Wouldn’t it be nice to only have one Internet Protocol in your campus or datacenter to operate? Eschewing IPv4 for an IPv6-only network achieves this goal and brings the promise of simplicity, scalability, and a greatly reduced security surface—not to mention possible performance benefits. This is exactly what many leaders in the industry have been doing. They are deploying IPv6-only networks. But are you ready to take this step? And if so, what are the recommendations from early adopters?
In 2017 I published a whitepaper that focused on the rather new trend (at the time) of deploying IPv6-only networks (https://www.linkedin.com/pulse/ipv6-deployment-evolution-ipv6-only-networks-cody-christman/). I will look back to that article in this blog and follow up with pioneers in this space to uncover how their efforts have progressed over the past few years–especially now that they have greater operational experience in their undertaking. I recently met with T-Mobile, LinkedIn, and Ungleich Glarus AG to discuss lessons learned and best practices from their deployments, which will ultimately assist you in your efforts if (and when) you choose to follow in their footsteps.
In April of 2017, the North American IPv6 Task Force held a summit hosted by LinkedIn at their Sunnyvale, California campus. It featured two days of renowned speakers and panelists and an eager crowd of network enthusiasts. As the conference progressed, a clear pattern in the content started to emerge. Numerous presenters were discussing how their companies were rolling out, or had already deployed, IPv6-only networks. This included Cisco, LinkedIn, Microsoft, and T-Mobile. It was clear there was a shift in industry thinking with respect to IPv6 implementation models from dual-stack to IPv6-only. This prompted me to author the 2017 whitepaper, which summarized this topic for those who weren’t able to attend the conference in person.
The whitepaper pointed out that certain industry segments had been driving IPv6 adoption, which includes mobile/cellular carriers, broadband service providers, large multinationals, and social media companies. The business drivers varied, but typically revolved around performance, scalability, simplicity, and address scarcity.
This proliferation of IPv6 adoption led to the evolution of transition and deployment models. In the late 1990s, IPv6 existed in pockets and tunneling was widely deployed to interconnect network islands. In the early 2000s, service providers started to support IPv6 for transport, which enabled new IPv6 deployment scenarios. Thereafter, industry experts recommended the following approach, “dual stack where you can, tunnel where you must.” Given the present state of adoption and lessons learned, expert opinion has morphed. The current consensus, which came up several times during the Sunnyvale conference, is “IPv6-only where you can, dual stack where you must.”
At that time, the percentage of IPv6 traffic on the US Internet, as measured by Google, was just over 33%. (It currently exceeds 44%.) Though this value is significant, the percentage of IPv6 traffic transmitted and received by dual-stack hosts is significantly greater. Mobile carriers and broadband providers consistently report that in excess of 70% of their traffic to dual stack endpoints flows over IPv6. (In this case, “dual-stack” may also include IPv6-only endpoints that can reach IPv4 content via DNS64-NAT64.) There are multiple reasons for the preponderance of IPv6 traffic. First, dual-stack endpoints by default prefer IPv6 content over IPv4. Second, from the content side, the majority of top U.S. and global web sites support IPv6. Another way to interpret Google and carrier metrics is that legacy IPv4-only endpoints are still holding down global IPv6 traffic averages.
This shift represented a turning point in network architecture thinking. The whitepaper made a case for IPv6-only networks and concluded with a list of tradeoffs as well as practical recommendations for organizations deploying them.
Fast Forward to Today…
So, what can be learned from these early IPv6-only deployments? Let’s discuss best practices and lessons learned from the industry leaders that were some of the first to make the evolutionary step.
Ungleich Glarus and their IPv6-only Datacenter Service
The Swiss company Ungleich Glarus AG (Ungleich is German for “unequaled” and Glarus is the canton/region where they are located) is a Platform as a Service (PaaS) provider that has been a trailblazer in IPv6 deployments. They offer dual-stack and IPv6-only services out of their alpine datacenter, but their flagship is their native IPv6 product. In general, Ungleich provides a platform, for example NodeJS, Django or Ruby on Rails, and their customers develop and manage applications leveraging these tools. As noted, they offer dual-stack and IPv6-only services. However, the cost for their dual-stack platform is higher, reflecting the added expense needed to include IPv4 on those servers.
I recently met with CEO Nico Schottelius, who was kind enough to provide some background on their offering and supply recommendations for others deploying IPv6.
Originally, Ungleich Glarus was a Linux consulting company that was agnostic to the hosting platform used by their customers. Nico noted that in 2016, however, they decided to broaden their portfolio and build their own datacenter. As with any major undertaking, architectural decisions were required based on tradeoffs, including their IP framework. Ungleich ultimately decided to focus on IPv6 rather than IPv4. The two primary drivers for deploying IPv6 were address scarcity and sustainability. RIPE had already depleted their free pool and Nico’s company only had 4,000 public IPv4 addresses at their disposal – not enough for any significant future growth. When asked about purchasing IPv4 addresses on the gray market, Nico noted such a practice would increase their cost of doing business, and ultimately not be sustainable.
Sustainability is an important principle not only for Nico and his company, but also for their client base, which tends to be environmentally conscious. In this case, IP address sustainability coexists with other environmentally friendly practices. Their datacenter is fully powered by renewable energy. And to minimize power consumption, servers are sparsely deployed at four square meters (43 square feet) per device. This low density is made possible because Ungleich reused a large, defunct textile factory for their datacenter, leaving plenty of room to spread servers out. From a green perspective, this design eliminates the need for energy consuming cooling facilities. Thus, a sustainably powered datacenter along with a sustainable Internet protocol.
As with any network design there can be challenges and building an IPv6-only datacenter is no exception. Per Nico, their product attracts an innovative client base and early adopters. Though IPv6 is suitable for most needs, some customers have requested access to their IPv6-only hosts from the legacy Internet. To accommodate these use cases, HAproxy, an open source, high-availability server load balancer, and NAT64 were implemented to allow IPv4 communication with IPv6-only hosts.
Other hurdles needed to be overcome around tooling. For example, it is known that FTP does not work well through NAT64. Instead of trying to implement an ALG to coax FTP to function, Nico simply recommends SFTP, which is a superior tool that works seamlessly in this environment. A simple workaround that includes a security upgrade!
Some tools like the web hosting management portal Ungleich was using supported IPv6, but not natively. (It still required IPv4 in some areas.) So Ungleich looked into another platform that performed the same function but did not require IPv4 to operate. Nico states, “Don’t get bogged down in legacy software and tools–if a required application does not support native IPv6, find a modern replacement.” This is an example of yet another way to circumvent an IPv6 support problem.
Nico notes that time has mended some of their problems. For example, NodeJS and Kubernetes–originally deficient in IPv6–now have better IPv6 support. And if other open source projects lack compatibility, he and his team are not afraid to dig into their code and hack around to make them work. He pointed out that the Germans and Swiss have a penchant for tinkering. It is obvious talking to Nico that he is passionate about IPv6 despite periodic challenges. He states, “Running an IPv6-only business brings the fun back to networking.”
Below is a summary of IPv6-only benefits and lessons learned with recommendations from Ungleich Glarus.
|IPv6-Only Lessons Learned and Recommendations||IPv6-Only Benefits|
|Focus on IPv6 because IPv4 deployments are neither scalable nor sustainable||Network complexity significantly reduced|
|Find a work around when needed–for example, if FTP does not work across NAT64, use SFTP||Allows Ungleich Glarus to offer a less expensive service|
|Do not get bogged down in legacy software and tools–if a required application does not support native IPv6, find a modern replacement||Scalability and sustainability|
|Time mends problems–IPv6-only in 2021 is easier than 2016 and 2025 will be better than 2021||This is where the Internet is going; you are ready for the future today|
|Do not be afraid to tinker with open source code and fix bugs|
|IPv6 brings the fun back to networking|
That’s it for part one. Next time we will get additional insight from LinkedIn and T-Mobile, and tie all of this information together. Thanks for reading and stay tuned!