Sound the death knell for IPv4

Internode's John Lindsay

2011 marks the death of Internet Protocol version 4 (IPv4) but companies and ISPs are largely yet to deploy its successor, IPv6. James Hutchinson looks at the state of the market and what is holding the new protocol back.

The apocalypse is here; the 4.3 billion unique client addresses once made available by Vinton Cerf and the founders of the internet in 1977 are rapidly disappearing.

At time of writing, the global internet registry, Internet Assigned Numbers Authority, is depleting its last allocation of IPv4 addresses with final stock expected to go by February.

Asia Pacific regional internet registry APNIC is the next victim. Its cache of 32 million remaining addresses will be halved by August. Proposed policy indicates the final 16 million addresses will be selectively distributed only to member organisations which have a “viable IPv6 deployment strategy”; a last-ditch measure to delay the death of a standard the world has outgrown.

Much of this growth has been attributed to China and South Korea, two of the fastest growing internet economies. Australia isn’t far behind though; with 9.6 million addresses distributed in 2010, it ranks fifth in speed, due to the influx of iPhones, iPads and competing mobile devices.

Each new device requires a unique address to access the internet, and there is simply not enough to go around.

Yet, none of this is particularly new. IPv4 address exhaustion was first identified in the 1980s and a task force established in 1990 was tasked with discovering a fix. The protocol’s alternative and ultimate successor, IPv6, has been available for adoption since 1998.

But just under 13 years later, APNIC research indicates that only four per cent of end-user client devices surveyed in recent months would use IPv6 if forced by a compatible website or server. In a dual stack environment — where both IPv4 and IPv6 are available — only some 0.2 per cent of those devices would opt for the newer, and most current, protocol.

So why has no one made the switch?

Next: Beating the flood

Page Break

Beating the flood

With pundits from all corners of the industry trying to progress the issue, there are hopes a “killer app” will prompt the switch to the new protocol sooner rather than later.

“If you find the enabling technology, there’s no reason why you can’t take advantage of IPv6 now without worrying about address exhaustion,” says Qing Li, senior architect at network vendor Blue Coat.

For Internode carrier relations manager, John Lindsay, it’s a matter of finding the right users.

“There’s intriguing little corners of content out there now that are v6 only which have been largely put there by people who would like to see v6 adopted more rapidly,” he says.

“We may find that if a huge pile of Chinese-language content was only available via v6 then you’d see an awful lot of Chinese-speaking internet users being very keen for their ISPs to support IPv6.”

It’s not that support doesn’t exist. All modern operating systems support IPv6 to some degree, and mobile devices are fast enabling the protocol as standard.

Lindsay’s own company, Internode, has become a champion of IPv6 adoption within Australia. Since late 2009, the service provider has run a live trial of the protocol to residential ‘power users’ and currently counts 200 IPv6 customers online at any time. Production-quality IPv6 services are also available for business users.

The same, however, can’t be said for most major Australian providers.

“We’re definitely talking v6 with a lot of the major operators in Australia, we’re just not seeing a lot of traffic from them,” Lindsay says.

According to APNIC chief scientist, Geoff Huston, the lack of movement on the issue comes as a direct result of device manufacturers, service providers and network operators playing a finger-pointing game on who should act first.

“They all blame each other,” he says. “It would have been good if they had all stopped [arguing] a couple of years ago and the industry realised that next year’s growth is all about v6. The only way you can figure there’s a cliff in your path is to actually jump over it.”

The move toward mobility has highlighted that schism, accelerating IPv4 address consumption at alarming rates. It’s a problem that Huston says could conceivably lead the world back to “hermetically sealed walled gardens”, similar to the bulletin boards and bridged Ethernet networks that preceded today’s open and largely ungoverned internet.

“By the time the consumers are aware of that, it’s maybe all too late,” he says.

Next: Ahead of the pack

Page Break

Ahead of the pack

For Melbourne’s Monash University, however, IPv6 is a thing of the past rather than future.

Boasting one of the few comprehensive IPv6 production environments in Australia, the university has seen vastly improved use of the protocol since switching internal access networks across the past two years.

According to John Mann, senior technical consultant at the institution, IPv6-enabled incoming traffic on the Monash Web server has averaged 15 per cent in recent months, while eight per cent of overall incoming traffic is enabled for IPv6.

Monash servers also handle 200GB worth of IPv6-enabled traffic per day, largely from Google where the institution hosts its staff and student email. Mann says the protocol has become useful in keeping traffic afloat more than once when Google’s v4 equivalent became unavailable.

Initially begun as a testing environment for masters’ students in 2002, the university’s foray into the protocol soon became a part of AARNet’s research network GrangeNet, allowing students and staff to test the protocol’s potential uses.

Mann oversaw deployment of the internal environment, carried out between November 2009 and February 2010, accomplished without a set budget from management. As a result, IT was prevented from conducting a ‘rip and replace’ project, instead prioritising IPv6 as part of the regular equipment refresh cycle.

“Management have accepted the need to move to IPv6 but there has been scepticism of the speed required... they lack the sense of urgency required to update all the servers, clients, back-end and security procedures in time,” he says.

The current network, a dual stack environment, is now largely free of the teething problems initially witnessed from routing issues on Windows Vista and student-owned devices.

In an environment of 50,000 unique client devices and approximately a thousand servers, the project has been completed in a relatively short time but a complete IPv6 environment remains a lofty ambition.

Mann expects IPv6 traffic to grow steadily within the university as it continues rollout of Windows 7 and Windows Server 2008 R2 across equipment throughout the year, as well as continued proliferation of IPv6 among student devices.

IT staff hope to take advantage of a fully native internal network to enable Microsoft DirectAccess, a feature of the software giant’s modern operating systems-enabling authentication of remote access users without a virtual private network.

However, more importantly, quick acting has given staff the required knowledge to cope with wider IPv6 deployment and maintenance while the rest of the industry slowly catches up.

Next: Take it easy, do it fast

Page Break

Take it easy, do it fast

For all the strain that IPv4 address exhaustion poses, a complete switch to IPv6 à la Monash may not be completely logical, at least in the short term.

“It’s too big a task to take an IPv4-literate corporation and write a complete soup-to-nuts IPv6 plan that’s going to be perfect the first go,” Mann says. “The most important message is to start off a small IPv6 test project on something that’s visible but not mission critical. It’s vitally important to get some real IPv6 experience so you can see what it looks like.”

For APNIC’s Huston, it’s a matter of working out the external, public-facing aspects before even worrying about the internal access network. The private addresses afforded to even large corporations are likely to afford some leeway for the five to six years required to garner a sufficient base of knowledge within the enterprise.

“Their internal networks are not as critical as long as they’re not expanding... they can probably persist in doing that for some number of years without any particular problem,” he says.

“There are some enterprises, particularly in the ISP arena, that need to do this quickly but in any other, you need to spend your money wisely and wait until you can see a fair deal of confidence that this is worth doing.”

Both Blue Coat’s Li and Internode’s John Lindsay point to the changing security landscape as a key cause of concern in the switch to a new protocol; after all, IPv6 is a whole new language.

“You need to be taking a long hard look at what your firewalls can support,” Lindsay says. “Just turning on v6 is often not an option in a corporate managed desktop, largely because of how much stuff looks at v6.

“At the end of the day when you find yourself without a v4 address that you can allocate to a server or a customer, then your business growth comes to a screaming halt.”

It may not be an apocalypse as such, but the historically slow behemoths of enterprise must act quickly to avoid falling behind.

When scarcity bites

Though IPv4 addresses have so far lacked any real value of themselves, their increasing rarity is likely to change that. Financial markets are inevitable in a migration to IPv6, according to APNIC’s Geoff Huston, but it is important to block potential black markets from appearing.

“There’ll be folk for whom the need is still desperate,” he says, referring to some companies’ continued need for IPv4 addresses.

Several industry watchers have warned of companies and individuals unloading excess IPv4 addresses, selling them to available buyers — even multiple times for a single address.

“If you have chaos in addressing, sending a packet into the network because a game or roulette because you don’t know who’s got that address on any particular day or if it’s even unique,” Huston says.

In an attempt to mitigate such attempts, and keep any financial markets ‘white’, APNIC has established a transfer registry allowing address holders to advertise such moves.

“As to how much money changes hands and how buyer and seller manage to interconnect — we’re not running a trading floor — but as a registry we’re well and truly aware of the fact that as we stop giving away addresses, markets will exist,” Huston says.

There’s no guarantee that such a registry will completely eradicate posing problems, however.

Follow James Hutchinson on Twitter: @j_hutch

Follow Computerworld Australia on Twitter: @ComputerworldAU