The Internet Assigned Numbers Authority (IANA) is an entity that oversees the global IP Address allocation. They assign large blocks of IP addresses to Regional Internet Registries (RIRs) that are responsible for their designated parts of the world, such as ARIN for North America or APNIC for the Pacific and Asia. On February 3, 2011, IANA assigned its last Class “A” address ranges to the RIRs. When the RIRs have exhausted their address pools, there will be few options left to obtain IPv4 address space.
Switching from IPv4 to IPv6
The solution is to switch from IPv4 to IPv6. You have probably heard a lot about this protocol the last couple of years. IPv6 has extended the address field from 32 bits to 128 bits, or 340 trillion, trillion, trillion addresses. This is a great deal more than the 4.3 billion addresses possible with IPv4.
Recognizing the importance of migrating to this protocol, companies like Google, Facebook, and Yahoo have made great efforts to get the word out, and influence others to migrate. The world IPv6 launch day happened on June 6, 2012. The launch was an official day for major websites to support IPv6. You may already be connecting to these major sites with IPv6. To determine if you are running IPv6 or not, you can find a IPv6 test at http://ipv6test.google.com
Unfortunately, IPv4 to IPv6 routers are not compatible with each other, but they can coexist with each other quite well. The task of switching from IPv4 to IPv6 is a daunting task since virtually every device needs to support it. It’s best to approach a cost-effective implementation in steps or phases, breaking down your network security and system’s environment into smaller components. There are several important factors to consider before implementing an IPv6 strategy. These include:
- Address Management
- Dual Stack Support
- Tunneling Protocols
- Translation Protocols or Gateways
IP Address Management
Address Management is one of the most important factors to understand before you implement an IPv6 strategy. Many of the ideas that governed the design of IPv4 networks are not necessary in IPv6, and in some cases hinder it. When designing IPv4 networks, conservation is a driving factor. With IPv6, this is no longer a concern.
For this reason, transitioning from IPv4 to IPv6 may feel uncomfortable at first. The designers of IPv6 have recommended ISP internet service allocate /48 networks to all customers with the exception of very large or mobile customers. It is highly recommended to run a /64 on all LANs, regardless of size. Many protocols in IPv6 such as Stateless Address Auto-configuration (SLAAC) require the use of /64 on all LAN interfaces. It is highly recommended not to use more specific networks such as /96 for your LANs. The exception to this would be for assigning addresses to WAN point to point links and loopback interfaces. WAN links can be assigned /126 networks, and loopback interfaces should have /128 addresses.
Dual Stack Support
Dual Stack Support is a fundamental requirement for implementing IPv6. Your network security design may include the typical core, distribution, and access layers. Implementing IPv6 in the core first, then through the distribution and access layers is optimal.
Network Equipment for IPv6
You will need to determine if all network equipment can support IPv6 to IPv4 in a dual stack. Be sure that your network security equipment supports the processing of IPv6 in hardware and software. For example, some, but not all Cisco routers and switches process packets in hardware using CEF (Cisco Express Forwarding) technology.
Certain routers also have the ability to process packets in software using the onboard CPU. Software processing in routers severely limits its ability to perform with high “packet per second” or bandwidth intensive applications. This could be a major issue as you migrate from IPv4 to IPv6 and find that the network equipment cannot process the ever increasing IPv6 traffic. In some cases, it could completely cripple the network, so be sure to check with your hardware vendors for specific IPv6 packet processing performance.
Implementing IPv6 with MPLS
In most cases you will find that IPv6 to IPv4 dual stack cannot be deployed everywhere at first. Tunneling IPv6 through your existing IPv4 network allows you to implement IPv6 in a relatively quick and cost-effective fashion. If you are a large Internet Service Provider or Enterprise, you may have implemented MPLS throughout your IP v4 network. Utilizing the existing IPv4 MPLS backbone, you can quickly offer IPv6 services with a technology called 6PE (IPv6 Provider Edge). It effectively utilizes MPLS forwarding and “BGP Tunneling” to extend IPv6 to the edge of an existing IPv4 MPLS backbone. This technology is extremely useful and cost-effective for transitioning from IPv4 to IPv6 and is the preferred method Syringa Networks has used to offer IPv6 to its customers.
If you do not have MPLS deployed throughout your network, there are several other cost-effective options to implement IPv6 across your existing IPv4 infrastructure. Some tunneling techniques are capable of setting up tunnels automatically; others must be setup manually by the network security administrator.
Dynamic tunneling protocols include 6to4 and Intrasite Automatic Tunnel Addressing Protocol (ISATAP). 6to4 is a tunneling mechanism able to set up a dynamic tunnel from router-to-router by embedding a global IPv4 address inside an IPv6 address. ISATAP is similar to 6to4 in that it embeds the IPv4 address inside the IPv6 address, except its main function is to provide a tunnel from host-to-host, rather than router-to-router. There are manual tunneling options available as well, such as Generic Routing Encapsulation (GRE), or IPv6IP tunnels. These are helpful when you need to extend IPv6 between core, distribution and remote branch routers rather quickly.
As a last resort, use translation methods as an option to provide IPv6 services. These include NAT64, NAT-PT, and SOCKS (RFC 3089), to name a few. Effectively, these services provide a translation method from IPv4 to IPv6 addresses. Typically you would have a router with an interface connected to an IPv4 network, and another interface connected to an IPv6 network. The translation would set up one-to-one mappings between each network, allowing them to communicate.
Ultimately the goal is to have one IPv6 network in place. It may take years to get there, but it is never too early to start. Using some of these methods will help smooth the transition.
For more information regarding the topics discussed, please refer to the following references:
Hagen, Silvia. IPV6 Essentials. Beijing: O'Reilly, 2002. Print.
Hagen, Silvia. Planning for IPv6. Farnham: O'Reilly, 2011. Print.
McFarland, Shannon. IPv6 for Enterprise Networks. Indianapolis: Cisco, 2011. Print.
"Cisco IPv6 Q&A." Cisco IPv6 Q&A. N.p., n.d. Web. 10 Dec. 2012. <http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6553/prod_qas0900aecd803715bf.html>.
"Google IPv6." Google IPv6. N.p., n.d. Web. 10 Dec. 2012. <http://www.google.com/ipv6>.