If you aren’t in the technical arena, you may have not realized that we are out of addresses for the current protocol used on the Internet. Even if you are in a technology role, it is likely that you may have missed the news as well. It was earlier last week that the final addresses were allocated to the regional registiess by ICANN, Internet Corporation for Assigned Names and Numbers. So what does it mean for your business, your customers and your corporate network? This blog post is an attempt to help understand the issues and answer those questions. While the so called IPocalypse is here, the Internet is not over. We all just need to understand the issues and plan for the future.
The first thing that I should clarify is what exactly happened last week when ICANN issued the last addresses. To better understand this, we must first understand the hierarchy of the IP address allocation system. ICANN is the highest level body overseeing the management and allocation of IP Addresses (as well other things). ICANN allocates IP addresses to Regional Internet Registries or RIR’s. If you have a networking or technical background you may recognize some or all of the following RIR’s: ARIN, AfriNIC, RIPE, APNIC, and LACNIC. It is these RIR’s that would allocate IP addresses to ISP’s and enterprises that require or desire a provider independent address space. Smaller organizations, or organizations that do not require provider independent addressing, may just use IP addressing that is a sub allocation of an ISP (Internet Service Provider).
Since it is only at the ICANN level of the hierarchy that we are out of IP addresses, there are addresses still available at the RIR level (ARIN, AfriNIC, RIPE, etc). Additionally, ISPs still have addresses in reserve as well. So the IPocalypse is not a moment in time that the Internet will come to an apocalyptic end. Rather it marks a threshold that we have reached and reinforces the fact that we will eventually run out of IP addresses. The timing of the depletion at the RIR and at the ISP level is what is still debatable. Obviously, this can be estimated based on the current allocation rate. However, we cannot account for more aggressive use of technologies such as address translation that may occur as things tighten up in the near future. These could possibly push the depletion dates a little further into the future.
Image Source — Potaroo
As you can see, we have a bit of a dilemma. The current Internet Protocol, IPv4, addresses are quickly becoming extinct. The solution to this dilemma is a new Internet Protocol called IPv6. Even though this protocol is fifteen years old, it has not yet been widely adopted. From a technical and a business viability perspective, we know that adoption rate must reach a tipping point for it to be widely deployed. IPv6 deployment is sort of a chicken and egg proposition. Until service providers provide IPv6 connectivity there are a few, less than attractive, options for connecting to an IPv6 Internet. Once service providers provide IPv6 connectivity universally, there are still adoption concerns. Until content providers universally provide IPv6 connectivity, clients will continue to need an IPv4 address to reach hosts that have yet to receive IPv6 connectivity or configuration. It is the client segment, especially the mobile segment, that is the most aggressive area of growth and is consuming many of the IPv4 addresses. As an industry, no one knows the exact timeline to reach the complete exhaustion of the current Internet Protocol or the timeline to IPv6 Tipping point,
Back to the topic of this article, what does this mean for my business? What IPv4 depletion and the impending transition to IPv6 means for businesses is that they must prepare for an unknown timeline. From a technical standpoint, there are several translation mechanisms that network engineers should be familiarizing themselves with. Beyond the technical deployment challenges, businesses should be thinking about the capabilities of network equipment that they are purchasing. For example, does that new firewall, layer 3 switch or intrusion prevention appliance support IPv6. How about the two, three or five year contract you might be considering with an Internet Service Provider? Does it have an SLA that covers IPv6? Are you restricting IPv6 on your LAN using a protocol filter? If not, you may be using IPv6 locally and not even know it. Does your Network IPS Appliance look at IPv6 traffic?
Components that should be validated for IPv6 compatibility:
- Layer 3 Switches
- Networking Admission Control (NAC) Devices
- Security Information Event Management (SIEM)
- Host Operating Systems
- Domain Name Servers (DNS)
- VPN Devices
IPv6 is not overly complicated or new. It is just different, and unfortunately incompatible with the previous version of the IP protocol. I think businesses need to recognize the fact that they will likely find themselves in an IPv4 to IPv6 transition process in the not too distant future. As such, a prudent approach is to make sure that all future purchases have the ability to work with IPv6. Alternatively, these new products should at least be readily upgradeable to allow this functionality. Additionally, all new contracts for connectivity should take into consideration current or future capabilities. For example, when negotiating an Internet circuit or certain types of MPLS connections, IPv6 should be considered. Also when deploying IPv6, it is important to consider the new security implications that are inherit to the new protocol. Technology departments need to be educating themselves and planning a strategy that supports the business needs while providing connectivity for clients and online content to customers.