Time for Companies to Migrate to IPv6September 17, 2018
By: Kerry Vaughan, DLA Internal Audit Manager
I remember as a young network engineer the fear and paranoia businesses felt about computer systems failing because of Y2K. Millions of dollars were spent upgrading hardware to ensure services wouldn’t mysteriously cease working. I presume all the planning and preparation worked, because when the new millennium started we did not have a computer apocalypse. When the millennium occurred, our good work was warranted. Very few outages occurred, in fact, it was so underwhelming that we seem to have no events to justify all the hysteria and turmoil that could have happened. Move forward from 2000 to 2011, and Internet Assigned Network Authority (IANA) informed the world we’ve run out of IPv4 address space. IPv4 has 4,294,967,296 network addresses, and IANA stated we used them all!! We need to start migrating our services to IPv6 or else our network devices will not have connectivity. The response this time: Okay, so what?? Perhaps the success of Y2K has made us all numb to other proclamations of network calamity. We reason RFC1918 (private) addressing is still available. have embraced Network virtualization, so public IP address space isn’t as needed, correct? The goal of any company is to earn profits. Performing technical upgrades, just because it seems cool, is not a priority for many enterprises. These migrations take time and are expensive. We all hear “IPv4 continues to work just fine. Keep your doom and gloom forecast. We have seen this movie before and we know the ending so you’re not scaring us“. Why do we need to embrace IPv6?? The answer is below:
Today’s businesses are dealing with threats not prevalent 20 years ago. Monitoring Cybersecurity, Data Loss Prevention and IT Governance, Risk & Compliance (GRC) are common business activities which attempt to insulate and inoculate infrastructures. IPv4 was not extensively designed with security mechanisms to counter these risks. IPv6 has been created with several elements to improve on these deficiencies, including:
• Cryptographically Generated Addressing (CGA) – Mitigates against IP Spoofing
• IPSec – Provides confidentiality, integrity and authenticity via AH and ESP
• ARP replaced by ND (Neighbor Discovery) Protocol – Prevents ARP spoofing
IPv6 still risks exploitation via attack (such as DDOS). Fortunately, the same techniques leveraged to harden an IPv4 network are leveraged for an IPv6 implementation. With additional features IPv6 possesses, IT environment network security posture is significantly improved.
Advances in technology have allowed mankind to communicate in a manner that was never before possible. Computer servers, desktops, Laptops, iPads and mobile phones are some of the examples of technologies used for this purpose. These all leveraged IP addressing to this goal. With the emergence of Internet of Things (IoT) technology many systems not usually associated with computer networking will utilize IP addressing (washers, dryers, refrigerators, ovens, televisions and alarm systems). Another trend is cars with MiFi systems permitting passengers internet access. These applications require addressing. Remember the challenge of sparse of IPv4 address space? The greater dependence on IP addressing heightens the challenges of IPv4 address shortages. If you are the product manager of these services, would you risk it on IPv4 availability?? IPv6 has 2128 addresses available. This approximates to 3.4×1038 IP addresses, which is ample to service all the products and services I listed above and many more. Many business owners are concerned that IPv6 adoption could limit their ability to connect with others who have not yet migrated. To address this concern, I paraphrase the sentiments of Warren Buffet, the famous American investor, who once stated: “Be fearful when others are greedy and Greedy when others are fearful”. That bit of financial wisdom adapts well to the planning and implementation of new technologies. Do not maintain a herd mentality and fearfully wait for the other sheep to leap before migrating to IPv6. Identify and utilize all the needed resources today while your competition plans for tomorrow.
Cost of Migration to IPv6
Debate on the cost to migrate to IPv6 has occurred for numerous years. Network World reported in a 2006 article1 an estimated cost of 23.5 billion dollars over the next 25 years to upgrade infrastructures to IPv6. In their analysis, small to medium size businesses could average a spend between $500 to $2000 in hardware upgrades to support IPv6. We are now in 2018 and by Network World’s article estimate any company’s IPv6 migration should be halfway completed. If companies are utilizing current router/switch/server technology there is very minimum capital expenditure costs to perform an IPv6 migration. Today’s hardware is equipped to run this protocol (and has been for several years). The real cost is due to operational expenditures: Employee labor and third- party contracts to provide strategic design implementation knowledge for a successful rollout. Third- party costs vary due to size, scope and relationship with customer. For labor, a conservative estimate of one (1) hour per router is a great starting assumption (i.e. if your network has 200 routers and you wish to implement IPv6 protocols, estimate the total effort as 200 hours). Remember, migration to IPv6 is a long-term strategy based on historical facts and modern evidence that demonstrates continued innovation, augmentation and significant increase in consumption of information technology products and services. It is an investment, with a return based upon furthering goodwill from your customers by providing services on a modern and robust infrastructure. Coupled with potential savings in operational cost usually required when triaging or remedying network events precipitated by attacks from rogue actors, most leaders will find this investment money well spent. Companies upgrade hardware, software and patches for these same reasons. Doesn’t it make sense to upgrade the protocol that connects all these devices as well??
Education & Action, not Excuses & Atrophy
Now is the time to migrate to IPv6. Not because it will be easy. Not because it will solve all your problems or concerns. Now is the time to do it because there will never be a perfect time.
Application challenges will always exist. IPv4 may never completely be removed, nor would I advocate it should be. These and a multitude of other logical, reasonable and intelligent reasons are essentially well crafted excuses which are causing your infrastructure to atrophy. It will still function but not as well. Replace the excuses and atrophy with education and action. Develop an implementation program with a defined start and completion date. Assign resources and funding while identifying an external partner who specializes in this migration. Educate your organization on the benefits and pitfalls of IPv6 enablement, and commit to a successful implementation. Whether you choose a small proof of concept or a massive overhaul, some action is always superior to inactivity. Join us in the IPv6 arena, we are only beginning to sweat.
1 ”IPv6 cost estimates for end users: Part 3” By Carolyn Duffy Marsan Network World | Mar 15, 2006 12:00 AM PT https://www.networkworld.com/article/2308955/servers/ipv6-cost-estimates-for-end-users–part-3.html