Jan 27, 2014
Some time back, I had a chat with the UK’s Southampton University School of Electronics and Computer Science (ECS) group around IPv6. The warnings were of disaster caused by the lack of IPv4 addresses and the chaos that would then ensue. Making a few points to the ECS team, they were not impressed with my belief that IPv6 was not a shoe-in, and we parted on not the most amicable terms.
This was over 15 years ago.
In the far more recent past, Quocirca got a request from the RIPE NCC for a discussion on IPv6. Expecting a re-run of the ECS discussions, we were pretty amazed at how the RIPE NCC representative pretty much accepted that IPv6 was not progressing as hoped, and that users really didn’t perceive much additional value apart from a huge increase in actual numbers. His challenge was much as Sisyphus trying to roll his stone up the mountain.
It has to be accepted that IPv6 is needed — the Internet of Things (IoT) is well on its way, and the forecasts of billions of new internet connected items means that IPv4 just cannot be man enough for this.
Or can it?
Let’s consider why IPv6 has not made the strides it should have done.
1. Every IPv6 address needs an IPv4 one. OK — not quite true, but if an internet-connected “thing” wants to talk across the internet as a full peer, it needs to be able to talk to non-IPv6 enabled sites. As IPv6 was not designed to be IPv4 compatible, the only way that this can be done is to give every IPv6 address a corresponding IPv4 one. See the problem here? If we are running out of IPv4 yet each IPv6 address needs an IPv4 address, then what do we do? If IPv6 had been designed so that there was a good means of failover from an IPv6 address to an IPv4 one, then this problem could have been mitigated.
2. If there are so few IPv4 addresses, why are so many being misused? According to the RIPE database, there are less that 16 million IPv4 addresses left for use. However, these are only the reserved addresses that have not been previously given out. In the early days, IPv4 addresses were given to anyone who wanted them — and often in very large blocks. There are a very large number of IPv4 addresses that have never been used. There are also a lot of IPv4 addresses in the hands of blackhat groups who are using them for a few minutes and then dropping them so as to be less traceable. Too late now to put the genie back in the bottle, but the loss of all those precious addresses was something only a bunch of techies could have done so effectively.
3. We don’t actually need IPv6. Hang on — if there are billions of new items connecting to the internet, then we really do need IPv6, surely? Actually, no – and this is why IPv6 has really struggled. The vast majority of systems sit behind a network address translation (NAT) wall. As I sit here in my little cocooned environment, I have a full IPv4 address table available to me — my items all have 192.168.x.x addresses. These are by no means unique on the internet, but it doesn’t matter, as only my WAN address is seen by the rest of the world, and I can use port forwarding to get any of my internal items to talk to the world. Even if I had a very large number of items, I could cascade-NAT with multiple NAT tables in operation.
The perception pushed by the IPv6 crowd is that everything needs to be interconnected as pure peers. However, alongside the lack of unique IPv4 address problem, NAT is used for security purposes: a NAT firewall is a point of aggregation where IP traffic can be inspected and security applied. If everything is connected to everything else directly; then this is actually seen as a security issue.
4. IPv6 is just so &*%$£! hard. I know the IPv4 addresses of the main equipment on my network. Remembering 192.168.1.1 is easy. I don’t need to give it a friendly address within a DNS table. I can’t do that with IPv6 — remembering something of the format 2001:0db8:85a3:0042:1000:8a2e:0370:7334 is just that little bit harder.
However, in that complexity lies the actual promise of IPv6 and why organizations should be looking more seriously at it. Time and time again, Quocirca finds through its research the standard top three issues that business and IT feel need dealing with when it comes to IT. And these three are “Security, security and security”. There is little trust in the IT world — yet IPv4 was designed for a simpler world where that trust was taken as a given.
IPv6 was designed for a more grown-up, corporate world. The three reasons why it should be taken up are:
1. It can have security built-in, through its design for supporting IPSec. It does, however, need setting up correctly
2. It is more efficient in how it deals with data packets, making the whole internet more efficient.
3. It uses multicast services, rather than broadcast, and can therefore preserves bandwidth and enables streamed services to operate in a more optimized manner.
These can all have direct positive impact on businesses that are dependent on using the internet — and they would be interested in investing in, rather than paying for an insurance policy against a numbers game that is so patently confused.
Maybe if the IPv6 brigade concentrated more on these areas rather than the numbers game, then IPv6 would be taken more seriously. If not, I’m pretty sure that in another 15 years, I may still be having the same discussions with people as I have been having up until now.
Image credit: Steve Jurvetson (flickr)