Imagine the scenario: too many people, not enough places for them to live. Chaos. Well, this is what's happening in the digital world.
Every device that has access to the internet is registered to a unique IP address. This is used for identification and enables the devices to communicate. However, due to the exponential growth of the online world, these addresses are rapidly running out.
Originally, the IPv4 specification catered for just over four billion addresses. No one imagined there would be anywhere near the need for this many addresses, and initially IP blocks were distributed in a somewhat blasé fashion using a hopelessly inefficient methodology. Many organisations were allocated huge blocks of addresses, much more than they needed, and consequently in the early years of the internet the available pool was artificially depleted much more quickly than would have otherwise been the case.
Eventually it was realised that this method of distribution wouldn't last long, and a more efficient system was deployed. This helped somewhat, as did the addition of Network Address Translation (effectively hiding a large private network behind a single public address). These mechanisms worked well to prolong the inevitable depletion of the address space. However, with over seven billion people on the planet, IPv4 is pretty much now exhausted, with several internet regional authorities reporting they have effectively run out.
The American Registry for Internet Numbers (ARIN) issued the final IPv4 addresses from its free pool in September 2015, and in the EU, RIPE (Réseaux IP Européens) isn't far behind.
Enter IPv6 – developed by the Internet Engineering Task Force to deal with the problem of IPv4 address exhaustion. In comparison to the old IP addresses, there are 3.4 x 10^38 IPv6 addresses, or 340 “undecillion”.
Although there is still a small number of IPv4 addresses available, there is increasing urgency for businesses to prepare for when they are no longer obtainable. The move to IPv6 comes with plenty of benefits, including increased mobility, better security and more manageable architecture. Technology goliaths, like Cisco, Apple, and Microsoft, are already making sure their devices come IPv6-ready, helping to prepare businesses. However, in order to guarantee a smooth transition, organisations need to ensure that they reconfigure their network infrastructure and know how their WAN and internet service providers will support IPv6.
Although the move to IPv6 is inevitable for businesses, the shift comes with multiple benefits. Many of the inherent security issues of IPv4 have been addressed in IPv6. For example, IPSec is now built into the IPv6 specification. It's a mandatory requirement for all implementations of IPv6, and simplifies the ability to create encrypted networks and avoid man-in-the-middle type attacks. The sheer number of IPv6 addresses also helps with security. Currently, it takes about 10 hours to scan the whole internet for vulnerabilities. It would take approximately 30 billion years to scan the entire IPv6 table, running through a million addresses per second – I don't know about you, but I have better things to do.
Not only does IPv6 provide security benefits, it also offers automatic configuration. Referred to as plug-and-play auto-configuration, these capabilities are far superior to the current IPv4 offering. There is no need for a Dynamic Host Configuration (DHCP) server, as IPv6 will use the Media Access Control (MAC) address to create a "link-local" address, which enables it to immediately communicate with all devices on the local subnet. This feature allows routers to easily auto-configure their interfaces and can be used effectively in broadband access networks to dynamically provide customer gateways.
It's not all good news. IPv6 does provide some security pitfalls, as some ISPs have deployed IPv6 networks layer over their existing networks in a “dual stack” design, only to forget to properly lock down IPv6 access to core infrastructure leaving networks wide open to hackers. By far the biggest security threat at the moment is lack of training and planning. Some design weaknesses are also emerging. IPv6 by design does it's best to remove the need for fragmentation by insisting on end-to-end MTU path discovery. However, by purposefully fragmenting IPv6 packets intruders can bypass many security mechanisms. These issues will undoubtedly be plugged, but IPv6 is certainly not a foolproof architecture.
There is no doubt that the internet is vital for modern businesses. IPv6 has been slow on the uptake, but the tide is turning. More and more businesses are making the move. It's important that organisations of all sizes are able to address these challenges and formulate a plan of action sooner rather than later.
Contributed by Simon Chamberlain, chief technical officer, LDeX Group