IPv6 Misinformation vs. Good Information

At Command Information, we hear a lot of hype and misinformation about what people think IPv6 is. Any time we start off a class, conference, sales pitch, or new client project, we try to plainly educate people on “what is IPv6″, and as our SVP Stephen Oronte says, “What IPv6 ain’t”. Now that 2008 is here, and lots of US Federal Government and DoD customers will be switching on IPv6 and carrying out pilots, lets define what IPv6 is, and what its not:

• -IPv6 is an upgrade to the next generation of the Internet Protocol to add better scalability & flexibility and a way to add new features in a standardized manner. We upgraded the ARPANet/Internet from Net Congestion Protocol (NCP) to IPv4 in the early 1980s for the same reasons. Now IPv6 is the upgrade to support the next 100 years of operation.  
• -IPv6 is not a replacement for the Internet as we know it. IPv6 is the Internet - just with some new capabilities. The v4 based parts and the v6 based parts of the Internet will coexist for years while we migrate and they merge. IPv6 was designed with 20+ years of experience with IPv4 and contains all of the upgrades the IETF engineers wish they had thought of back in the ’70s when they designed IPv4 to support the early ARPANet/Internet.
• -IPv4 addresses are running out: The big blocks of IPv4 addresses that are assigned by Internet Assigned Number Authority (IANA) will be exhausted around 2010. After that, regional authorities like the American Registry for Internet Numbers (ARIN) will have about a one year supply to hand out to ISPs, wireless carriers, governments, and major corporations when they launch a new service. Once those are gone, the fun starts as we must manage the old address blocks better, and  split the old address blocks more - - causing more routing fragmentation and performance issues.
• -IPv4 address exhaustion is not a Y2K: Its more like running out of oil. In the case of oil, we know we need to change, and in the long run it will be cheaper and more secure to change, but we have a lot of old infrastructure and old ways of operating. Change will come. We don’t ‘hit the wall’ when IPv4 addresses demand outstrips supply in the 2010-2011, we just accelerate the change to IPv6. The Internet won’t fail when ‘addresses run out’ but it will be increasingly painful to operate many sections of the IPv4 Internet, and especially hard to launch new innovative services. How painful will this be? No one knows really for sure, but an ounce of prevention equals a pound of cure.
• -IPv6 is autoconfiguration: Well, IPv6 comes with a great version of ’stateless autoconfiguration’ which is a great way to automate setup of certain parts of your network infrastructure. Since all IPv6 devices can ‘autoconfigure’ with a router and with each other, they can automatically find their local neighbors and routers and establish the ability to communicate over Internet Protocol if they are attached to the same type of network (Ethernet, WiFi, WiMax) and that network is configured properly.
• -IPv6 is not complete ‘plug and play’: Devices do not just automatically self configure and talk just because two IPv6 laptops, smartphone handsets, sensors, etc… are close to each other. Other things have to be set up, such as wireless channel settings, security keys, and information still has to be configured about the applications and services available on the network. However - we can easily build a great deal of Zero Configuration (ZeroConf) framework on top of the excellent multicast and peer-to-peer (P2P) features of IPv6 so we can automate setup of almost everything in a network application. IPv6 isn’t complete ‘plug and play’ but its a great enabler for better ‘plug and play’ as we’ve demonstrated  - - come see and we’ll show you how to reduce your future integration costs.
• -IPv6 is going to change your security: Its time to deal with the fact that a new version of the Internet is here and is operating in our computers, smart phones, routers, and consumer electronics. All organizations need to develop proper security procedures, IA certification and accreditation (FISMA, DIACAP, etc), and ACTUALLY ENFORCE them, or you will find unplanned IPv6 networks, possibly malicious,  in your enterprise environment. A little IPv6 security training, consulting, and proper security posture goes a long way. If you have any question if ‘bad guys’ know about IPv6, ask to see a demo of how ‘white hat’ hackers can penetrate an ‘IPv4-only’ network with IPv6 - - and yes, it is trivial to protect against these attacks if you know how.
• -IPv6 is not the solution to Internet security: Yes, IPv6 comes bundled with a great implementation of IPsec - and you will eventually be able to architect improved end-to-end security with that - when it is widely enough adopted. IPv6 does not solve all your other security problems, like bad passwords, open firewalls, open wireless access, or sloppy enforcement of a security policy. You need a security policy AND ACTUAL RIGOROUS ENFORCEMENT to have better security. IPv6 networks are no more or less secure - they are just a bigger set of tools for both sides of the attack/defend cycle. Leverage our experts, with actual operational experience building, securing, and penetrating IPv6 networks, to help develop your IA plan.
• -IPv6 is here today: You would be hard pressed to buy a modern desktop or laptop computer, Unix or MS Windows based smartphone, router, server, WWW server, firewall, etc.  that doesn’t have support for IPv6. Its been in these devices for the last few years. Now many devices come with IPv6 on, and autoconfiguring itself by default. In almost every class of
  Enterprise application, there are IPv6 versions by major vendors like IBM, Microsoft, HP, Apple. You’ve been accidentally ‘buying some IPv6′ during your regular tech refresh, but we can advise you on how to assure you are buying the whole package at minimal cost. How does it sound to position yourself for a major tech evolution at an incredibly reasonable cost?
• -IPv6 is not expensive to turn on today: You’re trying to determine the ROI from an expensive ‘tech transition’ to IPv6 but you already have the technology - - you just need some expert help to turn it on, secure it, and start to leverage it. We helped our client Bechtel Corporation with their IPv6 implementation, and they are to about 70% of all desktops/servers/networks running IPv6 at a cost of less than 1% of their IT budget. We are at the point now where we are helping them determine the new applications we can enable with IPv6 sensors, asset tracking, P2P collaboration. Look at Bechtel and think, whats your plan? Lead, follow them, or wait till it becomes mission critical?

So - armed with a bit of good information, you have a choice to make - begin IPv6 integration because of a mandate or because others are doing it; or install it because you want future-proof infrastructure, you want to enhance your security posture to cover all your bases, or you want to pilot new applications ready to leverage the change.