« Blog Home

Top 5 Concerns of Network Admins About Migrating to IPv6 in 2018

Not sure if I should keep using my spreadsheet, or use another spreadsheet to track my spreadsheets

Last Updated: September 22, 2017

Network administrators that have not acknowledged the existence of IPv6 do so at the peril of their employers and customers. This is due to not only technology moving forward into a new standard, but the fact that the number of IPv4 addresses is nearly exhausted on a global level. Getting IPv4 blocks are NOT as assumption and require documentation and justification – which means that if you need routable IPv4 space – get in line with everyone else.

There is good news though – IPv6 deployments have been increasing and chances are you have already used IPv6 – but haven’t realized it yet. As a network administrator, your consumer technology may actually be ahead of some of your business technology in this regard. Comcast, Verizon, and T-Mobile are just a few service providers that have deployed IPv6 extensively both internally and externally for their users. So if you are just getting ready to check out IPv6 – you are in luck, there are plenty of real-world experiences and resources to help out.

While the deployment and migration to IPv6 is not common, let’s dig into how we can help the Network Operations team with this “IPv6 Migration Top 5”.

Concern 1 – Selling the Migration Internally to CIO/CFO

The first concern is convincing management within your organization to proceed with the migration to IPv6. Since IPv6 is most likely “not replacing” your IPv4 network, you will be running them concurrently – which impacts things financially since there are direct operational costs. In this Concern, we mention the CIO or CFO, but this could just as easily be any other decision maker or stakeholder in the project’s approval process. This concern normally arises in other projects as well for similar reasons. Not everyone is an expert on technical matters, nor should they be expected to be. As IT professionals however, it does become our responsibility to communicate our expertise effectively so those that do make decisions can make them while informed, and not based off fear, confusion, or past experiences that were not well planned or thought out. Since IPv6 can be a “disruptive” upgrade, and changes the networking game in a few ways, expect resistance by decision makers.

The solution to this concern is communication. Decision makers must know exactly what is at stake in the migration and what it means for the organization. This means studying the migration from multiple perspectives that your decision maker will likely want to know about, and doing your homework twice so you are prepared for questions and other unexpected situations. It should also be noted that while the communication should not attempt to scare the decision maker into a choice, results and consequences are a part of this migration and must be communicated. Techniques for communication should also be utilized such as targeting the audience with a style that makes them comfortable (dress, bound presentation, etc), and one that eliminates confusion while still being effective (not using too much jargon, relating back to other principles besides IT). Communicate effectively, and this concern should be easier to deal with.

One angle that would recommended is not only showcasing the short term impact (potentially getting new hardware, training, etc) but also getting a feel for the long term. If done correctly, deploying IPv6 sets you up for the not too distant world where IPv4 is deployed less and less. Then you get to have the conversation regarding “What do we need IPv4-only networks for?” These are the long term planning perspectives that executives like to understand – that costs don’t just increase forever, but this protocol shift will possibly have a short term increase as the technology is absorbed, and then falls below legacy costs, while provided higher levels of scalability and performance.

Concern 2 – The Cost

How much is IPv6 deployment going to cost? How much do you have?

Cost can include monetary assets, but also personnel and time. The migration to IPv6 will take all 3, but more so of personnel and time. A large amount of planning will be needed to get through the project as quickly as possible, and have everything working at the end. With planning come the people to perform that function. Any monetary cost may include new equipment (routers, switches) or servers, and should be considered. However, we will focus on the other 2 costs as they will likely be significantly larger.

Having the correct personnel on the project can help reduce cost. These personnel will need to be efficient at their tasks, communicate well, and have a variety of experience and points of view (not so much into other departments besides IT yet, but good to have nonetheless). The faster a plan can be written and proposed, the fewer hours and people it takes, reducing cost. Within this plan, it is also recommended to combine projects. Once the migration over to IPv6 begins, it can be combined with other projects running such as PC replacement. This will perform two tasks at once, removing the need to revisit a project already completed, saving cost. Many of these ideas are already in use in many businesses to save cost through the same or similar means. You can also consult project managers or other organization resources for more ideas.

From the monetary cost standpoint, most of it will be either new equipment to perform specific IPv6 functions, or for new equipment not IPv6 compatible. However, one specific cost to consider is an IPAM solution, which is a software suite that can index, search, and analyze an existing network IP address scheme. It is specifically mentioned here for its functionality, and should likely be mentioned as a topic of discussion in any team meeting or presentation.

When dealing with the concern of cost, remember it includes more than money. It is any resource that will be used from the organization. Time and personnel are costs that should always be seriously considered. Consulting other business leaders on conserving cost is a good step, along with having good team members working on the project, and even soliciting ideas can help. At the very least, always try to never come in over cost.

One aspect of IPv6 deployment that cost may not overtly address is going to be on the software side. It could be little things like:

  1. The perpetual license for the software you bought 5 years ago and let maintenance expire – will it support IPv6 even if you update it? Or do you need to keep an IPv4 only network island for legacy applications like this?
  2. Monitoring is typically “per endpoint or application” – but some monitoring systems may see the addition of IPv6 as “another endpoint” and not an extension of a current object. So depending on your monitoring platform – deploying IPv6 could mean getting bumped up into another pricing tier.

Concern 3 – Complexity

One does not simply deploy IPv6 without a plan.

Migrating to IPv6 will be very complex. It will involve all departments of the organization, or at least all of them that use computers, and every piece of equipment connected to the network at any time. Then consider that the migration will be made over time, and that everyone needs to be on the same page working together for the best outcome and smoothest transition. Now the complexity can be seen a little better. There are other factors such as compatibility with IPv6 and clearing out IPv4, but those are discussed later.

For right now, let’s deal with just the complexity issue rather than technical details. There are several different ways to work through a complex issue, and it always involves planning. In order to ensure nothing is missed, a plan must be created that will detail information such as timelines, groups of devices to be migrated, priorities, etc. In doing so, you can break the complex situation into more manageable pieces that are easier to work on and communicate to the rest of the organization. Again, IPAM can assist with this task by creating reports that can be interpreted and used in the planning process.

This is only a brief look at the potential complexity. It can be taken even further by different makes and models of equipment that coexist on the network. But to deal with the concern, the best bet is to reduce the complexity. You can do this by planning out your migration by groups, devices, time, or whatever works best for you. The important part is that everyone agrees on it, and it is something the organization can live with in terms of effectiveness for the business process. It should also be sure to have every single component on the network, and be followed, checked, and updated as needed throughout the migration project.

One of the primary ways to start with the plan creation is just doing an audit of your environment. This may require inventory lists, network scanning tools or possibly just concatenating all the distributed spreadsheets and systems with the information you need. Once you have a basic overview – then you can drill down into one environment for a more detailed inspection. When deploying IPv6, doing everything at once isn’t very likely – you will probably want to pick a few pilot projects first that will allow you to test out your IPv6 limits in a non threatening environment (say a staging environment of an enterprise application). This way you can refine your processes as you go based on the realities of your environment.

Concern 4 – Dealing with Legacy System Issues

I have confirmed with Gary in IT that we can "dual stack" anything, so we are good.

Legacy systems can be defined basically as older systems. They likely are missing some common functionality from current technology, but still exist because they perform a key or important function for the organization just fine, thus there is no reason to replace it. With IPv6 deployments, it’s worth revisiting as the networks around legacy applications are changing (who hasn’t had a firewall ruin their day at some point?)

When an organization deploys IPv6, the devices on the network need to be able to have an IPv6 address, along with their existing IPv4 address (a technique known as dual-stacking). If the device cannot utilize a v6 address, it will eventually cause conflicts and problems in not being able to be found or communicate properly (this is where tunnels come in and they have their own management overhead). It is possible to force it to use v4 only, but as more IPv6 capable systems come online in your network, the legacy environments will become more of a liability.

The best way to deal with legacy systems is analyzing them for compatibility. Knowing that this can take up significant resources given the volume of equipment, IPAM can help, but it can’t do everything. You will need to get on the server(s) and perform a capability audit. By scanning and detailing the network, it can help determine compatibility for devices connected to the network, and provide a report. This is highly recommended not only for this function, but to assist in keeping addressing correct during migration. More importantly, it will help you get an idea of compatibility on the hardware level as well as the application level. With some basic scanning and OS level auditing, you should have a decent start to ensure that IPv6 won’t bring any infrastructure challenges. Applications can be another story though, so don’t get to excited.

Network audits may sound like a simple solution, and to a point it is. However, it is inevitable that an important piece of equipment will not be compatible. At that time, the deployment plan for IPv6 expands to include all of these devices, which must be planned for migration themselves and implemented on a parallel schedule to the entire migration. The sooner the compatibility of all devices can be determined the better, as it will allow for a timeline to be determined, and a better view of the scope for the entire IPv6 deployment.

Concern 5 – Cleaning Current IPv4 Inventory

Not sure if I should keep using my spreadsheet, or use another spreadsheet to track my spreadsheets

The final concern is getting a handle on your existing IPv4 inventory. For many network administrators, this will involve getting new equipment, implementing it, hanging onto the old equipment temporarily for backup purposes, then getting rid of it. But it is more than just equipment. Inventory in this case should also include services such as DNS and DHCP, both of which change or are removed with IPv6. This is also the final step of IPv6 migration where IPv4 is removed from the network, so while it should still be a concern, there is a decent amount of time before this happens. The best part is still going to be the addition of IPv6 functionalites (IPv6 reverse zones, AAAA records, etc.).

To counter this concern, planning is still the key. However, at this point it is less about the plan itself, and more about executing it. By this stage, dual-stacking should be fully implemented and all non-compatible devices either replaced or their purpose moved to a compatible device. Then DHCP can be turned off for IPv4, and all devices with static addresses having their IPv4 addresses removed. This is where the concern comes in. If one device is missed at this point, it will immediately lose all communication with the network if it has not already. Add in the sheer volume of devices this may have to be done for, and suddenly the scope grows even more. This means that your DHCP management/control will have to be addressed – and if you haven’t looked at provisioning automation yet, it’s time.

Aside from proper planning and execution, there are other ways to counter this concern. First, if your objective is turning off IPv4, which can be accomplished through network management tools like Group Policy or configuration distribution programs. IPAM can also help by showing if there are any devices still not compatible with IPv6, and which devices are not yet utilizing v6. If your objective is dual-stack, there is an even greater value to your plan since you will be essentially running two networks simultaneously. Testing/Lab environments for these objectives is a must, and always check with manufacturers to ensure that reboots or other strange actions will not result from suddenly removing that communication method from items like servers and firewalls. Naturally, schedule downtime is an absolute must, no way this should ever be done under any circumstance during business hours.

However, at a certain point, you need to make some deployment decisions based on your plans. If you are going to run both IPv4 and IPv6, you will probably have an easier time to ensure that the network works as intended since most systems are intelligent enough to use whatever stack is available. The challenge can be when you turn off IPv4 – the “incompatible” network elements will be obvious (for better or worse). As part of any deployment plan testing is going to be key and will go a long way to ensuring that your dual stack deployment will go smoothly now, and also in the future , but now can only prepare for so long before there is no more to do, and the only step left is to remove IPv4 inventory from your network. At that time, double check backups and all the reports to ensure it is correct, then press the button so to speak. Once IPv4 is removed from the network, there is no time limit on actually removing the physical inventory. Without the capability to communicate with v4, the devices will simply not function and do not pose a threat to the network connectivity or as a security risk.

Reflection

These are only what are considered to be the top 5 concerns with IPv6 migration, specific only to network administrators. There are many other challenges and concerns within this project as well. But with each of those, and the 5 seen here, there are some basic strategies that can minimize the impact of them.

Communication is always important, especially within the organization. This migration is everyone’s concern, so why not involve them. Of course not everyone will be involved at every stage, but it helps to build a team environment. With that communication comes planning and understanding so everyone will be together on the project. Use the resources available within the organization as well as the ones outside such as the IPAM.

Regardless of the approach, the entire migration will take time, resources, and planning. There will be meeting after meeting, and a huge amount of information gathered and utilized. By working together in your organization, you can make these top 5 concerns, and all the others not mentioned here have less impact on the project, and have a higher chance of a successful migration.

Keep Reading