About a year ago, my fellow SolarWinds head geek, the late Lawrence Garvin, wrote about the apparent scarcity of...
IPv4 addresses. He said, "We're not running out; they're not all in use. It's just that some organizations have no more addresses to allocate to subordinate organizations. More significantly, I submit that this is an artificial shortage of addresses caused more by the mismanagement of their allocation than by scarcity."
Not a week later, John Curran, president and CEO of the American Registry for Internet Numbers, responded. He said, "That's simply not true, and I'm here to tell you why … the U.S., Canada and much of the Caribbean will deplete its remaining pool of unassigned IPv4 addresses in the very near future. The numbers are what they are. Available space is running out, and the number of IPv4 addresses available in this region will reach zero soon."
Meaning no disrespect to my colleague, he was wrong on this one, and Curran was absolutely correct; it's time for every IT-savvy individual -- from the home hobbyist to the Fortune 100 CTO -- to get to work, because we're at the point where those who ignore IPv6 connectivity are doomed to suffer from unintended consequences.
You may be wondering, 'Why?'
Garvin's arguments weren't spurious. It was an interesting notion that perhaps companies are sitting on vast stockpiles of IP addresses and all we have to do is encourage them to give them up and our crisis will be averted.
But, unfortunately, we know this isn't true. Curran ran the numbers, which are only more significant now: As of Sept. 24, 2015, the pool of IPv4 addresses was officially depleted, and the American Registry for Internet Numbers opened a waiting list for people who need addresses. Meanwhile, markets of varying shades of gray have sprung up to broker B2B exchanges and, of course, skim profits off the top.
But that's not the only reason.
As described by Neetha Edwin and others, IPv6 presents its own set of challenges to network security. The problem is that it's already turned on. So, you can't hide your head in the sand and say, "Oh, well, if I don't look at it then it won't hurt me." It's just the opposite, in fact. By not looking at what IPv6 is doing on your network right now, you are probably doing yourself more harm, not less.
You also need to consider the fact that IPv6 connectivity is not just a "network thing." The tools you use in your day-to-day work are affected by the way they respond to IPv6, including not responding at all. How well will your IP address management tool hold up when you make the move? And don't tell me you aren't using an IPAM or DDI tool, because it's not 1997 anymore. How about your VPN clients? While corporate VPN clients may handle IPv6 OK, in June, a test of the top private VPN services and clients found that none were secure when it came to IPv6 connectivity.
But that's not a reason to avoid moving to IPv6 connectivity. It's actually a compelling argument for why you need to start thinking about your move now. Getting started with your assessment and planning means no fire drills later.
And now on to the most compelling reason, a completely personal one that has nothing to do with your business: It will hurt you more to do it later than it will to start now. As Denise Fishburne pointed out, the future you is going to hate present you if you keep acting like a lazy bum.
You may be wondering, 'How?'
Let's say you are finally convinced to get started. What now?
Well, obviously educating yourself on what IPv6 is, how it works and how it differs from IPv4 is a great start. There are plenty of resources available on the Internet for that, so I’ll leave it up to you.
You can also take a look at organizations that are leading the way and lessons you can glean. For example, a recent article spotlighting Telekom Malaysia's move to IPv6 describes an inside-out approach, as well as the (not completely unexpected) requirement that proponents of IPv6 are going to have to prepare to convince management of the benefits, since they aren't immediately obvious. (Hint: It's the Internet of Things (IoT), stupid! Just as Peter Tseronis, former CTO of the U.S. Energy Department, recently realized.) In addition to pointing out the security implications of IPv6 connectivity, Neetha Edwin has also provided thoughts on how to manage and promote the benefits of this new architecture.
But ultimately, the process is pretty much like most IT projects you've been through:
- Gather knowledge about the new technology or trend.
- Decide whether or not to adopt it. (Except in this case, you will. Yes. You. Will.)
- Look at which hardware and software is compatible and which will need to be replaced or upgraded.
- Determine where in your environment to start. (Hint: Start in the center and work your way out to the edges.)
- Prepare to make your case to management. For this, remember what SolarWinds CTO and CIO Joel Dolisy recently told me: Your conversation has to address one of just three aspects of the business: increasing growth, decreasing cost or avoiding risk. For my money, the last two out of three are a slam dunk in this case.
You may be wondering, 'When?'
Now. Start now. You really have no good reason to wait any longer.
Understanding IPv6 security and how to protect against threats and attacks
IPv6 addresses for IoT
Address depletion speeds IPv6 adoption