Are you ignoring IPv6 for the moment, knowing it’s not going to affect you any time soon? I have news for you – you will be significantly affected in the next two months.
It seems that a large fraction of the world is really rather dismissive about the coming of IPv6, which is, after all, the best IPv.
But there are people who are intent on providing a move to the new world, and they’ve geared up to provide a “World IPv6 Day” on which they will be enabling IPv6 on their main sites. (There is an ever-increasing list of participants)
So what is going to happen when some web sites – some big web sites – turn on IPv6 for a day this June? And what will happen when IPv6 is turned on permanently at those sites?
Individual users are probably thinking “someone will make it all work for me” – and some of that is likely true, if you have someone managing your network for you. Your Internet Service Provider will eventually do what they can to provide IPv6 service to your home, and your employer’s IT department is probably thinking in some terms about what to do when they feel like it’s time to deploy IPv6 to the company. But most home routers are not currently able to provide native IPv6 service.
If your cable modem, DSL router, or other entry device is rented to you by the ISP, then you probably have nothing to worry about, they will eventually get replaced to support IPv6, when the ISP is ready to accept IPv6.
If you have bought your own entry device, or other routers (such as a wireless router), you will have to replace it to support IPv6. Don’t run out and get a new router yet – there are no home routers on the market that currently support IPv6 fully – or even enough to consider upgrading for that functionality. Those of us using IPv6 at home are generally using custom software that we have installed, not something the average consumer wants to do.
This means you are stuck on IPv4 for the foreseeable future, although your computer is most likely capable of using IPv6 when connected to a network that supports it. But you will still be affected – see the section below, “For Everyone” for more.
If you’re not already engaged in some form of IPv6 project, you really should be.
If your IT department are telling you that IPv4 addresses have not run out, ask them “then why are we flailing around behind a NAT, and having to write or purchase software that specifically knows how to make its way out and back through a NAT?”
The fact is, IPv4 addresses ran out years ago, and we’re really only in this last couple of years in a situation where we can deploy IPv6 to fix the problem. Operating Systems for desktops and laptops now support IPv6, and usually have it enabled by default; business-class routers and switches are available with IPv6 support built in, and firmware for some not-so-new devices in that class is available to provide IPv6 support.
More than that, though, you have to make sure that you have staff on-hand who are trained to understand IPv6, because training your staff may be the investment that takes the longest to get right. When you read the section “For Everyone” below, consider what the impact will be to your support centres and to your customers when something breaks. Will you have to explain away broken links, images or even broken pages? [Any site that has previously seen broken pages because of inability to download ads should know how this comes about]
If you’re an IT department, you probably have some people on staff who are into new technology – the more they can get, the better. Quite frankly, everyone in an IT department should have something of that feel, or they’re in the wrong team. So, when you get management approval to start down the IPv6 road, it should be a simple matter of asking “who wants it?” and letting people sign up to work on learning the new technology and finding the solutions. Ideally, when your management asks “who’s the IPv6 guy”, you’ll be able to point him out right away.
You should obviously consider a staged roll-out of IPv6 technology, starting with internal networking, to make sure you have an infrastructure that supports it, and only later considering allowing incoming IPv6 to connect to your web site, or to other externally-facing systems.
As a part of enabling routing, make sure that you match, in your IPv6 environment, the protections you already have for IPv4. Do not try to match feature-for-feature, because of features like NAPT, where there is some accidental / incidental security protection from a feature that is essentially unavailable in IPv6. Match protection-for-protection – an IPv4 NAT’s security protection is that it is a firewall with no holes punched in it. So, its IPv6 equivalent protection is a default-deny firewall.
Consider grouping servers into subnets or address ranges based on their use, so that you can configure your firewall using contiguous ranges, rather than individual address assignments. This will make your IPv6 firewall fast – perhaps faster than when operating on its IPv4 rules – and simple.
When external sites turn on IPv6, and start resolving their site names to IPv6 addresses as well as IPv4, there will be some users who have poorly-configured IPv6 installations. Their DNS name servers will say “here’s an IPv6 address”, their operating system and web browser will say “I understand IPv6, so let’s connect to that address!”, and some portion of their network will say “huh? What is this, the future or something? I’m still wearing shoulder-pads and leg-warmers and watching Dynasty, because it’s been the 1980s for the last several decades!”
What that user will see is that the IPv6-capable web site just dropped off the Internet. At best, it may simply cause a long delay (several seconds) in reaching the site, as the browser tries – and fails – to connect to IPv6, and then switches to IPv4. At worst, it will cause the big red X to appear, and sites to fail to load completely, as the browser (or other client software) gives up.
Fine, so maybe all this means is that those sites who take part in World IPv6 Day will drop off the Internet for a day, to some of their users, and then the next day all will be just perfect.
You see, with “Web 2.0”, everything’s mashed up and interconnected. Google’s everywhere. So are some of the other participants in World IPv6 Day. Each one of those sites being unreachable could affect your favourite mashups, whether you are consumer or service provider. And what is an advertising-laden website if not a mashup of its advertising and its content?
Businesses – what if your adverts fail to load? What about that mapping site you use? Is your technical support ready for an estimated 0.1% of your customers calling in with failures on your site?
Consumers – are you ready to take these errors as a sign that you need to fix your network, or to bug your ISP, or are you going to insist, wrongly, that the problem is with the web sites participating in World IPv6 Day? At least, will you accept that these errors are a necessary part of learning how to move to IPv6?
ISPs – even if you have no plans for IPv6, are you ready for the technical support requests from people who have errors connecting to an IPv6-supporting site?
Quitting, or refusing to take part in the move to IPv6, is not an option. IPv6 will roll out. World IPv6 Day is only the FIRST of many shake-outs that will happen, as sites increasingly add support for IPv6 to their existing IPv4 lineup.
For a preview of what will happen to your machine, try connecting to a system that supports IPv6 and IPv4. The usual example is http://www.kame.net – it displays a picture of a turtle. The turtle dances for IPv6 users, and sits there doing nothing for IPv4 users (although your browser may choose to display the IPv4 version as its default even if you support IPv6).
If you are one of those rare individuals in an IPv6-capable network island that is unreachable by the IPv6 Internet, you will see an error.
Sadly, with new organisations joining World IPv6 Day every day, you can’t really predict what exactly will break – but you can predict how some of it will break, and train your staff to handle this, whether it is by deploying changes, or simply handling support calls.
I’d love to know what effects you’ve anticipated will come on World IPv6 Day, and what work you’ve done to mitigate these issues.