IPv6 to Secure Business Continuity
By Marco Hogewoning, RIPE | June 30th, 2014
Every few months somewhere somebody will tell you that the sky is falling and the end of the Internet is close. The reasons brought up vary through a broad spectrum from superior technology to the lack of capacity. To a large extent people in the industry have become immune to these messages, for they are either unrealistic or in cases where the threat was real, the Internet responded in its usual resilient ways, adopting to the changing environment. It is this remarkable flexibility and the constant search for optimisation that has made Internet seep into every little corner of our lives and businesses.
Note: This article originally appeared in a publication by the ICANN Internet Service and Connectivity Providers Constituency (ISPCP) and is mostly targeted to their audience.
The story behind the exhaustion of IPv4 is no different from others. Some twenty odd years ago some people predicted that one day, the Internet would be full. With only four billion addresses for what are now seven billion people it is clear that a true global network based on the technology of the time would be impossible. Engineers in the IETF set out to do what they do best, finding solutions to problems, and came up with a slightly altered Internet Protocol, which was eventually standardised as IP version 6.
That was 1995 and ever since there have been awareness campaigns to try and persuade people to switch to IPv6, which with its unimaginably large address space would really ensure that everybody would be able to join in the Internet and with every device or machine you can think of. And just as with other cases where people warn about possible capacity issues, the warnings about the Internet running out of addresses were mostly ignored or pushed down the priority list of over-worked network engineers. For the first 15 years of its existence, IPv6 remained something for the techies to play with and, with a few rare exceptions, it didn’t see any large scale commercial use.
Status of IPv4 depletion
Back to the reality of today, and the once hypothetical case of the Internet being ‘full’ is rapidly becoming reality. The Internet Assigned Numbers Authority (IANA), which maintains the global pool of IPv4 addresses, depleted its supply of available addresses in 2011. The Regional Internet Registry for the Asian Pacific, APNIC, as well as the RIPE NCC, which allocates IP addresses in Europe, the Middle East and parts of central Asia, have both depleted their available pools as well. What remains in both regions is a very small number of addresses, which are distributed under special policies which only allow for small allocations. This means that fast growing markets in Asia, Eastern Europe and the Middle East are no longer capable of getting the IPv4 addresses they are looking for to expand their businesses.
The situation in North and Latin America is equally grim, with both LACNIC and ARIN getting very close to depletion of their remaining available address pools. While AFRINIC, the RIR for Africa, still has a pool of addresses left, it is clear that that supply is nowhere enough to connect an entire continent.
The only means to obtain additional IPv4 addresses that will soon remain is to enter the marketplace in search of unused address blocks which can, for a substantial fee, be transferred to your company. A marketplace that will be crowded by other companies which find themselves in a similar situation. And with an ever increasing demand for an ever decreasing supply of resources, one can expect prices to only rise. Building your business based solely on IPv4 will soon become very expensive, if not impossible.
So what about IPv6, which in the past has not been considered a viable alternative. Well, the good news is times are changing and in wake of IPv4 depletion more and more companies are switching to the new protocol. When I say switching, I mean adding IPv6 capabilities to their network. Right now for the majority of services and businesses it is unthinkable to switch off IPv4. And nobody says you should switch it off, all IPv6-enabled hardware and software will still support IPv4 as well and (provided you still have some addresses) you should offer the same service over both protocols.
This approach is known as dual stack and it allows for the whole Internet to make a smooth transition to the new protocol, slowly abandoning IPv4 to the point where it can be relegated to the history books.
The big challenge in this approach is cooperation in the alignment of goals and milestones. Adding IPv6 to your content delivery or hosting service is useless when the customers looking at it don’t have IPv6 available. Similarly an access provider is less likely to invest in IPv6 when all of the services and content that its customers access are only available over IPv4 – the response of many providers has been to make substantial investments in additional IPv4 address blocks and address sharing technologies, technologies that, in the long run, will harm innovation and impede the ongoing expansion of the Internet.
Coordination and information sharing
Coordination is key, across large communities like those surrounding ICANN and the RIRs, but also on a more regional and local level, via Network Operator Groups and national IPv6 task forces. Such gatherings can be used to exchange ideas, experiences and technical knowledge, but can also bring together different stakeholders who can work together to facilitate the deployment of IPv6 across a nation or industry sector.
First steps and success stories
In general terms, what can you do to deploy IPv6? Of course no matter how big or small your company is, it will take time and the sooner you start, the better. A good starting point is to make an inventory of the current situation: do you have any IPv4 addresses left unused? Projecting your current growth, how long will those addresses support your business demands.
At the same time try to establish an overview of the IPv6 readiness of your current network equipment and services, assessing how much effort it will take to deploy IPv6. Don’t forget to take into account your staff, who need to learn about IPv6 as well! The RIRs, as well as a number of other (commercial) organisations, offer training courses targeted at different groups and experience levels – you can use these to bring the necessary knowledge into your organisation.
Consider enabling IPv6 for any new services you introduce – this is often cheaper and easier than trying to retrofit IPv6 to existing installations and it will give you a great opportunity to get some more experience, as well as ensuring long-term continuity for your business. Such a strategy might seem to add additional risks, but several large providers are exactly doing just that, for instance, adding IPv6 to their newly-built 4G mobile networks.
Such green field deployments also mean you are no longer alone. In certain countries, such as Belgium (22 %), Germany (10%) and the United States (7.5%), a significant proportion of Internet users can already access IPv6-based services (see the green countries on the map below). And those numbers are growing rapidly. Offering your products and services over IPv6 means that those customers can avoid address sharing and translation techniques that might slow down or in other ways negatively impact their experience.
Figure 1: IPv6 Preference by economy (presented by APNIC)
Keep in mind that, while there are many solutions that allow you to connect multiple customers via a single IPv4 address in access technologies like DSL, cable and GSM, the options to do this in hosting services are very limited. A major feature of Carrier Grade NAT, as these technologies are often called, is that it blocks incoming connections. While this is often considered a virtue in access products, adding to the security, it is the nemesis of the hosting industry, which relies on that very property. Sharing an IPv4 address while offering DNS, web or mail services is difficult, if not impossible.
For hosting providers especially then, it is important to start deploying IPv6 as soon as possible to avoid really running out of IPv4 addresses. Deployment will also require your customers yo adapt to this new situation, creating new challenges for your organisation’s support and central management of your services. In virtual server and colocation environments your clients will need to be aware in advance, as they might need to alter their firewall settings or fine tune their servers. In shared hosting platforms you have to be aware that not all scripts and custom web applications are IPv6 aware or capable of handling the new address layout in, for instance, local logging and access technologies. It is essential that these customers are offered assistance in testing and adapting their applications to support IPv6.
Coordination and sharing of information is essential, not only in between industry players, but with customers as well. IPv6 awareness and adoption is something that has to be taken into account throughout the whole Internet value chain and across all stakeholders. It cannot be done in isolation and cooperation is the key to a successful global deployment of IPv6.