When I first began hearing about IPv6, a number of questions popped into my mind.  Not surprisingly, they are the same questions most people have.   Being here at Command Information, I’m lucky to have ready access to some of the top experts in the field.   So I pulled together a list of some of the most frequently asked IPv6 questions and asked around.   Here’s a summary of what I learned:

QUESTION: When will the IPv4 address crunch start to hurt?  1 year?  Five years?    

According to one well-regarded model, the expected exhaustion of the IPv4 space, based on current use, is 19-Nov-2011 – just three and a half years away. But long before that event occurs there will be certain websites that will only be reachable with IPv6.   To track IPv4 address exhaustion, see this website: http://www.potaroo.net/tools/ipv4/index.html

For more detail, see David Green’s blog posts: IPv6 is a Business Continuity Issue and The Analysis Behind “IPv6 Is a Business Continuity Issue”

For fun, watch IPv6 tech geeks sing about The Day The Routers Died…

QUESTION:  What mobile phone models are IPv6 capable today?  

Read the rest of this entry »

It has been a busy week or so!

A full week ago, DNS turned 25! Conveniently, later in the week, ICANN’s board approved opening up the DNS space to arbitrary TLDs (adding to the traditional .com .net .edu .edu .info … etc.). Luckily, with a fairly high bar for entry, to limit ability of phishers to abuse this new space - although this also raises questions about where all that money will be going …

Also last week, Cisco Live was happening in Orlando - and had a record # of IPv6 related sessions! These sessions included talks on security, routing protocols, real world deployment experiences … and, of course, Cisco answers to most of the mentioned concerns :). (I was there, and saw a couple of familiar faces (former students, clients and coworkers) as well as meeting some great people from Cisco who I have exchanged emails with in the past but had not yet met) ((Oh, and seeing the Bare Naked Ladies (natch, the band), the Blue Man Group and Ben Stein were a great bonus!))

Back to that IPv6 D-Day thing … so, today is June 30th, 2008. And with little fanfare, the OMB522 deadline has arrived. Did this change the world?

Of course not - but it *is* a step in the right direction, representing the US government making something of a dedicated effort (with varying levels of real world applicability) in having their ginormous IT infrastructure being future-ready. That is a Good Thing!!

In fact, increasingly more people agree it is an absolutely critical thing - factoring in stats from The IPv4 Address Report:

Projected IANA Unallocated Address Pool Exhaustion: 05-Jan-2011
Projected RIR Unallocated Address Pool Exhaustion: 18-Nov-2011

(See previous comments on the meanings of these numbers, no need to re-hash that here :)!)

SO - with OMB522 (cough) completed, what’s next?
Fantastic question … the short answer is (sadly?) nothing.
The longer answer is that it is up to the representatives appointed to the OMB by the next administration.

While IPv6 admittedly doesn’t have the same political pull as war, terrorism, economics, “global warming”, social security, tax reform, the future of (medicare | entitlement spending | the decline of the US Dollar | campaign finance reform | energy independence | national broadband deployment) it would be nice to have some hints from either candidate on their opinions on the further advancement of IPv6 (not just in being able to route packets, but to actually use it … and then the real benefit - when services that take advantage of something IPv6 offers become available / in use).

Just a few thoughts from someone who is mid-vacation.
/TJ

PS - More here, from our CEO

Fred Whettling,  Patrick Grossetete. amd Ciprian Popoviciu’s book, “Glogal IPv6 Stategies“  is dead-on on the business case studies, adoption strategies, and network evolution planning. Every CIO and Sr. Network Engineer should read this book to realize that the next-generation network future is here now and should be leveraged as a business differentiator. In 2010-2012, every global enterprise and government will have a choice - be in denial or leverage the IPv6 change. The author’s analysis in late 2007 (pages 346-351) of our Command Labs R&D facility as an innovation driver explains our sudden uptake in business in mid 2008 as industry and government begins to embrace the IPv6 evolution. The Internet must evolve to become easier to manage, support machine to machine (M2M) services, mobile services, and scale to global & beyond scope. I’m encouraged to see that Patrick, Ciprian, and Fred were able to forecast the requirements for global Internet scaling and put together a serious business analysis of how to architect the future of the Internet for the next 100 years. For every business that relies on e-commerce, networked business systems, is expanding into new global markets, and has customer facing Internet sites, the IPv6 transition is a business continuity and competitive advantage issue they must address. If you’re a CIO, manage a company that relies on e-commerce, or are an IT leader, you should read this book and digest the advice - the Internet is evolving - will your enterprise lead or follow?

Thoughts on “The IPv4 Address Report”

Projected IANA Unallocated Address Pool Exhaustion:

22-Jan-2011
Projected RIR Unallocated Address Pool Exhaustion: 06-Dec-2011

There is lots of debate over the above projections, and a fair number of caveats as well. Let’s talk briefly about a couple of them …

1) Even assuming those projections hold true, does the Internet STOP in 01/11 … or 12/11? Of course not. What stops is the ability for (respectively) Registries and ISPs to get additional IPv4 allocations. The addresses already deployed continue working, but now in an environment being stifled by this architectural detail.

2) These are, of course, statistical projections … and predicting the future is always a bit of (cough) an art, yes? Things like a “trading market” for IPv4 addresses may emerge (hopefully not!), IPv6 deployment actually assisting stave off IPv4 depletion, etc. In short, it fails (as it must!) to account for “human nature”, and our never-ending ability to make statistical models fail :).

(For more about the numbers, the model, the caveats - go to the site!)

So … How would IPv6 help?

IPv6 offers - at the very least - a solution to the address space problem. If you are familiar with CI’s “Anatomy of an IPv6 Address” write-up (or similar sources) you already understand this. In short, having 128bits vs 32bits makes a world of difference.
(I like to point out that it is a little more accurate to think of the IPv6 address space as 64bits of network stuff (”prefix”) and 64bits of host stuff (”Interface ID”) … 64bits of network stuff still leaves us with something in the neighborhood of 80 Billion Billion (US Billions being used here) networks!).

This provides ample address space for current needs, as well as scaling for decades to come … but more to the point, these *globally routable* addresses being readily available will enable and encourage new styles of computing … the “network of peers” effect (or Network Centric Operations, if you prefer) are the next generation in many computing models (information sharing & collaboration, gaming, building/home automation, etc. etc. etc.).

While “My address space is bigger than yours” doesn’t quite have the *zing* of some of the other purported (and oft misrepresented) benefits of IPv6, it may actually be the “killer feature” that (finally) encourages widespread deployment.

Comments, questions, concerns, complaints … fire away!
/TJ

PS - Want a great resource for answering the “Why would I deploy IPv6″, well you can always just ask us - but you could also pick up this fantastic resource from our friends @ Cisco / Bechtel / Cisco Press … “Global IPv6 Strategies”

Who is trying to hack our IPv6 network today? Our chief IPv6 security engineer has noted several attacks lately, but none seem to be originating from inside the US. In the last week there has been reconnaissance and probing coming from a block of addresses assigned within China, and repeated login attempts on our web servers coming from addresses assigned in the EU. The attacks we have seen in the last few days have been fairly unsophisticated, but how do we catch the sophisticated hackers and cyber-warfare professionals who know how to recon and attack “low and slow” or exploit IPv6 connection features, especially when most IA infrastructure is only designed for IPv4?  We “low tune” an Intrusion Detection System (IDS) for IPv6-specific covert channels, attacks, tunneling, and network scanning techniques, then we scan over long periods of time to find the “slow attacks.” Yes naysayers - -  many of today’s IDS products actually can detect IPv6 - with the right software upgrade and/or a library of IPv6 attack signatures. Tools for IPv6 IA are here today - and with the proliferation of IPv6 technology in IT infrastructure today, everyone who wants secure networks had better get  IPv6 network IA  practices in place  - - soon!

If good network security isn’t your concern, we understand that the Brian Krebs, (http://blog.washingtonpost.com/securityfix/), is always looking to for a good story about security failures.

To clarify the post “IPv6 is a Business Continuity Issue” , aka “The Day the Routers Died”, here is a summary of the analysis done by Geoff Huston, Hans-Werner Braun, and many others:

The global BGP routing table is growing near exponentially, threatening an eventual widespread breakdown of Internet backbone router connectivity. With the current routing table size around 269,233 entries on Apr 17, 2008, routing is a race between Moore’s law (how much memory can we put in one router) and the growth of the routing table. The trend was temporarily slowed in 2001 by an aggressive program to utilize Classless Inter Domain Routing (CIDR) and route aggregation to control the growth, and as the small dip in the middle of the chart below shows, that actually made a small difference. Now with the expanded demand for multihoming by end user networks the growth is now near exponential again. When large IPv4 blocks run out in the 2010 to 2011 timeframe, the existing blocks will have to be split and redistributed, further accelerating the growth of the BGP routing table and de-aggregating the existing IPv4 address space.

Seeing the trend and knowing how it ends can be compared to running across a railroad bridge while hearing the train whistle in the distance - you know you better run faster or jump, but you’re not sure how deep the water is or how far away the train really is.   For the sake of millions who depend on the Internet for livelihood, entertainment, and critical operations, we had better get the transition to the next-generation Internet complete and keep assigning IPv6 addresses with good route aggregation in mind before we get hit by the train and all learn to sing that sad song “The Day the Routers Died.”

Sources: Data and BGP report graph obtained from the BGP Autonomous System 6447 report on Thursday Apr 17 03:09:00 2008 (UTC+1000) with graphic generated by the BGP table analyzer program written and maintained by Geoff Huston.

Good Morning!

Taking a stroll by the ARIN IPv6 Wiki you can find (amongst a wealth of other IPv6 information) a link to the results of a recent IPv6 “deployment” survey(.PDF).

At the very least, there are some interesting takeaways from that - one of them being the #3 item listed as the “Biggest Hurdles to IPv6 Deployment” (p11 for those of you following along!) - Knowledge/Education. Hmmm, I wonder where I could find a good source of IPv6 training? I might be just a bit biased though …

Also fairly interesting, from the same page, is the bottom of the list - Performance, Allocation Policy and Multihoming. I am glad these are finally near the bottom, as two of those in particular (Performance, Multihoming) have been persistent questions that we as an industry have had to answer repeatedly.

Page 12 has some notables as well, like the #1 “Hurdle to IPv6 Allocation” - Have not gotten around to it yet … wow. Compare that to IPv4, and the hurdles facing organizations trying to get large-block allocations of addresses …

#4 from that list is quite telling as well, and I would have put it higher on the list if it were up to me (in fact, I did rank it higher when taking the survey :)) - ISP does not support IPv6. I am glad this is moving lower in the rankings as far as problems, but it is still quite a challenge sometimes.

I think that is enough for now, I could go on and on … but instead, I will simply recommend that you go read it - and feel free to fire any questions in our direction! (Also note that it is a wiki, us mere mortals can contribute!!)

/TJ
PS - did you catch my earlier note about Cisco Live in June? I’d love to see you there!