IPv6 Is No Hail Mary

istock 625301290

It may answer some prayers, but it fails to address the fundamental flaw in TCP/IP

IP addresses function not only as an identifier, but also as a locator, which is a frequent cause of IT headaches. The location function causes conflicts, adds to management overhead, creates security holes, and often raises availability issues. Don’t hold your breath waiting for IPv6 to resolve all these issues—that could be fatal. IP addressing is fundamentally flawed, and migrating to IPv6 for the most part compounds the issue. But there is a fix – global namespace.

When the internet took off, it quickly became clear that the finite number of IPv4 addresses would soon be tapped out. The protocol allows for about 4 billion IP addresses, and there are already more than 4 billion connected devices—with many more on the way as a result of the adoption of cloud, the Internet of Things (IoT), and software containers.

Anticipating that shortage, IPv6 was introduced in 1998. With the potential for trillions of addresses, the number of devices that can be connected is virtually infinite. In the meantime, network address translation (NAT) provided an acceptable workaround, as it allowed for a single public IPv4 address to accommodate multiple private IP addresses.

NAT workaround not ideal

But NAT creates a multitude of problems, ranging from the need to manually update port addresses to incompatibilities between NAT and IPSec. IPv6 eliminates the need for NAT because every device can have its own unique IP address. That makes for a more secure environment, although it creates its own headache of having to keep track of those unique addresses.

“Because there are so many IPv6 IP addresses, it is virtually impossible to do a scan of the network to find rogue devices, which makes securing an IPv6 network a lot more demanding,” Hanns Proenen, chief information security officer (CISO) at GE Europe, told ComputerWeekly.

IPv6 will solve a number of problems. According to Gartner, “The main benefits of IPv6 are vastly increased address space, integrated security and quality-of-service mechanisms, as well as support for auto-configuration and mobility. In addition, large network operators may see better routing stability as platforms mature.”

But don’t expect NAT to go away overnight, as organizations will likely focus on new implementations, such as IoT networks, while slowly transitioning existing IPv4 addresses.

Slow, complex migration

Adoption has been relatively slow, but it’s starting to accelerate. For 2017, Google’s data on user access revealed a steady climb of IPv6 users from 16% at the beginning of the year to over 20% just past the midway point.

“Migration to IPv6 can be a complex process,” writes Network World contributor Mark Dargin. “It will involve upgrading, reconfiguring, and testing various hardware devices and software.”

Worse, IPv6 doesn’t address the fundamental flaw in TCP/IP of IP addresses being used for both location and identity. This provides bad actors with essentially a roadmap to create mischief by targeting IP addresses of enterprises or individuals.

If you’re going to upgrade your internet addressing scheme, why not step outside the box and switch to an approved standard that relies on cryptographic identities? That’s the essence of the IETF-approved Host Identity Protocol (HIP), which separates the locator and identity elements of IP addresses and inserts a secure namespace that makes it possible to quickly and simply set up secure network overlays.

To learn more, read the ESG Lab report on Tempered Networks’ commercial implementation of HIP.


Copyright © 2018 IDG Communications, Inc.