IPv6 adoption is picking up the pace and some analysts consider 2016 as the year we pass the shoulder on the hockey stick graph. But the fact is, adoption at the enterprise level is lagging behind. And the US is way ahead. In Europe IPv4 is very much alive, but in the US obsolescence has begun to set in and the protocol is well on its way to the garbage dump.
A couple of years ago, this seemed a most urgent concern. IPv4 uses 32-bit addresses, which in turn dictates a finite amount of 4 294 867 296 IP addresses. And with the ever expanding Internet and the multitude of connected Internet of Things (IoT) devices coming our way, space was running out fast.
But adoption of IPv6, the protocol named successor to IPv4, did not proceed at the rapid rate most of us expected. Solutions like Network Address Translation and Port Address Translation reduced the demand for new address space and therefore the need for a new protocol. Highly sought after features of IPv6, like IPsec, have also been ported and made available on IPv4.
This has made the issue of IPv6 transitioning perhaps a little less pressing. But the premise remains the same: IPv6 is coming – we’ve seen it in the US and it’s definitely in the cards for the rest of the world as well.
In this regard, there’s not much of a difference between Europe and the US. The Internet of Things and associated machine-to-machine communications, as well as the evolution of 5G, will close that gap even further.
What I have found, from meeting different organizations, is that they all try to tread the IPv6 path as carefully as they possibly can. Some new services are in fact crafted around IPv6, but more often than not, there’s no real transition in place. That’s what we need to realise. IPv6 is still coming and since we know we’ll need to transition anyway, we better do it. And do it without hesitation.
IPv6 and new network technologies bring about huge opportunities for many businesses. But there’s no denying that there are challenges here as well.
Building for the future and at the same time supporting and sustaining the legacy is a challenge, especially from a cost perspective. But another important, and sometimes strangely overlooked, factor in the transition is the fact that IPv6 has 128-bit addresses and allows for DNS packets about triple the size over TCP/UDP compared to IPv4. That in turn allows for far more efficient misuse of compromised networks for infiltration purposes as well as the illicit exfiltration of data.
IPv6 is slowly closing in on us and we need real-time information and analysis of the contents of DNS traffic on our networks. We need to be able to act on that information, both manually and automatically to avoid having DNS exploited for criminal gains.
But some things remains the same. With IPv6 we still need to maintain current assumptions that everything on the network is vulnerable. And we need to recognise that building and maintaining a secure DNS infrastructure is a crucial part of any proactive stance on network security.
IPv6 is coming. Again. Are you prepared?