/vnd/media/agency_attachments/bGjnvN2ncYDdhj74yP9p.png)
It may be 'time's up' but it is far from being 'game over'. Industry watchers who have been keeping an eye on the IPv4 exhaustion counter saw the final block of 32-bit IP addresses for the Asia-Pacific region parcelled out in April 2011. The internet did not break down. The digital world as we know continued to function. And what we should really be doing now is to make sure that it stays that way.
IPv4 exhaustion is not exactly a Y2K scenario where the entire IT ecosystem held its collective breath as the year 1999 turned to 2000 to see if 2-digit date fields used in older IT systems would throw up nasty error messages on New Year's day. Still, it is a development that demands our attention and action.
Since the internet went mainstream in the mid-1990s, we have become increasingly IP-dependent. We use our smartphones to access social networks, conduct vital business transactions over the internet, and we access a whole host of e-services through various web portals. Every one of these connections involves an IP address.
If you factor in the exponential increase in the number of internet connections required in emerging markets like China, India and Indonesia, you get an idea why the pool of 4.3 bn addresses which is what IPv4 supports has not been enough. And this does not even begin to take into account the emergence of a whole new generation of machine-to-machine applications such as smart metering and remote management systems, all of which involve devices connected to the internet.
The good news is that there is a solution to the problem of IPv4 exhaustion. It has been around since 1998 when the Internet Engineering Task Force (IETF) published its specifications for IPv6, the next-generation addressing protocol. With 128 bits of addressing space, IPv6 can provide a theoretical maximum of about 340 trillion which should last for a long time.
Organizations have, however given IPv6 a wide berth. In the absence of IPv4 compatibility, getting ready for IPv6 would mean, in the interim at least, deploying a dual-stack solution that can support both IPv4 and IPv6 traffic. With their IPv4 systems functioning well, there has been little incentive to do so or to make plans for migrating to IPv6.
With the Internet Assigned Numbers Authority having allocated the last IP address blocks from the global IPv4 central address pool on February 3, 2011, and the Asia-Pacific Network Information Center allocating its last blocks for the region this month (April), the reality of IPv4 exhaustion is finally hitting home.
rganizations are beginning to appreciate the fact that when IPv4 addresses are completely depleted, any business expansion, any new service, any smart device, any additional end point, anything internet-related, will need IP addresses that are IPv6.
The bottom line is that one should start planning for organzation's move to IPv6 now, if not already done so.
A typical IPv6 migration goes through several phases.
- Phase 1 is to establish the internet profile of the organization and the systems that will be impacted by IPv6. For example, the internet is being used to reach customers, partners and suppliers, IPv6 will have an effect on the DMZ addressing, web servers, load balancers, firewalls, and internet-facing routers
- Phase 2 is about enabling internal users to access the IPv6 internet. For example, if the entire WAN is on IPv4, one way of communicating with IPv6 is to use proxy servers for outbound traffic or to do tunnelling to transmit IPv6 packets between dual-stack nodes on top of the IPv4 network. These measures will help the users get where they want to on the internet. However they are interim solutions. For the longer term, one will have to develop a road map for the rest of the IPv6 migration
- Phase 3 involves the creation of a dual stack environment, which means making systems bilingual so that they can talk to both IPv6 and IPv4 traffic and migrating the WAN to that environment.
A good place to start will be to focus on the areas that one cannot control-the external-facing systems of an organization. For example, if the unified communications or voice over IP systems talk to 3rd party mobile applications, which are likely to be IPv6, one should start planning to migrate those to IPv6 first. The same applies to remote access services and remote site connectivity because one cannot be certain how long a third-party service provider will continue to support IPv4.
- In Phase 4, the focus shifts to migrating internal applications and network management systems to IPv6. For example, 32-bit IPv4 fields in applications and network reporting tools have to be modified to support 128-bit IPv6 addresses
- Phase 5 culminates in the creation of a pure IPv6 environment. However there will still be a need to communicate with lingering legacy IPv4 systems and this can be done using transition technologies such as NATv4.
Network Address Translation (NAT) has, in general, been a popular tool for managing the issue of IPv4 exhaustion by allowing multiple hosts on a private network to access the internet using a single public IP address. However it is not viable as a long-term alternative to IPv6 migration.
With NAT, entire networks are sometimes hidden behind a single IP address, providing little visibility into the end-user experience. The network will not be able to fully support peer-to-peer or machine-to-machine applications which require or work best with end-to-end IP connectivity. The fact that multiple hosts can 'hide' behind a single IP address also obstructs the deployment of end-to-end security.
Many of these issues are being taken care of with IPv6. It has more than enough addresses to support the end-to-end connectivity required for emerging applications. IP security—the protocol for IP network-layer encryption and authentication is embedded in the base protocol, as is support for multicast which allows for a more efficient way of delivering audio, video, or any other data simultaneously to a group of destinations.
IPv6 is not just to address the issue of IPv4 exhaustion but its larger address space also paves the way for improved connectivity and greater flexibility in IP deployments. In planning an organization's migration to the IPv6 world, one should also be looking to take full advantage of the inherent strengths of the new protocol to get the most out of the next-generation internet. Before the new begins, find out how the rules have changed and parlay that to your advantage!
Tom Siracusa
The author is the executive director, VPN strategy, AT&T Labs
vadmail@cybermedia.co.in