For several years now, the question around the shift to IPv6 has been "When?" NOT "If". As of September 24th 2015, the American Registry for Internet Numbers (ARIN) announced it had issued final IPv4 addresses and the free pool for IPv4 addresses had reached “zero.” The time to prepare for your businesses' IPv6 transition is now!
Why Now is the Time to Start Planning
While a majority of the world's devices today are not yet compatible with IPv6, dual-stack technology ensures that legacy IPv4 devices will still work for the foreseeable future. However, soon IPv6 will be the only option for adding new devices or hosts on the Internet. Understanding the background behind IPv4 and the benefits of IPv6 are the first steps in proactive planning.
Computers use Internet Protocol (IP) to find one another and permit communication. IP Version 4 (IPv4) was developed in the early 1980s during a much simpler time in Internet evolution. At that time, 4 billion addresses seemed like a huge number! Since then, the number of computers attached to the Internet has multiplied many times over. Plus, our vehicles and many devices in our homes and pockets use network connections. With the growing trend toward the Internet of Things (IoT), the need for more addresses will multiply exponentially, leading to the current situation where the remaining IPv4 addresses are depleted.
IPv6 offers a significantly larger pool of addresses by using a 128 bit address: 340 undecillion (3.4 * 10 to the power of 38) IP addresses, which equates to around 10^28 addresses for every person on the planet! Although the main driver for the shift from IPv4 to IPv6 is address space, there is also a range of benefits for security, integrity and performance.
IPv6 Security Benefits
While there are several advantages of IPv6 transition, such as improved support for mobility, innovative platforms, and gains from simplified network administration, we are going to drill down into the increased security benefits.
IPv6 has been built from the ground up with security in mind, making many of the heartaches behind IPv4 and security a thing of the past. While end-to-end encryption was retrofitted into IPv4, it is an option that isn't always used. VPN encryption and integrity-checking is a standard component of IPv6, is available for all connections and is supported by all compatible devices and systems. Once broad IPv6 adoption is achieved, many of the security attacks of today will become significantly more difficult to perform.
Name resolution becomes more secure with IPv6, making naming-based attacks much more difficult and cultivating an improved level of connection trust. This is not to say that an existing application or service-layer verification should not continue to be used, however, unwanted redirection/observation of traffic between two legitimate hosts will become far more difficult.
With proper design and implementation, IPv6 networking will offer a significant security boost from existing IPv4 networks. That being said, proper deployment and configuration is a very serious issue. IT administrators are faced with a steep learning curve and must adopt a new approach to networking in order to ensure security concerns are addressed. Don't enable IPv6 until you're fully prepared!
How To Start Your IPv6 Transition Roadmap
Perform an audit of your current systems for IPv6 compatibility:
You should check all the devices connected to your network such as:
Routers & Switches
Firewalls & intrusion prevention systems(IPS).
If your equipment is five or more years old, it is a safe bet that it does not support IPv6 and will need to be upgraded. When you purchase new network components, ensure that they are designed with native support for IPv6. Look for products that are certified as IPv6 ready.
Create a Managed Migration Plan:
The next step in preparing your network is to create a plan to implement dual-stack. In a dual-stack network, devices such as routers and switches run both IPv4 and IPv6 at the same time, but will choose IPv6 as the preferred protocol when possible. Dual-stack allows you to phase in the new network protocol and gradually migrate your core networking components to IPv6 and then all of your endpoints, such as PCs and applications, including operating systems.
CenturyLink® Colocation solutions presently supports a Dual Stack configuration approach, which will route both customer IPv4 and IPv6 packets.
• An IPv4-only interface will route customer IPv4 packets, and IPv6 packets are dropped.
• An IPv6-only interface will route customer IPv6 packets, and IPv4 packets are dropped.
Software can be dual-stacked as well. Work with your vendors to determine if your applications are compatible with IPv6.
Audit External Facing Systems:
This step will ensure that the external components that connect your business to the Internet are IPv6 compatible. Check with your Internet Service Provider (ISP) to make sure your hosted email, web, and Domain Name System (DNS) servers are compatible with IPv6. Inquire if your ISP currently provides IPv6 connectivity and ask about the time line for your company’s website to be available as an IPv6 site.
There is no simple turnkey solution to make the shift from IPv4 to IPv6, although there are graceful transition plans to be examined and planned.
Each companies' road map will look different from the next, taking into consideration size, age and function, but education and planning are the keys to a smooth migration for all.
While most organizations will find a way to continue to operate in the IPv4-only world for a while longer, now is the time to begin planning for the transition to IPv6 to secure future expansion possibilities and ensure that the change won't negatively impact your business!