Feeds

Ready or not, IPv6 is coming

Google attempts to avert interweb end-of-days scenario

Maximizing your infrastructure through virtualization

The widespread use of network address translation (NAT) has delayed to need to step-up to the more advanced technology. However although NAT works well for client-server internet applications, its use gets in the way of the deployment of applications and services where every device needs a unique IP address.

Even so, industry experts expect IPv4 address resources to run out by 2012. Japanese internet firm Intec NetCore has even written a web app that shows an IPv4 exhaustion counter. With 480m IPv4 addresses left, Intec NetCore reckons there's 788 days left till "X-Day" when the available addresses finally run out.

As well as tackling the long-predicted number shortage, IPv6 brings other advantages, including simplifying routing aggregation and address auto configuration. The protocol also brings integrated encryption and mobility benefits absent from IPv4.

Support for the protocol has gradually been introduced in operating systems and in networking hardware. For example, Cisco added IPv6 support on Cisco IOS and switches in 2001. Apple Mac OS X has supported IPv6 since 2006, with built-in support by Windows following the introduction of Windows Vista.

Layer 3

It's in areas such as switching and routing that IPv6 brings the greatest potential upheaval. ISPs and enterprises need to change their network architecture in preparation for the wider use of the protocol.

"Operating systems have supported both IPv6 and IPv4 for a good number of years with a dual stack, so you don't have to upgrade everything," explained Melvyn Wray, senior VP of product marketing at networking equipment firm Allied Telesis. "It's with layer 3 switches or routers and the WAN that you have problem."

While three or fours years ago IPv6 technology might have been considered "esoteric", the technology has become more important as the world runs out of IPv4 addresses. Wray argued that Asia was feeling the pinch earlier than the West. Simply adding more NAT kit is no solution to the problem, he argued.

"They are already running six or seven layers deep on NAT on some Asian networks. They will run out of addresses entirely in 12-18 months. It's not anything like as bad a problem in the West, although the increased use of Blackberries and iPhones is creating an extra demand for addresses.

"It's not just the addressing scheme. IPv6 offers more efficient routing and better security the IPv4," Wray told El Reg.

Adoption of the technology also changes the security landscape.

"Contrary to popular belief, I believe IPv6 is alive and well in certain small pockets of China and Japan, where it's actually pretty useful for them to effectively run a separate Asian internet space alongside the existing [western] one," Mark Sunner, an independent security consultant, told El Reg.

"The bigger question however is when will it get all the way down to western desktops, and this will take probably something as long as a decade, because that's just how long it will take to retire/expire all the legacy kit that's out there."

Sunner said that even though IPv6 might take years to be fully implemented, its incorporation in operating system stacks makes it an issue for penetration testers even now.

"It is widely accepted that IPv6 is always an eon away. Nobody actually cares about it - but they should; because it ships as standard in all the new versions of Vista, OS X, Ubuntu etc. and is often active," Sunner explained.

"This means that whilst you may not be able to browse the web via IPv6 any time soon, the person sat nearby in your office may be taking a look at your file system - courtesy of IPv6 - via tools that exist right now," he added.

A paper on penetration testing and IPv6, by H D Moore of Metasploit fame, can be found here. ®

The Power of One eBook: Top reasons to choose HP BladeSystem

More from The Register

next story
Sysadmin Day 2014: Quick, there's still time to get the beers in
He walked over the broken glass, killed the thugs... and er... reconnected the cables*
Auntie remains MYSTIFIED by that weekend BBC iPlayer and website outage
Still doing 'forensics' on the caching layer – Beeb digi wonk
SHOCK and AWS: The fall of Amazon's deflationary cloud
Just as Jeff Bezos did to books and CDs, Amazon's rivals are now doing to it
BlackBerry: Toss the server, mate... BES is in the CLOUD now
BlackBerry Enterprise Services takes aim at SMEs - but there's a catch
The triumph of VVOL: Everyone's jumping into bed with VMware
'Bandwagon'? Yes, we're on it and so what, say big dogs
Carbon tax repeal won't see data centre operators cut prices
Rackspace says electricity isn't a major cost, Equinix promises 'no levy'
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Securing Web Applications Made Simple and Scalable
Learn how automated security testing can provide a simple and scalable way to protect your web applications.