Skip Links

IPv6: Dual-stack strategy starts at the perimeter

By Scott Hogg, Network World
February 13, 2012 12:08 AM ET

Network World - We are in an awkward point in the history of the Internet. IPv4 address depletion has occurred yet we expect to use IPv4 for the next 15 to 20 years. Organizations see two paths before them. One alternative is to use continue to use IPv4 and expect to use multiple layers of network address translation (NAT) for many years to come. The other alternative is to start to use IPv6, however, the majority of enterprise organizations and content providers have not embraced the protocol.

Test of ADCs

U.S. federal organizations should be working on meeting the September 2012 Office of Management and Budget (OMB) mandate to IPv6-enable all government Internet-facing web applications. The glacial speed of the federal government combined with government budget issues makes it difficult for them to meet "yet another unfunded  IPv6 mandate".

Most enterprises have ignored IPv6. They believe they have plenty of IPv4 addresses for their own needs and that they do not have a need for IPv6. The global economic downturn has caused IT organizations to "do more with less" and they have less time to learn and deploy new-fangled technologies like IPv6. Even though IPv6 has been standardized for many years, there is a general lack of knowledge and experience with IPv6 and now many enterprises are starting to realize the position they are in. Furthermore, the vast majority of organizations are confused about how to start planning for IPv6.

Quiz: is it panic time for IPv6?

Many organizations get stalled with their IPv6 deployments. They feel they must plan for a full transition to IPv6 which requires all devices that use an IPv4 address migrate to IPv6. This is not practical and it is more likely that organizations will gradually deploy dual-protocol configurations in various portions of their environment to over the course of many years. There will be legacy systems in network environments that will only use IPv4 until they are decommissioned. For example, the computer-room UPS has a network interface that only works with IPv4. It is not feasible to replace the UPS just to gain IPv6-management capabilities.

IPv6 has had time to "mature" and now it comes standard in many products. The good news is that much of the network infrastructure, operating systems and applications already contain IPv6 capabilities. DNS Servers and most of the Internet root name servers now support IPv6. ISPs now offer IPv6 Internet connectivity options. Routers, firewalls, and other systems already have robust IPv6 functionality.

Organizations should strive to use the dual-stack migration strategy. This is where you add IPv6 to your existing systems to make them function using both IP versions simultaneously. Tunneling and translation techniques should be used when dual-protocol configuration is not possible. The mantra of "dual stack where you can, tunnel where you must" is the order of the day.

For many years, IPv6 experts have been urging organizations to IPv6-enable their Internet perimeter systems. The thought was that it is the logical first step and focused on the enterprise getting upstream IPv6 Internet connectivity. It makes sense that perimeter DNS systems, web applications and e-mail servers would be the first zones of the network topology to get IPv6. Through the process of migrating the perimeter to IPv6, an organization would learn most of what they needed to know about IPv6. Too many organizations get overwhelmed thinking about everything in the enterprise that needs to migrate to IPv6. The "Internet-edge" deployment method defines a finite scope that helps an organization focus their efforts.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News