INTERNET PROTOCOL VERSION 6: Are You Sure You Should Not Be In It? - Guest Blog [Archived]

By Jennifer Bly

Should engineers bother with IPv6 yet? Network engineer, Anthony Kellar, gives his perspective on the issue.

Guest blog post by Anthony Kellar

Go to an I.T. conference and listen for the buzz words.  You hear the word, “Cloud”….and people stop to listen.  “Virtualization”…and engineers will already be aware of where we are heading.  “IPv6”…most people think, “Yea…someday…maybe next decade…when the sky is falling”.

I always considered IPv6 to be like the technology of “Frame-Relay”.  When I first started delving into frame relay, there was this weird “Data-Link Connection Identifier” thing, that worked between you and the Internet Service Provider, but, oh yea, it is locally significant, and it is a source identifier rather than destination.  Huh?  Really?

Then comes IPv6 and you see the IP address of “2001:db8:147:18cc::112:143”.  Really?  Imagine the help desk call.

“Yes ma’am.  May I have your IP address please?”

“Ummm…yes, it says 2001:db8 (silence due to cell phone) 14 yadyadyada”.

When most people just look at an IPv6 address, they just think “Don’t understand it!  I don’t like things I don’t understand.  Let’s move on.”

But wait!  It get’s worse.  You buy a Windows machine and you find these totally strange adapters such as Teredo, ISATAP.  You didn’t ask for those!  Why are they there?  What is the impact to your network?  Why does this one have numbers and letters?  Most people aren’t interested…so they move on as long as Facebook and Google are working efficiently.

What I contend, is that we need to get our minds around IPv6.  Not because of the “coolness” factor…but security in what we are doing!

Let’s take an example of a small business.  Most of them do not have a full-time engineering or security staff…they are just working away…using their tools to make their day go….leveraging their computers and network to perform its responsibility…make me money.

A bad guy walks in the door and gets access to the network closet.  He notes that everyone in the company left the machines to the default…with IPv6 enabled.  He also knows, IPv6 is not being used.  What keeps that guy from installing a router and/or PC, putting IPv6 on one interface so that it is the router for the LAN, and putting IPv4 on the other…so that it talks and TUNNELS IPv6 within IPv4.  What did he possibly become?  A man-in-the-middle.

So what is the IT department to do?  Turn off IPv6 and all tunneling adapters from each PC?  Sure…for a small business, I would recommend such a course of action.  Why have your PC try to discover an IPv6 router if one will never exist?  But what about an enterprise?  What are you doing in the long run?  You are turning off a protocol, that someday, may become an intricate part of your corporate infrastructure.  Although a short term fix, this could result in later headaches…running around turning back on what you turned off earlier….then to find you double your headache as you now need to spin IPv6 up.

Let’s face it.  IPv6 is NOT going away.  It gains momentum daily…however small.  There was “World IPv6 Day”…network providers are going from test to realism, manufacturers are building operating systems to prefer IPv6 over IPv4, and it is well known that the Department of Defense has stated all devices must at least be IPv6 capable.

As an engineer, I say learn it…integrate it where it makes sense…SECURE AGAINST IT if you are INCAPABLE OF using it…and SECURE IT IF YOU CAN PRIOR TO RUSHING TO LEARN IT.

Hmmm…rushing to learn it?  There have been “Doomsday” and “Chicken Little” followers stating “IPv6 now as IPv4 is going to quit working some day”.  Nothing can really be further from the truth.  The Internet and organizations will always use IPv4 to some extent.  However, we must pay attention to those out there who are aware of the real problems that exist.

Mobile devices are growing by leaps and bounds; more and more “non-Internet” enabled devices are becoming Internet enabled (TV’s and automobiles for example)…but this is not where the explosion is going to occur.  Devices are going to find Internet presences as a result of their invention!  We don’t really know what those devices are yet…they haven’t been invented yet.

However, I conceptualize that when that big thing comes…everyone will own one.  Everyone will flock to use it…as it is about improving our lifestyle.  And when we consider that a large portion of this planet is not Internet enabled yet…it will be someday…somehow.

The smart engineers out there are embracing the technology of IPv6…and learning it now…so they can design it, they can architect it, they can use it, and oh yes, they can secure it.

Involving yourself in IPv6 today is not about becoming part of the “uber-smart” clan…it is about learning an architecture that is gaining momentum, and being prepared when the real necessity occurs, that you must provide a service to a user that is not IPv4 enabled…but IPv6 only.

I am reminded of one of my favorite quotes from the movie “Under Siege 2”, “Fortune favors the prepared mind”.

Anthony Kellar

Network Engineer

Blog: www.network-chef.com

Any views, positions, statements or opinions of a guest blog post are those of the author alone and do not represent those of ARIN. ARIN does not guarantee the accuracy, completeness or validity of any claims or statements, nor shall ARIN be liable for any representations, omissions or errors contained in a guest blog post.

Any views, positions, statements or opinions of a guest blog post are those of the author alone and do not represent those of ARIN. ARIN does not guarantee the accuracy, completeness or validity of any claims or statements, nor shall ARIN be liable for any representations, omissions or errors contained in a guest blog post.