Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Tuesday, March 29, 2005

IPv6 addresses its problems

Something is happening in IPv6, the next generation Internet Protocol that’s been waiting in the wings for the best part of a decade.

Google has been allocated an address range, marking the start of its permanent presence on the new frontier.  And Microsoft has tried to patent it, surely a rite of passage for any new technology that aspires to be taken seriously.  In the US and Europe, it is still not on many people’s lists of things to worry about.

It promises to relieve the lack of address space in IPv4, replacing a mere four billion addresses with enough to label every atom on the planet, but so far the use of NAT to hide private networks behind a single public address has meant that nobody is hurting too much so far.  It has better security, quality of service and routing, but IPv4 has proved flexible enough to incorporate its own advances here.  These take some managing, so the thought of adding the challenges of an entirely new protocol to the mix—- everyone expects that both versions will have to run concurrently for many years—- will not come easily to those charged with looking after a company’s network.

All that means that ISPs are reluctant to spend the extra money to provide IPv6—- if nobody is prepared to pay more for it, then you’re better off spending on bandwidth, better security and higher reliability.  The Japanese love it: major ISPs such as NTT and IIJ support it, and more are joining in.  That is due to a rather over-generous allocation of IPv4 address ranges to the US accentuating the shortage elsewhere, and an enthusiastic take-up of mobile access and multimedia services in Asia.  When every mobile and fixed phone, television, recording device and games console has its own network address, a household’s need for multiple independent connections to the Internet can overwhelm NAT’s somewhat limited and inflexible support for multiple services running on multiple devices behind the router.

This value is enhanced by the protocol’s other features, such as automatic configuration and understanding of quality of service requirements: at the moment, for example, there are plenty of problems running VoIP telephony through home routers.  As a result of such moves, all the major infrastructure manufacturers have been including IPv6 in routers and other devices for some time—- so ISPs and major customers have been acquiring the capability by default as part of the normal cycle of equipment upgrades.

Behind the scenes, IPv6 has already been rolling out—- and large, specialist networks such as the 33 country European GEANT research system have provided a lot of practical experience in deploying and managing the protocol.  30 out of the 34 Internet exchanges in the European Internet Exchange Association support IPv6, and between them they have 201 IPv6 customer networks—- around 11 percent of the total.,39020505,39192571,00.htm

Posted on 03/29