network managers. A growing number of IPv6 experts say that corporations probably will skip autoconfiguration and instead stick with DHCP, which has been updated to support IPv6.
For a decade, IPv6 proponents have pushed this upgrade to the Internet’s main communications protocol because of its three primary benefits: a gargantuan address space, end-to-end security, and easier network administration through automatic device configuration.
Now it turns out that one of these IPv6 benefits — autoconfiguration — may not be such a boon for corporate network managers. A growing number of IPv6 experts say that corporations probably will skip autoconfiguration and instead stick with DHCP, which has been updated to support IPv6.
Autoconfiguration vs. DHCPv6 has become a point of contention among IPv6 proponents. As recently as last month, the IETF — the standards body that created IPv6 and DHCPv6 — held a lively online debate about rethinking autoconfiguration in light of DHCPv6.
“This is a widely discussed issue. Which is better: DHCPv6 or autoconfiguration?” says Timothy Winters, software engineering manager at the University of New Hampshire’s Inter Operability Lab. The UNH-IOL operates Moonv6, the world’s largest IPv6 test bed.
Winters sees the commercial software industry starting to back DHCPv6 because of the additional controls and tracking and debugging features it provides. “Moonv6 tried to run DHCPv6 testing two and a half years ago, and we only had two or three companies that did servers and software,” he says. “A year later, we had 14 companies…We’ve definitely seen the DHCPv6 implementations explode.”
The biggest backer of DHCPv6 is Cisco, which has supported DHCPv6 in its IOS since 2003, and also supports it in Cisco Network Register (CNR). The company says the next version of CNR, expected out by early 2008, will feature parity between DHCPv4 and DHCPv6. “From a security standpoint and for information assurance, network managers all still want visibility into their networks,” says Dave West, director of field operations for Cisco’s Federal Center of Excellence. “We believe the demand is going to be there for DHCPv6.”
Microsoft is starting to support DHCPv6, too. Microsoft Vista’s IPv6 implementation supports DHCPv6, although its earlier IPv6 support in Windows XP did not. Microsoft says Windows Server 2008 will support DHCPv6 as well.
BlueCat Networks began offering limited support for DHCPv6 in its Proteus and Adonis appliances in 2007. “We have not seen a tremendous amount of demand for DHCPv6,” says Cricket Liu, vice president of architecture at Infoblox. “We don’t see a ton of companies champing at the bit to implement IPv6. And where they will be prodded to because [the American Registry for Internet Numbers] starts issuing only IPv6 addresses, they’ll use IPv6 externally and they’ll still use network address translation internally. So we don’t see an opportunity for DHCPv6.”
Autoconfiguration vs. DHCPv6
IPv6 addresses are 128 bits long, compared to IPv4's 32-bit addresses. Because they’re so large, these addresses will be difficult for network administrators to memorize and type into applications. That’s why it’s important how network managers assign and manage IPv6 addresses.
With IPv6, network managers can choose between the stateless address-autoconfiguration built into IPv6 and stateful address configuration using DHCPv6.
IPv6’s default mode is stateless address-autoconfiguration, which is supposed to provide true plug-and-play connectivity for network devices. With autoconfiguration, a device automatically receives an IP address and doesn’t need to contact a server for one. This is made possible through several features of IPv6 including router advertisements, neighbor discovery and duplicate-address detection. The autoconfiguration approach is easier for network managers and less taxing for the network, backers say. That’s why it’s likely to be used for mobile devices and home networks.
“The idea with stateless address-configuration in IPv6 is that you plug a computer into your network, you plug a printer into your network and you can communicate,” says Ted Lemon, a DHCP expert and developer for Nominum. “You don’t have to set up any servers, and you don’t have to manage any servers.”
Autoconfiguration will be useful for teleworkers and small branch offices, too. “The classic scenario for autoconfiguration is the dentist’s office,” Lemon says. “Do you really want to hire an IT guy? That is what stateless address-configuration in IPv6 is for.” IPv6’s autoconfiguration “is a true advantage for handheld devices. That’s where IPv6 gains over IPv4,” the UNH-IOL’s Winters says.
DHCPv6, on the other hand, provides stateful address-configuration. DHCPv6 servers pass out IP addresses and service information to clients, and both the server and the client retain this information to prevent address conflicts. DHCPv6 lets network managers know the devices connected to the network and their IP addresses. Corporate network managers have grown accustomed to this level of visibility into their networks because they use DHCP with their IPv4 networks. Backers of DHCPv6 say they’ll want to keep this visibility into their IPv6 networks. “People want to know who is on their network, and DHCPv6 is the way to do it,” Winters says. “IT people understand how DHCP works in IPv4, and the IPv6 version is not that different. It’s easy for IT people to wrap their brains around DHCPv6 as opposed to autoconfiguration, which doesn’t exist for IPv4.”
DHCPv6 became a proposed IETF standard four years ago. It has all the features of DHCPv4, along with some capabilities that make it easier for network managers to renumber networks; that in turn should make it easier to merge networks or switch service providers.
Nominum’s Lemon says network managers have a love/hate relationship with DHCP in IPv4 networks. They love it because it gives them control over their networks, but they hate having another network service to manage. “Network managers like the fact that they can assign IP addresses with DHCP, but it’s more important that they can see what’s on their network. It gives them information about how many devices are on the network and how much usage of the network there is,” Lemon says. “It’s almost like they have a finger on the pulse of their network if they use DHCP.”
To complicate the situation further, there’s also a stateless version of DHCPv6. With this feature, network managers can use stateless address-configuration to let clients get their own IPv6 addresses, but they can follow up with a DHCPv6 information request to gather network configuration information and to configure DNS or other servers.
”In low-overhead, low-management deployments, you might want to use this lightweight configuration of DHCPv6,” says Ralph Droms, principal engineer with Cisco and one of the chairs of the IETF’s Dynamic Host Configuration working group.
Nonetheless, many IPv6 experts now believe that corporations will stick with stateful address-allocation through DHCPv6. “For corporate users, stateless autoconfiguration is not a good selling point for IPv6,” Lemon admits. “I think it’s a valid selling point for ISPs. If you’re a large ISP, stateless autoconfiguration on the customer network is a really good thing because it means you’re going to get fewer phone calls. But I think corporate IT departments are going to want the level of information they get out of DHCP.”
What early adopters are doing
This debate matters to corporate network managers, who are going to have to choose whether they want to migrate to IPv6 with autoconfiguration or DHCPv6.
This is especially true for U.S. federal IT departments, which are under a mandate to support IPv6 on their backbone networks by 2008. The federal mandate doesn’t specify DHCPv6.
Federal agencies “are still trying to determine what the best route is going to be to transition to IPv6,” Cisco’s West says. “There is a lot of discussion about DHCPv6. . . . I absolutely believe that DHCPv6 will happen in the federal market based on the need for information assurance. We think it’s going to be critical for transition.”
One early IPv6 adopter that’s interested in DHCPv6 is Bechtel. The engineering services giant has 9,900 of the 18,000 computers on its network running IPv6. Bechtel has been using the IPv6 autoconfiguration feature because DHCPv6 wasn’t available in Windows XP. “One of the things we like about Vista is that it does support DHCPv6,”says Fred Wettling, Bechtel's manager of IT standards and strategies. The company uses DHCPv4 for its IPv4 clients and autoconfiguration for its IPv6 clients, he says. “Over time, having one place where we control everything will be handy,” he adds. ”We’ll start implementing Windows Server 2008 [which supports DHCPv6], but we’re still going to be in a mixed mode for awhile.”
Wettling says IPv6 autoconfiguration has “served us very, very well. The performance is good and predictable.”
In the meantime, the debate between DHCPv6 and autoconfiguration continues. “There’s been an ongoing discussion for years,” Cisco’s Droms says. “There’s still a constituency with a loud voice that says we ought to get rid of DHCP altogether. Some network administrators don’t see the need for that kind of control and visibility into their network addressing assignments, and they see running a DHCP service as a significant operational expense.”
Droms predicts most enterprises will spend the money to support DHCPv6, however. “In a network environment where a network administrator wants to know what hosts and what devices are connected to the network and what addresses those devices are using on the network, the network administrator will want to use DHCPv6,” he says. “It’s very useful for debugging purposes. . . . It’s useful for accounting and useful for controlling access to the network.”