News Stay informed about the latest enterprise technology news and product updates.

Update: IPv6 risks may outweigh benefits

Early adopters are transitioning to the next-generation protocol, but evidence -- including a flaw disclosed at this week's Black Hat conference -- suggests IPv6 is a potentially risky change with few benefits.

Update -- Although U.S. government agencies and some companies are moving quickly to adopt IPv6, the benefits offered by the next generation Internet protocol may not be as advantageous as some believe.

Internet Protocol version 6 (IPv6) provides more IP addresses than the currently used version 4. It also supports auto-configuration to help correct a majority of IP's current shortcomings and offers integrated security and mobility features.

Despite these advantages and the protocol's increasing implementation across Asia and the Pacific Rim, the U.S. is just beginning to adopt IPv6.

According to a testimony given by Karen Evans, the Office of Management and Budget's administrator of e-government, the federal government will transition to IPv6 by June 2008.

But the benefits of IPv6 may be exaggerated.

Daniel Golding, a senior analyst with Midvale, Utah-based Burton Group, said IPv6 does offer expanded address space, but U.S. companies will enjoy no direct benefits. There are claims that it enhances quality and security, he said, but there are quality and security features currently available on IPv4 as well.

Golding said "protocol zealots" with a vested interest in the success of the next-generation protocol have the ear of certain government technology officials and are encouraging the push toward IPv6.

Additionally, during a Tuesday presentation at the Black Hat Security Conference in Las Vegas, a researcher revealed how a flaw in Cisco Systems Inc.'s Internetwork Operating Software (IOS) could be exploited in a matter of seconds, using a specifically crafted IPv6 packet, to potentially take down unpatched corporate networks worldwide, or even worse, the entire Internet.

John Pescatore, vice president with the Stamford, Conn.-based Gartner Inc., said this won't be the last vulnerability found in IPv6. "Odds are there will be more people finding vulnerabilities, just as in the early days of TCP/IP when people were finding vulnerabilities in IPv4," Pescatore said. "Anytime there's anything new, there's a high possibility of finding flaws in the implementation."

Bob Hinden, chairman of the Internet Engineering Task Force's IPv6 working group and chief Internet technologist at Mountain View, Calif.-based Nokia Inc., admitted vendors are sponsoring a great deal of marketing activity in the push for IPv6 and the benefits are therefore exaggerated.

He added, "But I do think it's a good thing to encourage the government to do this."

The government is diving into unfamiliar waters with IPv6, Golding said, as many early adopters are not fully aware of all its implications.

"Someone that doesn't really know what's going on has gotten a hold of government technology policy guides and is making headway in the name of advancing technology," he said. "But, in reality, it's not a technological advancement; it's a potentially risky protocol change with very few benefits."

Hinden said government officials aren't IP networking experts, but they are on course.

"They don't run or operate networks," he said. "But I think their basis premise is correct."

There's no risk to deploying IPv6, Hinden added, as it's the same architectural model as IPv4 -- only with a larger pool of addresses.

However, Pescatore said the vulnerability displayed at Black Hat is serious because it gives an attacker the possibility to run any code they want on a Cisco router. He recommended that before implementing an IPv6 product, an organization should research how many patches are available, as they can add significantly to the cost of an implementation.

In terms of address space, while Hinden agreed that IPv4 addresses are being used up, Golding said it's not at the rapid pace others are claiming. According to Golding, the IPv4 address stockpile will last approximately until 2022 or later.

For more information

Check out our white paper on IPv6 conformance and performance testing.

Read our exclusive: IPv6 offers more than extra addresses.

On the contrary, Hinden said, the current allocation rate in the Internet registry is rising and IPv4 addresses will be depleted by the end of this decade.

Hinden said this change to the core protocol is the first transition of its kind. He said there's been a lot of work done on the transition technology so both protocols can run parallel.

Plus, he said, almost all vendors have production code in their products so there's no uncertainty in terms of whether it will work.

In fact, Cray Inc., a Seattle-based supercomputing giant, joined forces with MCI Inc. in April 2005 to test new software for the next-generation Internet.

Cray is the first commercial U.S. customer to publicly announce its usage of MCI's IPv6 overlay network -- routing data between end-hosts on the Net -- that rides on its global IP backbone.

Darren Dehnke, a network engineer at Cray, said it was an easy decision to invest in IPv6 today because of the promise it holds for tomorrow.

Cray is happy with its decision to support the new protocol as the cost of overlaying IPv6 on its existing Internet service was minimal, Dehnke said, and it has not experienced an operational problem because of IPv6 to date.

While Golding said organizations should keep up to date on IPv6 developments and consider developing transition plans, he urged business managers to avoid committing to it, at least for now.

"Unless you're a company in a very specific sector, such as defense, there's no return on an investment," Golding said. "ROI on IPv6 varies between uncertain and none."

Dig Deeper on Network protocols and standards

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.