IPv6 – are you ready? Pt 2
SAGE-AU is a not-for-profit professional organisation that promotes the development of the system administration profession.
Part two: the solution
Last post, I discussed the imminent demise of spare IPv4 addresses, wherein the last addresses are likely to be allocated to end user organisations around November 2011. After this point, no more IPv4 addresses will be available – and this means that the way people will be connected to the Internet will have to change.
Some of these changes are likely to be less than palatable, especially to high-end users and businesses. In particular, some ISPs will be forced into using network address translation (NAT) in order to service some classes of customer; it’s certainly possible that having a “real” IP address may become a value add – and be charged for accordingly – with some ISPs.
This of course brought us to IPv6: it allows for a lot more devices (roughly speaking, 3.4 × 1038 versus 4.2 billion), thus eliminating NAT from any near term considerations. But, of course, there are issues: many home-grade DSL modems don’t support IPv6, and most Australian ISPs have been quite tardy in their running of consumer trials – much less support in any sense – of IPv6 deployments. Moreover, IPv6 is not IPv4, and at least for the time being needs to be run in parallel with IPv4. So, we’re behind schedule: we’re running out of addresses, and need to start looking at our alternatives. If you want to do your bit, here’s what you can do.
Step one. Ask your ISP when they plan to start trialing or supporting IPv6 in any form. If you’re with SAGE-AU platinum sponsor Internode, they’re already well on the way to there. If you’re a larger business connected via Ethernet, there may be some chance that your ISP is prepared to run a ‘dual stack’ trial now – if they’ve been trialling IPv6 internally. Nonetheless, without demand, ISPs won’t necessarily have the motivation to start trialing.
Step two. Ensure you have IPv6 capable equipment. At this stage, there is a limited number of devices that support IPv6 in ways appropriate to DSL; the Billion 7800NL, the FRITZ!Box, and Cisco’s 800 series routers are among the few that do. At the business level, most decent modern Ethernet routers will by now support IPv6 in some form. The good news is that modern operating systems support IPv6 transparently, and in most cases, automatically – so your work on the desktop side will be limited.
Step three. If your ISP will provide an IPv6 trial environment, follow their directions for configuring your equipment. Generally, this is fairly straightforward, unless you have a particularly complex environment – IPv6 builds on the lessons learned from IPv4, and is much ‘lighter touch’ in terms of configuration needed than IPv4.
Step four. If you can’t get your ISP to entertain the idea of an IPv6 deployment (and aren’t yet prepared to switch to one that will!), consider testing IPv6 in your environment using a “tunnel broker” – essentially a server that provides native IPv6 access by tunnelling data across the existing (i.e. IPv4) network. For example, Hurricane Electric provide one. While this is not quite as good as the “real deal,” it at least allows for a bit of extra testing in lieu of a full trial environment, and allows you to familiarise yourself with IPv6.
Step five. Use the Internet – and your own network – as per normal. Many major Internet organisations already use IPv6 as well as IPv4, and for many operating systems the default behaviour is to ‘preference’ IPv6 traffic over IPv4. Moreover, this can in some cases lead to the situation where a website becomes unavailable on IPv4, but is working just fine on IPv6!
Evidently, the above instructions are more suited to a consumer grade setup than a large business; a more detailed deployment plan would be well advised in such a situation. For those organisations, this may include acquiring a portable IPv6 address range of their own, which can be done through APNIC .
Regardless of whether you’re interested in IPv6 as an individual or as a business, there are of course the usual security considerations to heed: ensure that appropriate firewalling and/or intrusion detection is available; ensure that unnecessary services are disabled on both IPv6 and IPv4; et cetera.
This gives a rough and ready approach to trialing IPv6. By the end of this year, I would expect to see a lot less trialing and a lot more deploying, so if you’re in this industry, you’d do well to start practicing at home now.
By Iain Robertson
Iain Robertsonis a senior network engineer with a large research and education provider in Queensland. He has over a decade experience working in various sectors of the IT industry, and is an active member of SAGE-AU - Australia's peak professional organisation for system administrators.