IPv6? No Problem, we’ll just use the same addressing plan as we do now!

(thanks to RIPE)

So, you are planning for IPv6? Have you thought about what you will do about the addressing? What’s the problem I hear, the addresses are the same except a lot longer?  Well yes and no. The addresses are a lot longer, but there is more.

While the IPv6 addressing structures are pretty similar to IPv4, there are also some differences which will need to be considered. These differences mean that you will likely have to create a whole new IPv6 design for your network. Like most technology problems, the earlier you start to think about them the more likely you will get a good outcome.

What do you need to consider? First, as I have written previously, there is not currently any standard NAT66 scheme. NAT66 may arrive, but when it does, expect version 1.0 to have issues. So one of your familiar tools may not be available when you are buildiong your new architecture.

Second, there is no exact analogue to the RFC1918 Private address space. RFC1918 addresses have been used extensively to minimise the impact of address depletion and to hide the internals of a network. There is a family of Unique Local addresses, which have some similar functionality, but they are not an exact replacement. The Unique Local addresses are slightly different in application.  Additionally, without NAT66, such an addressing plan would be difficult to implement.

There is also the issue that all devices generally use link local addresses for internal subnet communication, and a Unique Global address for off subnet comms, so all your devices will have at least 2 addresses, do you want to add the Unique Local addresses as well? Will

As well as the subnet planning, you will need to consider the impact of this change of addressing structure on your existing architecture, and how you will create a system in which the two address families can coexist and deliver the same level of service and security, without compromising the integrity of either.

Clearly, there is more to consider than a first glance would suggest. So as I suggested start planning early, the more planning space you can give yourself, the better chance of getting a smooth migration without unforeseen problems.

Posted in Uncategorized | Leave a comment

IPv6? No Problem, we’ll just use NAT… or NOT!

IPv6 is coming. It will be here soon. Just how soon for you I can’t say, but I am sure for some organisations no matter when it happens, it will be too soon.

What do you need to do? There are a number of things. The first would be to start planning. One of the parts of the plan will be to decide on an addressing strategy. One plan I have heard for this is “I will just replicate the network addressing I have by mapping all my IPv4 addresses into the IPv6 space and do everything the way I do now, including NAT. How hard can it be?”

Well like most things it’s not that simple. Your IPv6 addressing strategy is likely to be a bit more complex than that. In particular, NAT has complications. Historically, in the IPv4 world, NAT has been used for three main purposes;

- Overcome the depletion of addresses (or address amplification) – hide the internals of the network (Security by obscurity) – Provide for service provider independence (or network portability)

NAT was so successful because it served its purpose well. It did allow us to avoid or postpone issues with address depletion, and provide a level of security, but NAT was not without its problems. NAT breaks the fundamental premise on which the internet was built. This is that every device is able to connect transparently with every other device.

Many applications have needed “fix-ups” to allow them to cater for NAT, in particular applications which embed IP address information in other parts of the IP frame in addition to the address block. Two well-known applications in this class include SIP and DNS, but there are others.

There is no doubt that some sort of NAT to allow IPv6 devices to communicate with IPv4 hosts is needed. But the issues above may still be apparent. Rather than a NAT64 it may be that a better solution is an Application Level Gateway or ALG, which would be application specific and application aware. The need for such an approach would need to be considered for each of an organisation’s critical applications.

The use of NAT to translate IPv6 addresses, is more problematic . The IETF is actively discouraging the use of NAT in the IPv6 space, specifically NAT66 which would translate outside IPv6 addresses to different IPv6 addresses inside. There is discussion in the internet community about what may be required, and there have been several IETF documents submitted, but there are no active drafts. This means that while NAT66 may come at some stage, there is no current standard which vendors could use for guidance, so any NAT66 products will be proprietary. In addition to that any new applications may still break when faced with NAT66 and fix-ups will be required.

So, NAT will have a place. But when you are planning for your new IPv6 addressing scheme, don’t assume that you can just build a complete analogue of your existing IPv4 addressing structure. You will need to carefully consider your carrier and your security strategies. It may be that you need use different measures to meet your needs in the new IPv6 world.

Just one more reason to start planning early.

Posted in Planning | Leave a comment

Who cares about IPv6?

IPv6 is the replacement internet addressing system that was developed some time ago when it was hypothesised that the internet was growing so fast that it would run out of addresses. It was designed to be SO much bigger that the problem of address depletion is unlikely to occur again.

It has been more than 20 years since people started ringing alarm bells about the danger that the internet might run out of addresses. Since then the number of devices on the ‘Net has increased exponentially. Even now more devices are being connected, and despite the chicken little calls, the internet just keeps growing. Recently the newpapers were featuring stories about the end of internet addresses again as the central registry issued the last address blocks last February..

So, do you really need to worry, will ever really be a problem?

Well, this time, I think it may be time to listen. Why now you ask. Well a few things are different now, but a few things are still the same.

What has not changed much is that many carriers, who get no additional revenue, are saying that their customers are not asking for the IPv6 service, and are therefore not promoting their capability. The customers are not hearing much from the carriers and are concluding that the carrriers do not have a service. This is rather like a Mexican stand-off. So what has changed?

There are two things that have changed significantly and make break the stalemate. Broadly speaking the two things are Governments and population. Governments around the world are driving their departments and instrumentalities to be able to deliver services to users who are IPv6 connected. They are concerned that they may be charged with discrimination if any of their consumers cannot access one of the principal channels over which government delivers services. Mandates have been put in place in the US and Australia, and the European Union is also “strongly encouraging” government agencies and major corporations to adopt the new standard. So this will generate a demand that carriers must satisfy and therefore drive capability to the market.

The second adoption driver is population. There are more than 4.5 billion mobile phones worldwide and smartphones are quickly replacing these. That is driving the rapid increase in use of IP addresses. Along with smartphones, there are more people than ever connecting to the Internet. China has already established a very extensive IPv6 network infrastructure. And since China was only issued with 60 million addresses in the old system, their demand for connectivity is going to drive a very large IPv6 population online. India also has a huge population and large numbers of internet users.

The use of smartphones and the huge increase in user population is very likely to drive the development of new applications. As larger proportions of these user populations are likely to be IPv6 users, any new application created may be reliant specifically on features of IPv6 for operation. That would leave users or businesses who only have access to the old system at risk of missing out on being able to use the new application.

There is much uncertainty about when IPv6 may be needed. But, there is one thing on which there is unanimous agreement, it is coming. And you need to understand that we are a tipping point. The last addresses are being used, there are more users coming online, there are existing applications requiring mobility, there are likely new applications coming. If you have not worked out how you will deal with this you may be caught unprepared.

So, should you panic now? No. Should you have a plan? Absolutely!

Understand what your exposure is, and have a plan with some critical steps that you could implement quickly.

If you need more help on what and when you need to do I can help. You can get me at anthony.callanan@i3technologies.com.au

Posted in Uncategorized | Leave a comment

The Difference

When you are managing a complex infrastructure it is often difficult to tell the difference between what is needed and what your vendors want to sell, whether it be product or services.

That is what I3Technologies is intended to help with. To help you tell what is good (for you) and what is not.

I3Technologies is Anthony Callanan. I have worked in IT for 25 years. I have worked on all sorts of communications systems, going back to the early days of LAN technology. I gained my CCIE in 1998 and  have worked on a variety of Cisco routers and switches.

I moved on to IP telephony and Converged Communications systems and I have worked on Cisco, Asterisk and Microsoft telephony systems, and interfaced them to other vendors systems. Most recently I have been looking at the impact of IPv6 on IT Infrastructure.

I believe that I can help you, by giving you an independent view about how your IT infrastructure may need to develop. In particular what you need to do to get ready for IPv6, and how to plan a transition to a Unified Communications network.

You can contact me on 0402189755 or at anthony.callanan@clearwatercoffee.com.au

Posted in Uncategorized | Leave a comment