June 7, 2011 By Matt Williams
Wednesday’s 24-hour worldwide test of IPv6, the next-generation Internet addressing standard, is sure to yield valuable data and some unexpected results. Government agencies and other public entities that are participating in World IPv6 Day could also see some effects, such as citizens who have trouble accessing public-facing websites.
But fear not. The transition to IPv6 — Internet protocol version 6 — will likely take several years, if not a decade. There’s still time to prepare for the new 128-bit standard, which will support trillions of unique IP addresses. In February, the Internet Corp. for Assigned Names and Numbers, one of the nonprofits that coordinate IP distribution, announced all IPv4 addresses had been distributed and that IPv6 would be the new standard going forward.
The test on June 8 is a starting point. Google, Facebook and other online heavyweight have publicly committed that they will participate, as will several federal agencies and a few municipal governments and universities.
“We want to find holes,” said Timothy Winters, who studies IPv6 as senior manager of the University of New Hampshire InterOperability Laboratory, which tests data communications technology. “If the day goes perfectly that’s great, but I fully suspect that we’re going to find issues — and I hope we do because then we can solve them.” Better to deal with problems now than during a full-scale deployment down the road, he said.
What might happen? One possibility is that a website visitor coming in through an IPv6-aware device might get a timeout notice and be unable to access content on a website that’s supporting IPv6 — if the user’s device or router is misconfigured or their Internet service provider isn’t supporting v6. “That’s the real disaster scenario because what happens is your packets are going nowhere,” Winters said. A firewall will eat those data packets up.
For the government agencies that are testing IPv6-enabled websites Wednesday, that could mean at least a few citizens won’t be able to get to a government webpage. Rob Barnes, a division manager in Fresno, Calif.’s IT department, said he has read that about 1 percent of website users could fall into this “black hole” situation. Last month the Fresno city government set up a test page in anticipation of the test. If incoming IPv6 traffic proves to be significant, the city might have to begin considering how to support IPv6 full time, he said. The city is will also have 20 workstations running IPv6 on June 8 so that staff also can start testing outside websites
The test will give enterprises and website operators a good look for the first time at how many Internet users could use IPv6 if it were turned on everywhere.
Cyber-security will also be examined. During the past few days, there have been rumblings that the test has taken a level of significance with high-profile hackers, said Carl Herberger, vice president of security solutions at Radware. He said he's concerned about the possibility of a significant security breach related to the test event. While the security industry backs the new standard, Herberger said, there are vulnerabilities that have yet to be addressed. One issue is that IPv6 is a "heavy" protocol that requires four times the processing power, which in effect makes it a force multiplier for those attempting denial-of-service attacks.
Other potential problems that could crop up, Winters said, are server load balancing issues for IPv4 versus IPv6 traffic as well as the discovery of consumer-level routers — the kind available at electronics stores —that advertise they’re IPv6 -enabled but really aren’t or do poorly.
Government agencies, in particular, should be thinking about identifying their legacy systems that can only communicate over IPv4, and formulating plans to bring them onto v6, Winters said. He said this can be done in one of two ways: translating existing v4 addresses to IPv6, or tunneling them over a v4 connection. Also, governments (and all organizations) should be only buying hardware that supports the new standard, he said.
Participants in World IPv6 day are eager to see what the day will bring. More than 400 entities have publicly announced they are onboard. N.C. State has obtained a significant amount of IPv6 address space and already is running a Cisco dual stack, according to William Brockelsby, the university’s lead network architect. Testing on Wednesday will be confined to a lab rather than the university’s entire network
Ed Furia, network design engineer at Indiana University, isn’t expecting too many problems. The school has been running a dual-stack wired network for the past eight years for research purposes, and internal users are running completely on IPv6. But the university’s public-facing applications and websites were brought onto v6 only recently.
Winters said governments still operating exclusively on IPv4 won’t see much difference on Wednesday. But there still could be a few hidden problems. Some agencies might not be supporting IPv6 today on the up connection, he said, but many of them have some equipment on their network that supports the new standard. If you don’t turn off that functionality, it could lead to network problems.
More will be known Wednesday. “I’m sure there are other issues we’re just not aware of,” Winters said.
You may use or reference this story with attribution and a link to