Feeds

Ready or not, IPv6 is coming

Google attempts to avert interweb end-of-days scenario

5 things you didn’t know about cloud backup

The widespread use of network address translation (NAT) has delayed to need to step-up to the more advanced technology. However although NAT works well for client-server internet applications, its use gets in the way of the deployment of applications and services where every device needs a unique IP address.

Even so, industry experts expect IPv4 address resources to run out by 2012. Japanese internet firm Intec NetCore has even written a web app that shows an IPv4 exhaustion counter. With 480m IPv4 addresses left, Intec NetCore reckons there's 788 days left till "X-Day" when the available addresses finally run out.

As well as tackling the long-predicted number shortage, IPv6 brings other advantages, including simplifying routing aggregation and address auto configuration. The protocol also brings integrated encryption and mobility benefits absent from IPv4.

Support for the protocol has gradually been introduced in operating systems and in networking hardware. For example, Cisco added IPv6 support on Cisco IOS and switches in 2001. Apple Mac OS X has supported IPv6 since 2006, with built-in support by Windows following the introduction of Windows Vista.

Layer 3

It's in areas such as switching and routing that IPv6 brings the greatest potential upheaval. ISPs and enterprises need to change their network architecture in preparation for the wider use of the protocol.

"Operating systems have supported both IPv6 and IPv4 for a good number of years with a dual stack, so you don't have to upgrade everything," explained Melvyn Wray, senior VP of product marketing at networking equipment firm Allied Telesis. "It's with layer 3 switches or routers and the WAN that you have problem."

While three or fours years ago IPv6 technology might have been considered "esoteric", the technology has become more important as the world runs out of IPv4 addresses. Wray argued that Asia was feeling the pinch earlier than the West. Simply adding more NAT kit is no solution to the problem, he argued.

"They are already running six or seven layers deep on NAT on some Asian networks. They will run out of addresses entirely in 12-18 months. It's not anything like as bad a problem in the West, although the increased use of Blackberries and iPhones is creating an extra demand for addresses.

"It's not just the addressing scheme. IPv6 offers more efficient routing and better security the IPv4," Wray told El Reg.

Adoption of the technology also changes the security landscape.

"Contrary to popular belief, I believe IPv6 is alive and well in certain small pockets of China and Japan, where it's actually pretty useful for them to effectively run a separate Asian internet space alongside the existing [western] one," Mark Sunner, an independent security consultant, told El Reg.

"The bigger question however is when will it get all the way down to western desktops, and this will take probably something as long as a decade, because that's just how long it will take to retire/expire all the legacy kit that's out there."

Sunner said that even though IPv6 might take years to be fully implemented, its incorporation in operating system stacks makes it an issue for penetration testers even now.

"It is widely accepted that IPv6 is always an eon away. Nobody actually cares about it - but they should; because it ships as standard in all the new versions of Vista, OS X, Ubuntu etc. and is often active," Sunner explained.

"This means that whilst you may not be able to browse the web via IPv6 any time soon, the person sat nearby in your office may be taking a look at your file system - courtesy of IPv6 - via tools that exist right now," he added.

A paper on penetration testing and IPv6, by H D Moore of Metasploit fame, can be found here. ®

Build a business case: developing custom apps

More from The Register

next story
Microsoft: Azure isn't ready for biz-critical apps … yet
Microsoft will move its own IT to the cloud to avoid $200m server bill
Shoot-em-up: Sony Online Entertainment hit by 'large scale DDoS attack'
Games disrupted as firm struggles to control network
Silicon Valley jolted by magnitude 6.1 quake – its biggest in 25 years
Did the earth move for you at VMworld – oh, OK. It just did. A lot
VMware's high-wire balancing act: EVO might drag us ALL down
Get it right, EMC, or there'll be STORAGE CIVIL WAR. Mark my words
Forrester says it's time to give up on physical storage arrays
The physical/virtual storage tipping point may just have arrived
VMware vaporises vCHS hybrid cloud service
AnD yEt mOre cRazy cAps to dEal wIth
prev story

Whitepapers

A new approach to endpoint data protection
What is the best way to ensure comprehensive visibility, management, and control of information on both company-owned and employee-owned devices?
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Maximize storage efficiency across the enterprise
The HP StoreOnce backup solution offers highly flexible, centrally managed, and highly efficient data protection for any enterprise.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.