My previous two posts have been about the address planning process and how to break into the IPv6 integration process. I’ve tried to show that IPv6 is a task that you should be interested in and that it is not an intractable problem. However, I know that some people are still questioning why they would ever want to take this task on. I typically hear comments along the lines of “IPv4 is working for my organization and we’ve got plenty of address space to grow the business. There is nothing interesting on the IPv6 Internet. We don’t need IPv6.” With the successful World IPv6 Launch and over 3500 web sites now IPv6 enabled, the IPv6 Internet has grown in size and demonstrated that IPv6 transport is a viable way to deliver content and services.
I won’t spend too much time discussing it here, but I will remind everyone that IPv4 address depletion is a very real problem. It is not something to be lightly ignored, and it will impact your business and the services you offer whether you like it or not. I see two areas where IPv6 is going to have to be a part of future plans: customer/partner interaction and security.
1. Customer and partner interaction is one of the first areas where IPv6 will start to show up. The question that must be answered here is “How will my organization interact with customers and business partners that might find themselves on IPv6-only networks?” The number of devices that need network connectivity is growing, and those devices will need addresses. Cisco’s Visual Network Index (VNI) predicts that by the end of 2012 the number of mobile devices will exceed the world’s population. This demand places a greater strain on an already limited resource, IPv4 addresses. Another way to phrase the previously asked question is “How will my organization interface with those users of these mobile devices whether they are customers, business partners or internal users?” While the question has many answers, how you as an organization deal with IPv6 transport is at the core of the answer. Cisco has published a Cisco Validated Design (CVD) that deals with how to integrate IPv6 at the Internet edge.
2. Security is another area where IPv6 is going to be a concern. At this point I tend to get some questioning looks on why IPv6 security is a concern to my organization if I have no plans of ever running IPv6 in my network. My question back to you is – are you sure IPv6 is not running in your network? Your network might be providing IPv6 services without you having any awareness. The point here is that as you introduce new devices into your network, those devices are going to have an IPv6 stack and that stack will be enabled. Even if you go through the pains of disabling the IPv6 stack everywhere, is your network instrumented well enough to detect rogue IPv6 implementations? Is your network and security staff trained well enough to identify and deal with IPv6 on the network? These questions must have positive answers or your network and the services it offers are at risk of compromise.
To reinforce the security point, I’ll draw an analogy to the time when wireless network connectivity was just getting started. The technology was not well understood and corporate policy at the time typically forbade anyone to connect wireless access points (APs) to the network. The issue in this case is: how do you enforce that policy? For most IT organizations at the time, enforcement meant installing a wireless NIC into a laptop and roaming around the campus to see where rogue APs had been implemented which is not scalable or reliable. Rogue AP detection was greatly simplified and more accurate when a native wireless implementation was in place and the IT organization understood both the technology and the design. IPv6 is following a similar trajectory. Most corporate policy either has IPv6 turned off or does not acknowledge it. The IT organization is still in the beginning stages of understanding the technology and has yet to put the proper architecture and designs in place. The network is not instrumented to detect and identify IPv6 traffic and policies are not in place to deal with it if it happens to be discovered. A native IPv6 deployment will change the landscape and allow the IT organization to properly grow and scale the network and services that the network offers.
The underlying theme here is growth and how to handle that growth. Planning has to start now for how to grow and secure your organization in the face of the new connectivity models. You must have an answer for how your organization will interface with customers and partners regardless of the networks they are attached to. lt is also essential for your organization to know how to deal with the integration of new devices into the network and their IPv6 capabilities.
Are you embracing IPv6? If not, what is holding you back?