IPv6 is not a new protocol, but given the time that has passed since its initial release in 1998, it is natural to find that some things have changed along the way. Lessons have been learned, best practices have been updated, and with more and more production networks up and running around the world – we thought it would be a good opportunity for an IPv6 refresher.
In Part 1 of the Path to IPv6, we shared a presentation template for pitching the importance of starting your IPv6 transition to management. In Part 2, we provided some resources to guide the transition. In this part, we’ll highlight how IPv6 has changed over the last decade and address some myths/updates to IPv6 knowledge.
For Part 3, we invited two previous guests, Ed Horley, Co-Founder and CEO at HexaBuild, and Jeremy Duncan, IPv6 Architect and Managing Partner at Tachyon Dynamics, to give us their perspectives. If you stay to the end, we’ll also share some links to relevant content for further reading.
Question 1. IPv6 came out well over a decade ago – given your experiences, what would be the top change you have seen in IPv6 implementations from an operational perspective?
The most recent changes we have noticed has been:
- Allocation sizing requests
- Operational use cases
As for the shift in the size of allocations an organization should get, they are requesting larger allocations to accommodate all their needs. With the push towards bringing your own address for public clouds and SaaS providers, this means organizations need to plan around all the potential public cloud providers they might utilize and the size of the networks they may operate within each provider. It is easy to see justifying a /36 or even a /32 for each public cloud or SaaS provider you might have services running in. With that in mind, a /28 for larger enterprise organizations might look more reasonable, given you will also need to account for IoT, Edge, Zero Trust, and SD-WAN. For larger organizations, it would not be unreasonable to see /28 or even /24 requests happening from here on out.
For the new operational use cases, we are seeing more Fortune 1000, State, and Federal organizations adopting IPv6. For U.S. Federal organizations, they are moving towards IPv6-only network deployments due to the OMB M-21-07 mandate. The Fortune 1000 are adopting IPv6 in stages where it solves problems or addresses issues in their existing network today. For instance, if they are out of public IPv4 and also out of RFC 1918 address space. Or they are needing to interface with U.S. Federal agencies that will require IPv6 for some reason. IPv6 has moved beyond the mobile provider, home subscriber, ISP operational use case and wider adoption is starting to happen.
I have seen the use case of migrating to IPv6 to help with overlapping RFC 1918 space being extremely prescient. Each Merger and Acquisition comes with overlapping clashes requiring one side or the other to either renumber their network, or create hundreds or thousands of static source/destination IPv4 NATs. Neither of these options are good or sustainable. Having IPv6 previously integrated would never have this issue.
Question 2. Having experienced IPv6 deployments over the years, do you have a top tip for readers regarding how to present IPv6 internally? How has the approach (or your advice) evolved over time?
It really is all about business use cases. That hasn’t changed at all. Perhaps the change might be that a larger portion of a company’s customers may be using IPv6 to connect to resources which could impact how you deploy and operate your services. If the majority of your customers are accessing your content from mobile devices, there is an actual advantage to using IPv6. This is a transition that has happened over the last decade and will accelerate as IPv4 becomes more costly and scarce as a resource for operators. Also, there are geographies around the world that IPv4 is particularly constrained versus the population. India, China, and other Asian countries along with South and Central America are going to have more IPv6 adoption due to this imbalance. This means that North America and Europe, who received the lion share of IPv4 early in the adoption process, may lag what the rest of the market is doing. Those that live and operate in the North American and European markets may therefore miss this global trend and not time their IPv6 adoption to accommodate all markets. They risk falling behind and then not being able to catch up. They will lose in specific markets as a result, which could have significant impact if their business plan was to expand into those geographies.
Question 3. Let’s talk specifics – what’s an aspect of IPv6 that has increased or decreased in importance in the last decade?
Mobile IPv6 (MIPv6), Network Mobility (NEMO), and Secure Neighbor Discovery (SeND) are all features that have become obsolete or decreased in significant importance in the last 10 years. The main reason: complexity. All these features require complex infrastructure and application changes to networks just now implementing a dual-stack IPv6 network.
Another area that has surprisingly decreased importance is the usage of various types of extension headers. IPv6 allowed for a new way to extend functionality with various applications to use Destination Options (DO), Hop-by-Hop Options, and even the Generic Extension Header – but none of them were embraced by the industry. So they have now been used for intermediate device security evasion techniques like rough router advertisement attacks that chain the DO and Fragment Header (FH) extension header to evade IPv6 Router Advertisement Guard on First Hop Security implementations.
Increasing in importance is actual practical experience with IPv6 to know how to design, architect, and operate IPv6-only networks. Unfortunately, there are not enough higher education programs teaching IPv6, and if they are teaching it, it is not being practically used in the curriculum at all. Getting robust IPv6 education will be critical for adoption in enterprise and SMB as their core technical skill base is coming out of state colleges and universities. I would say the biggest decrease in importance is the automation transition and tunneling technologies. Proof of this is the fact that Microsoft turned off by default ISATAP, Teredo, and 6to4 in Windows. Companies are going dual-stack or IPv6-only with NAT64/DNS64 or SLB64/46 as solutions now.
As we conclude our discussion, we would like to take a moment to thank our guests, Ed and Jeremy, for sharing their tips and valuable insights. For more information and resources, check out our previous blogs on the Six Steps to IPv6 and Tools to Test and Verify IPv6 Setup.