- NOT, however, we will run out of IPv4 address space by mid or late 2010. What we should wonder about is why the IPv6 is taking so long when we can see the writing on the wall. What is holding us back?Just consider the InfoSec improvements it offers compared to IPv4.
IPSec is mandated in IPv6 and consists of a set of cryptographic protocols that provide for securing data communication and key exchange. IPSec uses two wire-level protocols:
- 1) Authentication Header (AH) that provides for authentication and data integrity;
2) Encapsulating Security Payload (ESP) which provides for authentication, data integrity, and confidentiality In IPv6 networks both the AH header and the ESP header are defined as extension headers.
Moreover, IPSec provides for a third suite of protocols for protocol negotiation and key exchange management known as the :
3) Internet Key Exchange (IKE) that provides the initial functionality needed to establish and negotiating security parameters between endpoints – it also keeps track of this information to guarantee that communication continues to be secure up to the end point.
However, the uptake of this protocol has been slow if not a crawl to be precise. Large parts of your network, unless you have been remiss in performing routine periodic upgrades, are already IPv6 capable. Windows XP and Vista, MAC OS X as well as Unix support IPv6 as do most router vendors.
As the graphic to the right illustrates, deployment of IPv6 has been slow (see presentation slides where the graphic to the left was taken from – p. 47 here):
The U.S. Office of Management and Budget has ordered agencies to convert their network backbones to IPv6 by June 30, 2008.
IPv6 does not have to be fully operational by that date.
Nevertheless, network backbones must be ready to pass IPv6 traffic and support IPv6 addresses. U.S. federal government agencies are expected to verify this new capability through testing activities. Of course this means that procurement must assure that hardware and software are compatible with IPv6.
In fact, a closed, controlled environment in which to acquire IPv6 experience before phasing in interaction with IPv4 seems to be a viable strategy for some Internet Service Providers (ISPs) before tackling the issues of IPv4/IPv6 interoperability. It allows them to begin tackling the hard problem of transparently providing public Internet services over IPv6 in a controlled environment, before the roll-out to end-users. During the 2008 Olympics, the surveillance system at athletic venues will run over IPv6.
Europe and IPv6
At a recent conference in Brussels (May 30, 2008), Commissioner Reding advised businesses in the EU to get ready for changes, setting a target of getting 25 per cent of EU industry, public authorities and households to use IPv6 by 2010, see here:
That might be a bit late considering that IANA may allocate its last IPv4 /8 to an RIR sometime in November or December of 2010. Considering the way we are going right now this might happen even sooner than that:
If 25% of Europe’s businesses use IPv6 by 2010, how will the internal market cope? Many agencies and businesses will not be able to get new IP addresses. One wonders if these plans by the European Union will save us from going over the brink. Stay tuned.
A successful IPv6 implementation means that users should have no idea whether the services they are using are being delivered over IPv4 or IPv6. While this is great in theory, it also removes the incentive for providers to offer IPv6 faster, since some customers cannot see the benefits they gain (e.g., better security) by using IPv6 supported services.