If you are still on the fence about IPv6 and think the magical IPv4 unicorn fairy is going to fix it, you can ignore this post and consider finding a support group for all that will trouble you in 2016 (please reference below meme).
2016 is right around the corner, have you thought about your new year’s resolutions? What about for your network? If you haven’t yet, it’s time to think about your poor neglected network (you know the one that carries your packets to and fro tirelessly) – and we’re here to help! Here’s our list of the top network resolutions worth considering for the new year.
- Check if you have an IPv6 allocation for use at your organization (link local doesn’t count!)
According to ARIN, IPv6 address space is eligible for allocation to ISP/LIRs and assignment to end-users. If you offer IPv6 transit or assign IPv6 addresses to other organizations, you are an IPv6 ISP (also known as a Local Internet Registry, or LIR, in IPv6 policy). If you do not offer IPv6 transit and do not assign IPv6 addresses to other organizations, you are an IPv6 end-user. Guess what – it’s also something that enterprises can take advantage of – so don’t think that this is just for service providers (Nice try!).
- Catalog your core business applications to prepare for a “hypothetical” IPv6 rollout to gauge impact
Why test to gauge impact? Going rogue is super fun, but the underlying protocols are not necessarily compatible. The decision was made to break from IPv4 compatibility for reasons that included simplicity and speed of the new protocol (as well as the designers’ thinking that if you want IPv4, you can just simply include a parallel stack).
What this means is that if you leave your network IPv4 and introduce a new IPv6-only component, they won’t necessarily talk to each other. (Fortunately you can still use the same cables and ethernet/wireless cards). And let’s say you only use HTTP as a gateway protocol; REST APIs do almost everything these days. NAT has worked fine for this purpose for 20 years, so there’s seemingly no reason to change.
Then again, SSL encryption often adds complexity to the server’s ability to handle more than one website. The mechanism used is encrypted, so the server can’t see it. It’s your classic chicken and egg problem… Also: note that in HTTP/2.0, every connection is supposed to be SSL, so… sorry NAT.
So test, test, test! These things can be worked out before any end-users will have a hint of a clue what’s happening. By at least having your core business applications catalogued you will be ahead of the game and know where the gaps are (hypothetically).
- Catalog your network monitoring/KPI applications to understand the impact of a “hypothetical” IPv6 rollout and gauge compatibility with your current processes
Transitioning to IPv6 doesn’t have to be like ripping off a bandaid. Just like many companies have a staging server for testing future roll outs, it’s possible to do for IPv6. Just like the old adage states, practice does make perfect (which is a good goal for your production network).
We all know it’s business-critical to test before rolling something out, especially if it’s as important as implementing IPv6 and creating a dual-stack environment. Be sure to catalog your network monitoring and KPI applications to gauge compatibility with your existing processes. We have seen how adding IPv6 can increase complexity of monitoring and SLA checks, so it’s good to understand these ahead of time.
We mentioned KPIs since if they track elements like user experience, load times, etc., IPv6 based logging and monitoring may uncover some interesting trends. For example, tracking mobile users on your website may give you real insights into how users are accessing the site and if you are only seeing IPv4 data – you are missing out on a significant part of the picture given how service providers are deploying IPv6.
- Poll your company users to see how many are using IPv6 connectivity at their homes
Now that IPv4 resources are finite, your company’s employees may be using IPv6 at their homes without even knowing it. They probably get some double NAT IPv4 (CGN) and potentially an IPv6 address. That means it is going to get harder and harder (and more expensive!) for your employees to get a static public IPv4 address at home.
According to ARIN, this retro connectivity could potentially cause problems for VPN, VoIP, Video, Collaboration and Gaming, depending on how those technologies are deployed. If third parties and employees start getting IPv6 through their service provider and you stay on IPv4 only, then their connection will have to be proxied to you. Because the session is proxied, you lose the ability to have end to end connectivity, something taken for granted in our IPv4 only world.
- Ask your marketing team how/if they are tracking IPv6 connections to the corporate/support website for your organization. What about privacy?
So IPv6 will allow every device to have its own IP. This is great if you’re designing, implementing or maintaining a system; it makes it simple. However, these large systems share an ever-growing amount of data with each other(Internet of Thangs – it’s a technical term), so it’s increasingly common to feel like there are Big Brother eyes watching you all the time. In truth, it’s more like a bunch of little brothers combining sources. Scratch that – let’s just say Ewoks. That sounds much less fraternal.
So, is everyone who moves to IPv6 a “sitting duck” for privacy? Perhaps, but even in IPv4 world, “cookies” will track your every movement online anyway. The reason that cookies exist is due to the inability for a web server to tell what connection belongs to what user (due to its origins as a stateless protocol). Let’s just say that Amazon is not going to ship you that Christmas present you ordered for your mom if they can’t verify who you are.
Some may wonder why the user can’t just delete cookies occasionally. However, killing your cookies is just a placebo. There’s a relatively new technique called “device fingerprinting” that makes cookie tracking obsolete. By just studying your browser settings and adding in some statistics, websites can now track you without cookies. On the plus side, the term is still fun to say in conversation (yes, I am available for parties).
Finally, if nothing else, over time the role of IPv4 on the network will change – and its presence will continue to decrease as IPv6 adoption continues on a global scale. While old technologies never die (they just keep on going until someone shuts off the last server), IPv4 will one day be an artifact from the 20th century (but token ring will live forever!). And when that day comes, at some point the Smithsonian will want to find the old dogs who preserved that old technology. Perhaps that could be you, and your name will be preserved forever in history….. or more likely IPv4-only machines will become like Roman coins: Ancient, but usually not really valuable (like my Radioshack Color Computer 3).
What are your New Year’s resolutions for your network?