Feeds

Ready or not, IPv6 is coming

Google attempts to avert interweb end-of-days scenario

Internet Security Threat Report 2014

The widespread use of network address translation (NAT) has delayed to need to step-up to the more advanced technology. However although NAT works well for client-server internet applications, its use gets in the way of the deployment of applications and services where every device needs a unique IP address.

Even so, industry experts expect IPv4 address resources to run out by 2012. Japanese internet firm Intec NetCore has even written a web app that shows an IPv4 exhaustion counter. With 480m IPv4 addresses left, Intec NetCore reckons there's 788 days left till "X-Day" when the available addresses finally run out.

As well as tackling the long-predicted number shortage, IPv6 brings other advantages, including simplifying routing aggregation and address auto configuration. The protocol also brings integrated encryption and mobility benefits absent from IPv4.

Support for the protocol has gradually been introduced in operating systems and in networking hardware. For example, Cisco added IPv6 support on Cisco IOS and switches in 2001. Apple Mac OS X has supported IPv6 since 2006, with built-in support by Windows following the introduction of Windows Vista.

Layer 3

It's in areas such as switching and routing that IPv6 brings the greatest potential upheaval. ISPs and enterprises need to change their network architecture in preparation for the wider use of the protocol.

"Operating systems have supported both IPv6 and IPv4 for a good number of years with a dual stack, so you don't have to upgrade everything," explained Melvyn Wray, senior VP of product marketing at networking equipment firm Allied Telesis. "It's with layer 3 switches or routers and the WAN that you have problem."

While three or fours years ago IPv6 technology might have been considered "esoteric", the technology has become more important as the world runs out of IPv4 addresses. Wray argued that Asia was feeling the pinch earlier than the West. Simply adding more NAT kit is no solution to the problem, he argued.

"They are already running six or seven layers deep on NAT on some Asian networks. They will run out of addresses entirely in 12-18 months. It's not anything like as bad a problem in the West, although the increased use of Blackberries and iPhones is creating an extra demand for addresses.

"It's not just the addressing scheme. IPv6 offers more efficient routing and better security the IPv4," Wray told El Reg.

Adoption of the technology also changes the security landscape.

"Contrary to popular belief, I believe IPv6 is alive and well in certain small pockets of China and Japan, where it's actually pretty useful for them to effectively run a separate Asian internet space alongside the existing [western] one," Mark Sunner, an independent security consultant, told El Reg.

"The bigger question however is when will it get all the way down to western desktops, and this will take probably something as long as a decade, because that's just how long it will take to retire/expire all the legacy kit that's out there."

Sunner said that even though IPv6 might take years to be fully implemented, its incorporation in operating system stacks makes it an issue for penetration testers even now.

"It is widely accepted that IPv6 is always an eon away. Nobody actually cares about it - but they should; because it ships as standard in all the new versions of Vista, OS X, Ubuntu etc. and is often active," Sunner explained.

"This means that whilst you may not be able to browse the web via IPv6 any time soon, the person sat nearby in your office may be taking a look at your file system - courtesy of IPv6 - via tools that exist right now," he added.

A paper on penetration testing and IPv6, by H D Moore of Metasploit fame, can be found here. ®

Security for virtualized datacentres

More from The Register

next story
Just don't blame Bono! Apple iTunes music sales PLUMMET
Cupertino revenue hit by cheapo downloads, says report
The DRUGSTORES DON'T WORK, CVS makes IT WORSE ... for Apple Pay
Goog Wallet apparently also spurned in NFC lockdown
Cray-cray Met Office spaffs £97m on VERY AVERAGE HPC box
Only 250th most powerful in the world? Bring back Michael Fish
Microsoft brings the CLOUD that GOES ON FOREVER
Sky's the limit with unrestricted space in the cloud
'ANYTHING BUT STABLE' Netflix suffers BIG Europe-wide outage
Friday night LIVE? Nope. The only thing streaming are tears down my face
Google roolz! Nest buys Revolv, KILLS new sales of home hub
Take my temperature, I'm feeling a little bit dizzy
Cisco and friends chase WiFi's searing speeds with new cable standard
Cat 5e and Cat 6 are bottlenecks for WLAN access points
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
New hybrid storage solutions
Tackling data challenges through emerging hybrid storage solutions that enable optimum database performance whilst managing costs and increasingly large data stores.
Website security in corporate America
Find out how you rank among other IT managers testing your website's vulnerabilities.