An ADTRAN White Paper IPv6 in the U.S. Market Has it Arrived
IPv6 in the U.S. Market The Push for IPv6 For years, Internet Protocol Version 6 (IPv6) has been looming as the solution to the numerous perceived problems of the IPv4 networked world. Benefits such as increased address space, enhanced security, and greater functionality have been used as a justification for a transition to IPv6. Despite the improvement IPv6 offers, it is increasingly apparent that the time and effort necessary to begin the transition are delaying its widespread deployment. This can be attributed to many factors: The United States (U.S.) pioneered the IPv4 infrastructure The U.S. market has a huge percentage of the worldwide allocation of IPv4 address space Technologies that increase the efficiency of IPv4 network addressing to a sufficient level are widely available Security measures for IPv4 were developed out of necessity, reducing the need for a change based on secutity issues alone With these factors taken into consideration, it should also be noted that considerable costs are involved in a transition to IPv6, and while IPv4 is a well established, mature technology, IPv6 is not yet widely supported. Address Shortage The push for a transition to IPv6 was driven, at first, by a fear that the available supply of IP addresses would soon come to an end. IPv4 addresses are 32 bits long, while IPv6 addresses are 128 bits. While IPv4 offers approximately 200 million assignable addresses, IPv6 provides trillions. The need for such an addressing system can be attributed to the proliferation of Internet-enabled devices, Internet technologies, and the worldwide increase of Internet users. Countries such as China, Korea, Japan, India, and Russia have a growing need for IP connectivity. Likewise, there is rapid growth in the number of IPenabled user devices being deployed such as mobile phones, appliances, and vehicles. To address this growth, IPv6 provides the increased address space needed to accommodate a networked world. However, in the United States, this address shortage has not been realized. As much of the world nears an Internet address crunch and global momentum is growing for a new addressing system, few analysts expect the problem to affect the North American market in the near future. While other countries missed out on the "gold rush" of address acquisition and have to find alternative means of addressing, the United States owns almost 70% of all available IPv4 address space. Because of this, most large enterprises have address blocks so large they have never felt any crunch for addressing IPv6 at all. 2 IPv6 in the U.S. Market
CIDR Another reason for the longevity of IPv4, despite it s limitations in address space, can be attributed to Classless Inter-Domain Routing (CIDR), which has resulted in much more efficient distribution of addresses. The original approach of assigning Class A, B, and C addresses with a generalized network prefix resulted in very inefficient address allocation. In fact, it was originally estimated that all available IP addresses would be allocated by 1994, with only 3% of them actually being utilized. CIDR has resolved this problem. Supported in modern routing protocols such as RIPv2, OSPF, and BGPv4, CIDR assigns addresses in much smaller increments than the class identifiers of 8, 16, or 24 bits. Using prefixes anywhere from 13 to 27 bits, address blocks can be assigned in groups as small as 32 hosts or as large as 500,000 hosts. This provides address space that more closely fits an organization's specific needs. Security Concerns While IPv6 has IPSec inherent, companies are already using IPSec or Secure Socket Layer (SSL) VPNs on IPv4 networks. With the same technology available on a protocol already implemented on the network, it is difficult to justify a transition to IPv6 on the basis of security alone. In fact, during the early stages of the transition, IPv6 may actually incur additional security risks when compared with an IPv4 network. Since the transition from IPv4 to IPv6 will not happen immediately, newly implemented IPv6 equipment generally needs to remain compatible with IPv4 devices. This results in the need to secure two networks simultaneously. Furthermore, since IPv6 has had limited use as a mainstream protocol, during the early stage of IPv6 deployment vulnerabilities have a greater potential to be exposed. As an example, a flaw that could cause a Denial of Service (DoS) attack was recently discovered in a leading vendor s IPv6 routing software. NAT Furthermore, Network Address Translation (NAT), allows administrators to hide up to 254 computers behind each globally routable IPv4 address. This not only helps conserve IP addresses, but also provides security by hiding the IP addresses of internal devices. It also provides anonymity as well as an additional security point on the network. One issue with NAT is the resulting break in end-to-end applications behind NAT devices. However, current peer-to-peer technologies are able to circumvent NAT, resulting in secure end-to-end communication without a conversion to IPv6. NAT, in combination with CIDR and the U.S. market s abundant supply of IPv4 address space, results in more than enough IPv4 addresses for the U.S. market for years to come. An ADTRAN White Paper 3
Limited Demand in U.S. Market With little momentum for an IPv6 transition in the U.S. market, many experts feel that what is being done domestically with IPv6 can be perceived as an attempt on the part of equipment vendors and service providers to differentiate themselves. With no motivation to migrate, little support is available for IPv6 networks in the U.S. As of 2004, only one Internet Service Provider (ISP) in the nation, Verio, provided IPv6 connectivity. These addresses are generally only used for academia, test beds, and research. In fact, during the IPv6 public meeting in July 2004, it was announced that only 75 IPv6 addresses had been allocated in the U.S. thus far. Currently, the only significant push for IPv6 technology is in the U.S. military. The Department of Defense (DoD) plans to transition its existing Global Information Grid Network, based at University of New Hampshire, to IPv6 by 2008. However, the U.S. government has the benefit of a unique network and a substantial budget. In the battlefield, such an addressing system may be beneficial, while in the domestic enterprise market there is little business justification to migrate. The general consensus in the U.S. market is that IPv6 is something businesses are going to look into, but not implement in the near future. Cost to Transition The cost to transition to an IPv6 network is another deterrent. This involves upgrading IP stacks on network gear as well as end nodes such as PCs and servers. Furthermore, applications will need to be rewritten to handle the increased size of an IPv6 address. There is a significant amount of money associated with reconfiguring and replacing these devices. Network equipment will need to be upgraded or replaced, software reprogrammed, subnets reallocated, and all hard-coded IP addresses changed. This will not be a simple task. Delays and downtime as a result of installations, configurations, and troubleshooting will be extremely costly. Training costs are another concern. Businesses will need to think about 128-bit addressing based on MAC addresses in hexadecimal format. New approaches to configurations, address assignment, and security are involved. This new approach will be a difficult change for many organizations. Issues with Migration A transition to IPv6 will not happen overnight. Rather, there will be a period of transition when both protocols are in use over the same infrastructure. When the time comes, making an upgrade to IPv6 necessary in the U.S. market, it will be a gradual process involving nodes that can communicate with each other in a mixed environment. As a general methodology, migration from IPv4 to IPv6, the following steps must be performed: Upgrade applications to be independent of IPv6 or IPv4 Applications must be changed so that name resolution, socket creation, and other functions are independent of the IP version being 4 IPv6 in the U.S. Market
used. This is done using a dual IP layer, which includes both an IPv4 and IPv6 Internet layer. This is the mechanism used by IPv4/IPv6 nodes allowing communication with either IPv4 and IPv6 nodes. A dual IP layer contains a single implementation of host-to-host layer protocols such as TCP and UDP. All upper layer protocols in a dual IP layer implementation can communicate over IPv4, IPv6, or IPv6 tunneled in IPv4. IPv6 over IPv4 tunneling has some drawbacks, such as slower throughput and greater use of staff time as a result of the requirment to configure tunnel endpoints into the encapsulating node, a tedious and time-consuming process. Update the DNS infrastructure to support IPv6 addresses Reliance on a DNS server is a necessity with IPv6. Upgrading the DNS infrastructure consists of populating the DNS servers with records to support IPv6 name-to-address and address-to-name resolutions. This renumbering process can take a significant amount of time. While this may not be a problem in small networks, on larger networks this process can take hours or even days, resulting in significant downtime. Upgrade routing infrastructure for native IPv6 routing and convert IPv6/IPv4 nodes to IPv6- only nodes IPv4/IPv6 nodes can be upgraded to be IPv6-only nodes. This should be a longterm goal because it will take years for all current IPv4-only network devices to be upgraded to IPv6-only. For those IPv4-only nodes that cannot be upgraded to IPv4/IPv6 or IPv6-only, costly translation gateways must be employed to allow IPv4-only nodes to communicate with IPv6-only nodes. Concluding Thoughts Waiting for the Technology to Mature There is little doubt that IPv6 is here to stay. Eventually, it will have a significant impact on the worldwide telecommunications infrastructure. However, with the majority of allocated IPv4 address space belonging to the U.S. market, technologies readily available to compensate for the diminishing supply of available IPv4 address space, and the significant cost savings associated with maintaining an IPv4 network for the foreseeable future, a transition to IPv6 in the U.S. market is simply not currently justifiable. IPv4 is a mature, well-tested technology, and when implemented properly, it is very secure as well. In the U.S. market, it is apparent that the benefits gained from migrating to IPv6 currently do not outweigh the costs and complications involved in this transition. While IPv6 has been finalized, many experts feel that additional testing is needed to ensure complete interoperability. This involves testing among different manufacturers IPv6 hardware and software, as well as interoperability testing between IPv6 and IPv4 networks. Furthermore, many proposed standards for IPv6 are still awaiting approval. As a result, many vendors have decided to delay providing IPv6 support until the technology has matured and a greater need for IPv6 is present. An ADTRAN White Paper 5
ADTRAN, Inc. Attn: Enterprise Networks 901 Explorer Boulevard Huntsville, AL 35806 P.O. Box 140000 Huntsville, AL 35814-4000 256 963-8000 voice 256 963-8699 fax General Information 800 9ADTRAN info@adtran.com www.adtran.com Pre-Sales Technical Support 800 615-1176 toll-free application.engineer@adtran.com www.adtran.com/support Where to Buy 877 280-8416 toll-free channel.sales@adtran.com www.adtran.com/where2buy About ADTRAN ADTRAN, Inc. is one of the world s most successful network access equipment suppliers, with a 17-year history of profitability and a portfolio of more than 1,300 solutions for use in the last mile of today s telecommunications networks. Widely deployed by carriers and enterprises, ADTRAN solutions enable voice, data, video, and Internet communications across copper, fiber, and wireless network infrastructures. ADTRAN solutions are currently in use by every major domestic service provider and many international ones, as well as by thousands of public, private and governmental organizations worldwide. Post-Sales Technical Support 888 423-8726 support@adtran.com www.adtran.com/support ACES Installation & Maintenance Service 888 874-ACES aces@adtran.com www.adtran.com/support International Inquiries 256 963 8000 voice 256 963-6300 fax international@adtran.com www.adtran.com/international For the regional office nearest you, visit: www.adtran.com/regional ADTRAN is an ISO 9001: 2000 certified supplier. ADTRAN is a TL 9000 3.0 certified supplier. 800 9ADTRAN ADTRAN, Inc. 901 Explorer Boulevard Huntsville, Alabama 35806 P.O. Box 140000 Huntsville, Alabama 35814-4000 256 963-8000 voice 256 963-8004 fax info@adtran.com e-mail www.adtran.com web site ADTRAN, Inc. is an Equal Opportunity Employer committed to utilizing Minority Business Enterprises (MBE), Woman-Owned Business Enterprises (WBE) and Disabled Veteran Business Enterprises (DVBE) whenever possible and practical for procurements supporting ADTRAN and our customers. Copyright 2005 ADTRAN, Inc. All rights reserved. ADTRAN is a registered trademark of ADTRAN, Inc. All other trademarks and registered trademarks are the property of their respective owners. EN697B