A lot has changed in the world of the internet since 2012, when adoption of IPv6 protocol was still nascent. Since then, billions of devices have become connected. The constellation of machine-to-machine connections has morphed into the Internet of Things. Indeed, according to Gartner, there will be 8.4 billion connected devices in use worldwide this year, up 31 percent from 2016, and that figure will reach 20.4 billion by 2020.
Internet Protocol version six (IPv6) is the way that internet communication will be handled for the foreseeable future, since it supports vastly more IP addresses than IPv4. It’s also more secure than IPv4, so it not only supports greater growth for companies looking to connect more devices but ensures that growth will be secure.
Although IPv6 is more efficient, companies need to ensure their infrastructures are ready to support it. The transition period can expose security gaps, so companies should not enable IPv6 until they are fully prepared.
“IPv6 was developed by the Internet Engineering Task Force (IETF) to replace IPv4,” Sophos notes. “Launched in 1998, the main and most obvious feature of IPv6 is extending IP addresses from 32 bits to 128 bits, allowing for more growth in the future and relief for the shrinking number of available network addresses.”
Because it limited addresses to 32 bits, IPv4 only allowed for roughly 4.3 billion IP addresses. As Cisco Systems notes in a post, those addresses “were completely allocated to specific geographic regions on February 3, 2011.” By contrast, IPv6 “offers a significantly larger pool of addresses by using 128-bit addresses: 340 undecillion (3.4×1038),” Sophos adds.
Beyond the fact that IPv4 addresses have simply run out, there are numerous benefits businesses can gain by switching to IPv6, notes Mark Dargin, a network and security engineer currently with GE Healthcare’s customer technology and cloud services team, in a Network World post.
First off, the IPv6 protocol handles packets more efficiently than IPv4. “IPv4 has a checksum that is calculated at every router hop,” Dargin notes. “This calculation is not used in IPv6. The time that routers previously spent checking packet integrity can now be used to move the data forward. This can help improve application performance across a network.”
Additionally, as Network Computing notes, IPv6 “reduces the size of routing tables and makes routing more efficient and hierarchical.” IPv6 allows internet service providers to “aggregate the prefixes of their customers’ networks into a single prefix and announce this one prefix to the IPv6 Internet.” And, in IPv6 networks, “fragmentation is handled by the source device, rather than the router, using a protocol for discovery of the path’s maximum transmission unit.”
Instead of broadcast communication in IPv4, IPv6 uses multicast address routing, Dargin says, which “enables bandwidth-intensive traffic to simultaneously be sent to multiple destinations” so that “disinterested hosts do not have to process broadcast packets.” As a result, there is less traffic on a local network, which can alleviate network congestion, he says.
The IPv6 protocol also allows for innovative services. “By eliminating Network Address Translation (NAT), true end-to-end connectivity at the IP layer is restored, enabling new and valuable services,” Network Computing notes. This improved connectivity makes it easier to maintain peer-to-peer networks and strengthens services like Voice over IP and Quality of Service.
Perhaps above all, IPv6 is more secure than IPv4. Sophos notes that not only can IPv6 run end-to-end encryption, but the encryption and integrity-checking used in current virtual private networks is a standard component in IPv6 that’s “available for all connections and supported by all compatible devices and systems.” This should make man-in-the-middle attacks “significantly more difficult,” the security company notes.
Further, IPv6 makes the use of IP Security mandatory, the InfoSec Institute notes. “IPSec consists of a set of cryptographic protocols designed to provide security in data communications,” with protocols that enable authentication, data integrity and confidentiality.
As a result of all of these protocol improvements, more companies have adopted IPv6. Google reports that roughly 17 percent of internet traffic is running on IPv6, up from about 10 percent in January 2016.
What do you need to know before migrating to IPv6? Here are some key considerations:
Sophos echoes that advice and notes that IT teams are guaranteed to run into problems if they try to deploy IPv6 the same way they did IPv4. “IT administrators must learn a whole new approach to networking, from simple network troubleshooting to configuring firewalls and monitoring security logs,” Sophos says. “There are many opportunities for confusion and mistakes.”
Sophos notes that it has already seen widespread malware with IPv6-based command-and-control capabilities. “So if your server enables IPv6 by default but your firewall doesn’t, which may be the case for many, we’ll all inevitably see more abuse for malicious ends,” the company adds.
Further, Sophos says that companies should be cautious about network tunneling during the transition period. “Tunnels provide vital connectivity between IPv4 and IPv6 components or enable partial IPv6 in parts of your network still based on IPv4, but they can also introduce security risks,” the firm says. “Keep tunnels to a minimum and use only where absolutely necessary. Carefully check the setup of ‘automatic tunneling’ tools. Traffic tunneling will also make network security systems less likely to identify attacks.”