Skip Links

FutureNet 2009: IPv6 coming, ready or not

IPv6 poses economic, security challenges for companies

By Brad Reed, Network World
May 07, 2009 05:43 PM ET

Network World - Although many businesses say they see no economic advantage to deploying IPv6 over their networks, several panelists at this year's FutureNet said that they soon may not have a choice.

Q&A with Scott Hogg

IPv6 is a next-generation Internet layer protocol that was designed by the Internet Engineering Task Force (IETF) to solve the problem of IP address depletion under the current Internet layer protocol, IPv4. John Curran, the chairman of the board of trustees at the American Registry for Internet Numbers, said the Internet will run out of IPv4 addresses if they continue to be used at their current pace. Needless to say, Curran thinks this will cause some significant problems.

"On the day when we run out of addresses, none of you are going to notice it on that day, but it's the months that follow that turn out to be the problem," he said at this week's FutureNet conference in Boston, MA. "Backbones not going to be able to add customers unless they find more address space… the pieces you deal with going to be smaller and the routing table going to pay the price."

The trouble that IPv6 advocates have run into so far, however, is that individual businesses right now don't see the logic in investing time and money in IPv6 deployment during a recession where they have far more pressing and immediate needs. Or as Curran put it at FutureNet, "People don't see what they need before they actually need it."

Joda Schaumberg, the director of unified collaboration services for Global Crossing, said during a FutureNet panel that whole his company has seen a "significant increase" in IPv6 ports and traffic growth, it has had trouble educating enterprise customers about why IPv6 deployment is so important to their long-term health.

"I was in front of a CIO yesterday and I asked him whether deploying IPv6 was on his short, medium or long-term list of priorities," he said. "But it wasn't even on his radar."

The security implications of IPv6

Scott Hogg, who is also the coauthor of the Cisco-approved IPv6 Security guidebook and a regular contributor to Network World's Cisco Subnet blog, told FutureNet attendees that IPv6 could pose major security problems for their networks even if they hadn't yet deployed the new Internet layer protocol. This is because operating systems such as Vista and Linux are already IPv6 capable and thus any networks that use these operating systems might be handling IPv6 traffic without their operators' knowledge. Additionally, one way that IPv6 addresses connect to each other over IPv4 networks is through encapsulating IPv6 data in IPv4 packets and then "tunneling" through the older network. Because the typical firewall is unable to unwrap these IPv4 capsules to inspect the traffic inside, Hogg said that they could be a way for hackers to break into networks.

"The firewalls don't look closely enough at encapsulated packets because the typical firewall today has nothing capable of opening up the capsule," he said. "Some vendors are starting to work together on this problem but they aren't there yet."
Hogg also said that creating dual-stack transition networks that run both IPv4 and IPv6 can create vulnerabilities for networks because they can become vulnerable to attacks with either IPv4 or IPv6 traffic. He said that any enterprise building a dual-stack network should make sure that it is secure before switching on any IPv6 capabilities. This means securing the network perimeter first, hardening network devices and building the IPv6 network first from the core and then out to the edges.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News