• United States

Big players push IPv6, but masses still resist

Jul 07, 20038 mins
Cisco SystemsNetworking

When the dominant maker and a powerful buyer of network gear – Cisco and the Pentagon – insist the time has come for IPv6, some might see it as marching orders for the industry. However, IPv6 – ratified as a draft standard in 1998 – still represents the classic “ain’t broke, don’t fix” scenario for most U.S. companies.

When the dominant maker and a powerful buyer of network gear – Cisco and the Pentagon – insist the time has come for IPv6, some might see it as marching orders for the industry.

However, IPv6 – ratified as a draft standard in 1998 – still represents the classic “ain’t broke, don’t fix” scenario for most U.S. companies. Why throw a wrench into networks that took years to build and fine-tune?

Proponents say that risk is justified by advanced IPv6 services such as improved security and mobility support, benefits that laggards stand to miss the longer they delay. And, of course, there’s the shrinking pool of IP addresses, a problem IPv6 promises to fix.

Interest in IPv6 was sparked at a recent conference in San Diego, where the U.S. Department of Defense announced it is making IPv6 a procurement requirement. Cisco also recently extended its support of IPv6 from router and switch gear to firewall products.

Department of Defense CIO John Osterholz said his organization will start requiring support for the protocol starting in October. And by 2005, all Department of Defense networks will be fully interoperable with IPv6 networks.

That requirement is a boost for the technology, given that the Defense Department’s IT budget is $30 billion, says Alex Lightman, chairman of the North American Global IPv6 Summit, where Osterholz spoke. “There is no budget like it. It is the 800-pound gorilla saying, ‘Go to IPv6,'” he says.

One military IT professional who will be on the business end of the Defense Department’s mandate is Commander Jeff White, information warfare officer for the Navy Warfare Development Command.

“IPv6 effectively opens the floodgates” with respect to new security and features, says White, who is responsible for deploying new network and security technologies on Navy ships. While not commenting directly on the Department of Defense mandate, he adds that his group has gotten a jump on the IPv6 issue. “We’re already assuming that IPv6 will be out there and employed,” he says.

Unlike at the Defense Department, ramping up IPv6 networks is less of a priority for businesses and organizations not involved in defense, experts and users say.

“Nothing is going on from the enterprise perspective” regarding IPv6, says Lawrence Orans, principal analyst at Gartner. “The [Department of Defense] is one enterprise that’s obviously unique, but for regular companies and businesses, this is not on their radar screens.”

Orans adds that U.S. companies “are not feeling much pain with IP Version 4,” so there is little motivation to migrate.

That seems to be the prevailing view in the trenches.

“We are one of the lucky holders of a Class B IP network,” says Bruce Meyer, senior network engineer at ProMedica Healthcare in Toledo, Ohio. A Class B license lets his organization have 65,024 unique IP addresses. It also means ProMedica won’t be looking into IPv6 for a while.

IPv6 also is a back-burner issue for Sheng Guo, CTO for the New York State Court System.

“It’s something we’re going to look into, but not in the immediate future,” he says.

Greater difficulties, he says, include managing and troubleshooting new applications, such as IP voice and video, over a recently installed statewide optical Ethernet infrastructure. Running out of IP addresses is not his biggest concern.

The perceived cost is one deterrent to IPv6, experts say.

“There is an inherent cost to rolling out IPv6,” says Martin McNealis, Cisco’s senior director of product management for IOS. He says this cost involves upgrading IP stacks on network gear, in applications, and end nodes such as PCs and servers.

“We’re trying to mitigate that on the network side with [IPv6] integration efforts,” into Cisco product lines, he adds. This includes complete support of IPv6 across all Cisco routers, and the recent announcement of IPv6 support in firewalls. Other vendors with routing gear that supports IPv6 include Foundry Networks, Fujitsu, Hitachi, Juniper and NEC.

Another factor against IPv6 is simply that there is little need, because U.S. businesses and governmental organizations have addresses to burn.

“The corporations and carriers in the U.S. have sufficient addressing for the next few years,” McNealis adds, “and don’t feel the same addressing crunch as Asia and Europe do.”

For example, Level 3 Communications has three Class A domains, which is about 48 million unique IP addresses.

“That’s almost more than all of Asia has,” says Sylvia Hagen, president of the network consultancy Sunny Connections and author of the book IPv6 Essentials .

“If you go to Asia, you will see many commercial and production IPv6 networks because they have no other choice,” she says.

Another reason for the lack of interest in IPv6 among U.S. companies is that there are many workarounds to extend the life of IPv4 address use. Many of the network shims have become common IT practices.

“The industry has gotten very good at dealing with IP addresses,” says Douglas Comer, a professor of computer science at Purdue University and author of the book Internetworking with TCP/IP .

Comer says technologies such as network address translation (NAT) and Classless Interdomain Routing (CIDR) have made it much easier to live with IPv4. NAT used on firewalls and routers lets up to 257 nodes in a corporation sit behind a single IP address. CIDR lets the grouping of separate IP networks appear as part of a single subnet. This lets service providers conserve addresses by divvying up pieces of a full range of IP addresses to multiple customers.

But while NAT staves off the need for more addresses, this is done at the sake of the improved security IPv6 could provide, some say.

“IPv4 cannot take us into the next century,” says Jim Bound, chair of the North American IPv6 Task Force and a staff fellow at HP. He adds that NAT as the answer to address shortage “is kind of an illusion. We’re keeping [IPv4] alive with chewing gum.”

Besides security snafus, NAT can hinder network management, one user says.

“A lot of networks are turning to NAT to solve their IP [address] problems, but it’s not without” its own issues, ProMedica’s Meyer says. One issue is network management and troubleshooting. “Just try and Traceroute through a couple of routers doing NAT,” he says.

Included in the IPv6 standard is support for native IP Security (IPSec), which is retrofitted into IPv4 as an add-on.

“IPv4 breaks down when you have NAT, but with [IPv6] you can do end-to-end security with no single point of failure,” he says.

This could shake things up for IPSec VPN and Secure Sockets Layer (SSL) remote-access companies, and Layer 4 to Layer 7 switches makers, some vendor executives say.

If IPv6 becomes ubiquitous, there will be no need for IPSec clients, says Simon Johnson, vice president of technology for SSL remote-access vendor Aspelle. As a result, VPN gateways no longer will be needed between corporate networks and the Internet, because IPv6 machines will be able to tunnel directly to each other.

Meanwhile, IPv6 also could force Layer 4 to Layer 7 Web switches and load-balancing gear to evolve. Because the payloads of packets sent between any two IPv6 devices can be encrypted, these devices might not be able to identify what protocol or application they are carrying to set priorities, according to John Roese, CTO at Enterasys Networks.

Part of the necessity for IPv6 is the imminent onslaught of hand-held wireless gadgets that will tap into the Internet – and thus, require IP addresses.

To support mobile devices, the Internet Engineering Task Force is nearing the completion of the Mobile IPv6 standard, which will let devices such as cell phones, and Wi-Fi- and 3G-enabled devices roam among various wireless networks while maintaining application or voice persistence. The magnitude of addresses that IPv6 provides could let all types of devices have their own unique IP addresses, from mobile routers embedded in cars to credit cards.

“The main reason companies will want to use IPv6 is not to solve problems that were in IPv4, but to take advantage of new features, such as mobility and security,” Sunny Connections’ Hagen says.

According Instat/MDR, shipments of Internet-enabled wireless devices – such as cell phones, PDAs and combination products – will go from 430 million in 2002 to 760 million by 2006. And each of those gadgets potentially will need IP addresses.

“Quite frankly, there are not enough addresses to support a billion handsets,” says Bound, the North American IPv6 Task Force chair. “Service providers will need to adopt IPv6 to be prepared for such a large market.”