A Long Way to Go?
Harpreet Singh, Sr. Solution Architect, Cisco Advanced Services, Cisco India and SAARC
Although IPv6 has been on the radar for about two decades, the deployment on the networks was delayed due to multiple reasons
The internet uses the TCP/IP protocol suite for its functioning. IP or Internet Protocol is the protocol that provides a unique address to each endpoint connected on the Internet and makes it reachable on this network of networks called the internet. The version of IP in use for most time has been version 4, commonly written as IPv4. As the internet evolved from an experimental network to the state we know it today, we have increased dependence on it and at the same time have run out of the number of unique addresses available. The IP protocol was enhanced to a new version (IPv6) primarily to support more number of addresses.
Although IPv6 has been on the radar for about two decades, the deployment on the networks was delayed. This can be attributed to multiple factors: non-availability of IPv6 transit from service providers, lack of IPv6 support in major operating systems and host systems, lack of IPv6 support in application software, lack of I Pv6 content, etc. However, in the last couple of years, significant progress has been made in the areas of IPv6 support and readiness in all domains.
Subsequently, June 8, 2011, was observed as World IPv6 day, aimed as a one-day experimental flight for IPv6, followed by June 6, 2012, which was observed as World lPv6 Launch Day, when IPv6 was turned on by the major companies on the internet. India has seen a lot of momentum in this domain, and National IPv6 Deployment Roadmap has been published by the Department of Telecommunications (DoT). There have been guidelines from multiple agencies for enabling iPv6 on the networks across government networks, PSUs, banks et al. However, the lPv6 adoption in some sectors has been slow, primarily because of a lack of clarity on the approach.
A Road to IPv6
The path to IPv6 needs a well-planned approach, which weighs the business needs and balances them against the risks of a network wide deployment. Here we talk about the challenges to IPv6 enablement, and present a methodical approach to IPv6 migration to minimize the business risks.
What gets impacted by a change in the IP version?
The evolution to a new version of IP started way back in the early 1990s, and RFC standards were published as early as 1995 defining version 6 of IP, called IP next generation or IPng. The standards evolved with time and brought about major changes not only for address expansion but also simplification of IP headers, ease of operations and management of networks, and to enhance privacy over networks. Routing protocols were enhanced with extensions (eg ISIS, BGP), or modified (eg OSPF, RIP) to support the routing of IPv6 packets.
The Internet relies on a whole lot of supporting protocols for the world- wide web (www) to function. The most commonly used being the Domain Name System (DNS) that resolves the website names into IP addresses. Extensions were defined for the DNS standards to include mapping names to IPv6 addresses by the use of AAAA records. The endpoints connected to the Internet (both hosts and servers) utilize the TCP/IP stack of the operating system for connectivity. The operating systems were modified and enhanced for supporting this new protocol (IPv6), and hence newer versions of operating systems were developed.
To get a holistic view of the impact of enabling IPv6 on a network, let us look at how an application runs over the Internet, and what are the components involved. The application typically runs on top of an operating system on a server. The operating system (OS) implements the TCP/ IP stack along with the DNS resolver functions. The application then invokes specific interfaces on the TCP/IP stack known as sockets to run on specific ports. The client application uses the same methodology on its side, and sends the requests over an IP network. When the network is enabled for IPv6, not only does the network need to up-grade to implement the routing and handling of IPv6 packets, but the operating systems and the applications also need to change to be able to handle IPv6 packets. Further, the clients and applications need to be able to utilize the sockets for IPv6, and talk to the DNS systems to query and interpret the responses tor domain name mappings to IPv6 addresses.
This change to IPv6 cannot happen overnight, and the reality is that most of the endpoints, and applications on the Internet would still be on IPv4. Hence the network and end systems need to support IPv4 and IPv6 at the same time. Further, some sort of translation mechanisms might be needed for IPv4 only systems to talk to IPv6 and vice-versa. Hence, the migration to IPv6 needs to be carried out in a systematic manner, weighing the pros and cons of the approach to be taken, and the speed at which this migration needs to be carried out. The sections below talk about the challenges and considerations for each part of the system defined above for IPv6 enablement on a network.
IPv6 Enablement Approach:
A methodical approach to any problem is to find answers to the questions, why to change? What to change? And how to change? Having established the why to change and what to change, let us focus on how to change aspect in this section. Some of the key areas to be considered for the IPv6 enablement for the applications and the key decision points are as discussed below.
- Business requirement and readiness: A key decision factor before planning for any change of a network wide magnitude is the businesses case for the change. Extending the reach of services to the new wave of customers who are on IPv6 is a key business driver for organizations. There could be sector specific mandates for IPv6 enablement, eg: for the Banking & Financial Services Institutions (BFSI), and government PSUs. A key factor to consider given the amount of work involved is to segregate the business requirements to a phased plan, and create a long-term and a short-term plan. A short-term requirement would translate into providing IPv6 Internet access to the Internet facing applications and services, and the long-term access would mean that the internal networks are also IPv6 enabled. This requires creating a long-term architectural roadmap for the network that is aligned to the business needs and the network design of the organization. A migration strategy needs to be created and documented that defines the overall roadmap with timelines, and the relevant technical approaches to be taken during each stage, and which is aligned to the product refresh cycles in the network.
- Infrastructure readiness:- Network/ Applications/End systems: The IPv6 enablement of the network is a phased approach, and has multiple touch points like the network, endpoints, and applications. Each of these needs to be assessed for the ability to run over IPv6. It is important to evaluate all these pieces not only from a compliance perspective, but also a performance perspective. Enabling a new protocol and having the network run IPv4 and IPv6 both would mean more work for all devices. It needs to be ensured that the elements would be able to cater to the increased load without any significant performance degradation. It is also important to have an exception policy in place and consider the lifecycle of the elements and weigh the cost benefit analysis of the cost of upgrading an element versus the business value of that element in the network, and the lifecycle stage in the business environment.
This needs to be done for all net-work equipment which not only includes the switches and routers, but also the equipment in the data centers like server load balancers, firewalls, intrusion detection/ prevention systems, etc. The IPv6 connectivity from the IP bandwidth provider also needs to be considered, and integrated into the overall plan. This involves careful analysis of the available hardware and software to sup-port the feature sets required at different places on the network, and ensuring that there is an end to end architectural approach.
Endpoints and applications needs to be assessed for their readiness to support IPv6. This includes having the right operating systems, and associated security patches. This applies to all the physical and virtual elements including virtual machines that might exist in a DC. On the application side, this involves assessing the applications not only to invoke the IPv6 stacks, but also to ensure that there is a backend mechanism in place to track and keep the audit logs for users that would come in from IPv6 endpoints. This might mean extending the database structures of the backend applications to store IPv6 addresses that longer, and have a different format. There could be other dependencies like hardcoded IP addresses in applications. Ultimately, all these elements need to be mapped to business processes and accounted for a business process readiness. There could be some applications/ endpoints/ network devices in a business process flow that might not support I Pv6, making the entire transaction fail over IPv6.
The network needs to be operated and maintained at the same level of security after implementing IPv6 on the net-work. This means having a secure and proven design for the entire network, and building the skillsets in the teams to manage the network. Identifying the right skillsets within the organization that understand the intricacies of a new technology, creating awareness among users, and providing adequate training to the operations team is a key task that needs to be undertaken along this journey. Engaging professional services from experts where the organization lacks the right skillset makes sound business sense rather than taking an ad-hoc approach, which might have long-term ramifications for network security and scalability.
IPv6 is the enabler that would help us expand the reach of the Internet and connect the remaining 67% population of the world that is not connected to the Internet. IPv6 would also bring to reality a whole new world of applications ranging from Internet of things to smart grids, and would be a key enabler for businesses to expand their reach and drive growth. It is imperative that every stakeholder viz service providers, content providers, organizations, end users, etc, work together to enable IPv6 on their network. Focused action would start after set-ting up a task force within organizations that can interact with the various stake-holders involved ex: network, security, applications teams within the organization, external vendors and system integrators, and their professional services teams. The vision can be realized by creating an architectural roadmap in a phased manner that minimizes the risk of business disruptions, and helps reap the benefits of this new technology.