Feeds

Adventures in Tech: Taking the plunge into IPv6

Our intrepid reporter does it, but you'll still have to

  • alert
  • submit to reddit

Internet Security Threat Report 2014

THE WEAKEST LINK IS YOU

Recent commodity operating system versions such as Windows and *nix (including Linux and Mac OS X), and language libraries (eg C/C++/C#, Java, etc) support IPv6 one way or another, and network tools and browsers generally do too.

So the weakest points are likely to be:

  • Old in-house servers/OSes and routers/bridges/switches.
  • Your ISP and its routers to the Internet cloud.
  • Your in-house code, server- and client-side.

The first may not matter if those parts of your infrastructure can ignore the IPv6 world and, for example, talk only to other internal machines.

Do make sure that your ISP or hosting company can support IPv6: I can't get it over ADSL to my home office (yet) but it's been available at one of my colos (Bogons) for a while, though I was not taking advantage of it.

You may still be able to tunnel out to IPv6-land even if your ISP or hosting company can't deliver it directly. For example, moderately-recent Mac OS X contains a "6 to 4" tunnel that can be turned on from the "Network" System Preferences with a couple of clicks provided that your machine has a public IPv4 address and a tolerant firewall: job done.

Try http://test-ipv6.com/ to test your IPv6 connectivity quickly from your desk.

test_ipv6

How http://test-ipv6.com/ looks in your browser when IPv6 tunnelling is working!

The real IPv6 Gordian Knot is likely in many cases to be that soup of half-brained it-kinda-works stuff known as in-house code. It may assume that an IP address is always 4 bytes (or can be entered or displayed as a dotted-quad) for example; think of space on reports, in database fields, log formatting, etc, etc.

So here is where you should start that Y2K-like testing: look for any references to, storage and logging of, and conversions to and from network names and addresses, especially IPv4, in the code: a decent IDE or static code analyser will help no end, but so can 'grep'.

And of course there is the magic of manual and automated testing: look at existing system unit and other tests, and write some more while you poke around.

For example, the (Java-based) site that I am adding IPv6 support to (it makes a slight effort not to be v6-foolish, but not much more) falls over spectacularly sometimes when I run up a local dev copy and connect to it locally as "localhost" rather than "127.0.0.1" because localhost sometimes gets expanded to the "::1" IPv6 loopback address and blows my code out of the water expecting a 4-byte address. So there's one area I could attempt to unit-test once I've drilled down to fix the root cause for example.

MY WAY ON THE SUPERHIGHWAY

So how was my experience in upgrading to support IPv6?

Well, it's not that I haven't thought about the coming upgrade fleetingly on and off for several years, so I didn't knowingly build anything stupidly incompatible. For example, for every OS install I did I made sure to enable IPv6 if that wasn't automatic, and all the variants of *nix, and the Java language that this site runs on, and my Tomcat servlet containers are all IPv6-friendly too.

But I kept running out of round tuits.

This time I stuck at it and spent maybe a day or two spread over 10 days to get to a working (not pretty, lots of rough edges to sand down) IPv6 server with its own DNS entries and ... ahem ... about 0.2% of my visitors!

The upgrade work was not that difficult in the end, especially as I wasn't in an externally-imposed panic. Do it before it does you!

In the next part I'll explain in more detail how I got on... ®

REFERENCES

Some light IPv6 reading to warm up!

Beginner's guide to SSL certificates

More from The Register

next story
NSA SOURCE CODE LEAK: Information slurp tools to appear online
Now you can run your own intelligence agency
Azure TITSUP caused by INFINITE LOOP
Fat fingered geo-block kept Aussies in the dark
Yahoo! blames! MONSTER! email! OUTAGE! on! CUT! CABLE! bungle!
Weekend woe for BT as telco struggles to restore service
Cloud unicorns are extinct so DiData cloud mess was YOUR fault
Applications need to be built to handle TITSUP incidents
Stop the IoT revolution! We need to figure out packet sizes first
Researchers test 802.15.4 and find we know nuh-think! about large scale sensor network ops
Turnbull should spare us all airline-magazine-grade cloud hype
Box-hugger is not a dirty word, Minister. Box-huggers make the cloud WORK
SanDisk vows: We'll have a 16TB SSD WHOPPER by 2016
Flash WORM has a serious use for archived photos and videos
Astro-boffins start opening universe simulation data
Got a supercomputer? Want to simulate a universe? Here you go
Do you spend ages wasting time because of a bulging rack?
No more cloud-latency tea breaks for you, users! Get a load of THIS
prev story

Whitepapers

Driving business with continuous operational intelligence
Introducing an innovative approach offered by ExtraHop for producing continuous operational intelligence.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
How to determine if cloud backup is right for your servers
Two key factors, technical feasibility and TCO economics, that backup and IT operations managers should consider when assessing cloud backup.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Internet Security Threat Report 2014
An overview and analysis of the year in global threat activity: identify, analyze, and provide commentary on emerging trends in the dynamic threat landscape.