Six Steps to IPv6
The Internet Assigned Numbers Authority (IANA) is the entity responsible for handing out IP addresses for the Internet. IANA has announced that available IPv4 addresses, the ones we are most familiar with today with four groups of numbers, has come to an end. Within IANA, there are five regions around the world (known as RIRs), each providing IP addresses for devices within that region. IANA distributed the last blocks/groups of IPv4 addresses, one block of /8 addresses, to each region on Feb 3, 2011. This now means that IANA has effectively run out of addresses, and once each region is out, there are no more. APINC (Asia Pacific region) has already exhausted the new block, and have since allocated measures to make them last as long as possible. It is expected that RIPE (Europe region) will be next, with all others soon to follow. Even if addresses are still available, many regions are choosing to hold onto them rather than allocate them in preparation for IPv6 transition.
IPv6 is the solution to the IP address problem. It is not a new standard, but one that has been largely ignored in recent years due to still having so many IPv4 addresses left. That time is now over. To continue to ignore IPv6 could cause any number of potential problems including inability to migrate to IPv6 when there is no longer a choice, complete loss of connectivity with the Internet, and no longer being competitive with other organizations whose systems are primed for IPv6 and ready to move to the next generation of Internet addressing and use.
Luckily, IPv4 and IPv6 can coexist within a network, and this is very good since the changeover will take years. This means that organizations will have to support both in at least the interim in order to continue complete Internet operations. This technique of supporting both IP versions at the same time is known as dual-stacking. It was developed due to the limitations of the IP versions, particularly with each other. IPv4 and v6 are not compatible and cannot speak to each other at all. Thus support for both must be maintained in order to utilize them at the same time during the migration process. Moving too quickly or only supporting one or the other is almost guaranteed to lose some connectivity or communication until a total world changeover is completed. To assist organizations with this changeover, IP Address Management (IPAM) solutions will be required. These are programs or packaged solutions that find IP addresses on networks, and help administrators with management tasks such as what is in use, available, and how to consolidate. A solution in this case is required due to the very large amount of addresses in IPv6 where as a spreadsheet or other manual process will not be large or fast enough.
In this document, the benefits of moving to IPv6 sooner rather than later will be examined. In addition, IPAM will be introduced and discussed for its purpose, as well as an approach and plan for the migration.
IP Address History
IPv4 dates back to the 1970s making it quite old in technology terms. It utilizes 32-bit addresses, each 8-bits making up one octet of the address (or one number). Of course, back then the Internet was not nearly as large and used as it is today. This scheme for the time was huge, but in this technological Internet age it has become very small. Over time, all of the addresses were simply handed out for various purposes from huge organizations to web hosting services; anything on the Internet must have some kind of Internet facing address. Network Address Translation (NAT) was developed to slow the expiration of IPv4 by allowing those public facing addresses to translate into private addresses within organizations. This means that while you see one address on the outside, it actually is another (one of potentially thousands) inside, but that doesn’t matter to us because that system translates the addresses and allows us to view the content. However, this still did not create new public addresses, and only delayed the inevitable. It also caused complexity by adding another link in the chain to connecting people and information over the Internet. Instead of going straight to it, you went to the address, got translated to the NAT address, got sent where you actually wanted to go, and rinse and repeated for nearly everything.
Now here comes IPv6 and a huge volume of addresses using 128 bits. At 4 times the size and utilizing hexadecimal (0-F) rather than binary (0 or 1) coding, the number of potential addresses increased exponentially. To put it more exactly, the number of addresses is in the undecillion, which is 39 digits long. It is expected to provide addresses for every device on the Internet individually and not expire for 200-300 years. It will also remove the need for NAT because it can address every device which makes connections direct between them, and adding NAT complexity to that amount of addresses would be nearly impossible to work with.
With the new IPv6 also come new features such as enabling mobile and embedded applications that simply do not have the space to be in the Internet with addresses today. Also, it can handle jumbo frames, quality of service, address families, and has built-in IPSEC. Most of these the average user will not know or ever need to deal with themselves, but it should be noted that we use them every day for various purposes like phones and file sharing, and the improvements will likely be noticed when it is all migrated. If for no other reason, it will be faster connecting directly to other IPv6 addresses rather than going through the translation and address jumping that exists today.
So why should anyone worry about IPv6 right now; because IPv4 addresses will soon be gone. It is estimated that by sometime in 2012 compatibility with IPv6 will be required. If your organization already has a plan in place, you are on-schedule. However, most have not even begun planning and should start as soon as possible. To begin the planning process, organizations should conduct an inventory of IPv4 addresses on their network and how they are used, assess devices for IPv6 compatibility, and begin developing a plan focused to IPv6 endpoints and individual device addresses. This is also only prudent planning for the future in general, for as soon as IPv6 becomes the standard, IPv4 will eventually go away, leaving organizations still using it off the Internet all together.
Other benefits, aside from staying online and on the Internet, can be found by planning and implementing today as well. There are advantages to being on the latest technology, especially when older technology cannot utilize it like in this case. Being able to handle IPv6 traffic means everyone else that can view IPv6 connections will use your organization, and not another organization lacking behind. It also reduces risk and cost by integrating the move now with other and future projects, rather than continuing using the IPv4 standard now, then reworking everything all over again later.
IPv6 Migration Challenges
Migrating your organization to IPv6 will take significant time and effort. Tools like IPAM will become standard, but it will also greatly depend on your own knowledge of your system, and how thoroughly you planned. There are several factors to consider when planning your migration.
Hardware and Software Compatibility
You must ensure that your existing equipment, especially core communication equipment that connects your network to everything else and itself, must be able to support IPv6. This could be as simple as a patch or firmware upgrade, or could require completely new hardware or software. If it is critical and needed, better to know now rather than find out when it doesn’t work. Among the most notable of these instances is that Windows XP does not support IPv6 by default.
IPv6 Address Length and Volume
Next comes the IPAM to assist and manage the IPv6 addressing scheme. IPv6 is in hexadecimal and incredibly large, which translates to not user friendly. Even network administrators and those very familiar with managing computers and networks will likely find it difficult, eventually causing errors and cascading problems throughout. The length of the addresses will also cause problems for DHCP and DNS services, meaning they will need to be able to handle IPv6 naming and addressing (DHCP6 has already been determined to be preferred). IPAM can not only handle the large volume and length of addresses, but also integrate into DHCP and DNS services to help manage them as well.
IPv6 Address Interface
IPv6 addressing has also changed from IPv4, and administrators must understand this change in case multiple addresses are ever required on an interface, as well as familiarize themselves with new vocabulary. There are many new types of addresses that are similar to what we know today. As a brief description, global unicast indicates a unique public address. Local unique private IP addresses are unique private unicast addresses. Local link addresses are similar to non-routable IPv4 addresses and do not leave the network. Finally, the local loopback in IPv6 is defined at “::1″. Overall it is the same functionality, only on a much larger scale. How it is written is among the major differences that tend to intimidate organizations.
Dual-Stacking with IPv4 and IPv6
Dual-stacking means running IPv4 and IPv6 in the same network. It gives IPv6 compatible devices the choice of which to use, and while still limited to the number of IPv4 addresses available, has the benefit of having an IPv6 deployment ready for migration. This is the environment that organizations will likely run prior to completely migrating over to IPv6. There are other options such as “6to4″ that transmits IPv6 over IPv4, but have the same limitation of number of IPv4 addresses without an IPv6 deployment ready. Tunneling will also solve the problem of communication, but due to their masking of traffic cause problems to go unseen until it is too late. There is no requirement to run both IP versions either, but as a reminder from earlier, using only one will likely cause some kind of disruption and loss of connectivity at some point with the Internet and customers.
How Exactly Does IPAM Fit Into All This
IP Address Management (IPAM) is a solution that manages IP addresses on a network. It can determine what is available, used, and show ways to consolidate them. More importantly, it is robust enough to handle the huge size of IPv6 addresses. This alone is a major factor in IPv6 migration, but in addition it also integrates with and combines DNS and DHCP services by having the ability to provide nearly any view imaginable that deals with IP addressing, especially the huge length and volume of IPv6, offering significant time and effort savings over manual, homemade, or spreadsheet solutions not designed to handle these new functions. Let’s examine some specific areas where IPAM will assist in IPv6 migration more closely, along with six steps in getting to IPv6.
Step 1 – Discover Your IP Network
The first step, and notable IPAM feature, is discovery. IPAM is able to first determine the scope of IPv4 existing, used, and available on the network through use of an automated tool. It can also conduct a thorough inventory of the nodes on the network (nodes being PC, printer, anything plugged into the network). This will allow IPAM to determine what is IPv6 ready, enabled, and incompatible. Details from this inventory would include what needs to be upgraded or replaced in regards to hardware and software. The final phase of discovery deals with DHCP and DNS, ensuring they are IPv6 compatible and able to resolve and distribute IPv6 addresses. The goal of IPAM discovery is knowing what your network looks like, and its capability regarding IPv6 for better or worse so plans can be made now, not later when downtime becomes far more likely.
Step 2 – Plan Your IPv6 Implementation
The next step is planning using the IPAM discovery information. These plans can be as simple as tests, or full blown projects for deployment. From the discovery, they can include what to purchase for upgrade or replacement of hardware or software, training classes to support administrators and users, or a high level complete organizational requirements plan. The main idea though is to determine what must be changed or modified, and how best to accomplish these tasks for the least time and cost. As suggested earlier in this document, integrating IPv6 migration into existing technology plans removes the need to do things twice, which reduces both time and cost immediately, and implement the migration over a period of time. This will also include teams and roles designed specifically to accomplish these tasks, tackling the overall migration as a team with a structure. If planning is done effectively, IPAM will be able to assist when it is complete by tracking IPv6 the same way it did with IPv4 except for the details of hardware and software. It will know where the IPv6 networks are, its DHCP ranges, and be able to show them logically. It is important to note that this piece of IPAM is rather technical and works best with expertise. If resources are not available in your organization, it is best to work with an IPAM expert and solution provider. It is far better to add a small cost now rather than a large one later.
Step 3 – Model Your New Dual-Stack Network
Now with the discovery and modeling done, we’ll use IPAM to create a model of the migration. This will determine how IPv6 will look on your network when completed. It is important to use modeling to determine the impact in implementing IPv6 addresses onto the network, which may require changes to routers, interfaces, security policies, and so on. IPAM tools will assist in mapping IP data to business logic such as departments, priorities, or infrastructure using visual maps and models of the potential new infrastructure. Specific functions will include creating /64 and /128 networks and updating DNS, and creating/segmenting IPv6 address blocks. A test or lab environment is highly recommended during this phase to avoid any damage or downtime to the production network.
Step 4 – Map IPv4 and IPv6 Together
With modeling complete and a good idea of how IPv6 will be implemented into the network, it is time to map. This means mapping IPv4 devices to their IPv6 addresses and vice-versa. IPAM’s role in this arena is assisting in visualizing the current IPv4 network and the proposed IPv6 network together dual-stacked. In order to track the dual-stacked devices on the network, you still require a single common entity between the v4 and v6 addresses for the device (MAC and DNS hostname work well), of which IPAM can capture MAC addresses automatically. In this way, IPAM creates a single point at which hosts can be tracked, although they still utilize two different addresses. During this phase of implementation, organizations can also change their IP scheme if they like, since the addresses are being mapped at this time anyway. However, be very careful if readdressing the scheme is chosen at this time. Problems can occur if everything is not mapped correctly, and especially if the network ends up with two separate address schemes that do not correlate.
Step 5 – Implement the Plan, Model, and Mapping
With the planning phases complete, it’s time to implement dual-stacking. The main components here are utilizing all the IPAM information up to this point and follow the plan to a successful implementation. Of course no one can ever plan for everything, and there could be errors despite the most careful planning, or unforeseen circumstances can arise. IPAM is ready to assist here as well by quickly configuring new IPv6 address segments, which should work automatically due to IPv6 DNS being part of the implementation. Otherwise this will need to be done manually. After implementation, it is important to check network features to ensure they are working properly. Items such as security policies and other IPv4 specific dependant systems may need to be modified to address any connection or vulnerability issues.
Step 6 – Manage Your New Dual-Stacked Network
All projects and deployments require maintenance, and this one is no different. Continuing to use IPAM to track and manage IPv6 addressing and networking will reduce the excessive time and effort required to manage the dual-stacked network, and the IPv6 network itself. By using some of the same tools used in the implementation process, it will also be useful for troubleshooting a multitude of problems from general connectivity to security and policy compliance issues. Integrating DNS and DHCP services with IPAM will also serve to provide even more information through the IPAM solution, furthering its importance and functionality for your organization.
IPv6 is coming, and soon. Even as this document is written, IANA has already run out of IPv4 addresses, and each region around the world will soon be out of addresses to allocate. Waiting to address IPv6 carries significant risk to the organization in lost communication and potential lost revenue and customers. It is only prudent to start planning now for the future. Luckily, it is not as difficult as it seems, and with careful planning IPv6 migration and implementation can be smooth and easy.
Performing this task though will still require time and effort on the part of the organization. The network must be analyzed and planned for an IPv6 network. IPAM can assist with this by using several automated tools, views, and other integrated network features to perform numerous tasks. These include discovering how IPv6 will fit into the existing network, what needs to change, how it will look before and after implementation, and even assist in future management. While not absolutely required for IPv6 to work or migrate to it, IPAM is highly recommended for your organization to take advantage of IPv6 quickly and effectively, with minimal interruption, and maximum efficiency.