More IPv6 Problems on the Horizon


Article by Larissa Fair


Some changes to previous IPv6 mandates have come to light this week, with a more aggressive adoption strategy being proposed by Ely Kahn, Director of Cybersecurity Policy at National Security Staff, Executive Office of the President. Kahn seeks tomandate adoption of IPv6 and DNSSEC in government, with an eye toward later efforts to motivate implementation of those technologies in private industry. In addition, the Federal Acquisition Regulation (FAR) is, as of July 1st, requiring all federal agencies to purchase computer hardware, and in some cases software, which have been tested and certified for IPv6 readiness.

But there are some other problems to consider with the move to IPv6. The IPv6 mandate has been around since 2005, with agencies being required to have their backbone infrastructure IPv6 ready. Because of that, many machines that government agencies use today run in dual mode, capable of handling both IPv4 and IPv6 traffic.

But according to Shawn McCarthy posting on GCN, there is a problem with running a dual-stack system. 'If you already have IPv6-capable machines running on your government network, you could very well have a small IPv6 network running within your facility - and you might not even know it. On dual stack machines, the IPv6 capability must be shut off unless there is a specific need for it. If it's not, it may be capable of routing IPv6 packets when they pass through, even if you don't monitor for that. You have to properly configure each machine to make sure IPv6 isn't enabled. If for some reason it needs to be enabled, you must to be able to monitor this type of traffic.'

Compatibility between IPv4 and IPv6 and the information that is passed between them is an issue, as is security. Most security systems (think firewall or intrusion alerts) are not configured for IPv6 traffic, which means that most government agencies will have inconsistent configuration rules and support for IPv6. Interoperability will be a big test of the migration to IPv6, and agencies need to consider the tools to proactively monitor and manage both systems in the future. Scalability is also an issue, with IPv6 migration creating 'new and possibly more severe problems' as already taxed Internet routers have to cope with IPv6, running dual-stack, and also the fractioning of IPv4 address space. Performance is at stake, and end-users can expect to see 'speed bumps' with conversions as they try to access websites on IPv6 over IPv4.

Since the government has had nearly five years to prepare for IPv6, it will be interesting to see the results once they really don't have any more IPv4 addresses to give (which should be next year according to predictions). It seems that the move to IPv6, while necessary, is also somewhat chaotic in its strategy. It appears there are many unanswered questions when it comes to running dual-stack operations and considering compatibility, interoperability, scalability and performance. Not only is there a need for agencies to implement the 'backbone infrastructure' and be IPv6 ready, but they should also consider what that really means to their business, and how their information is accessed by end users.



Larissa Fair is senior online marketing manager for ScienceLogic, a leading provider of IT infrastructure management solutions including cloud monitoring for enterprises, service providers, cloud providers and government data centers. She specializes in social media, marketing, and traditional PR.














Find More Ipv6 Articles
Orignal From: More IPv6 Problems on the Horizon

Comments

Post a Comment

Popular posts from this blog

TECH MAHINDRA LIMITED : Department of Telecom, Govt of India empanelsTech ...

TECH MAHINDRA LIMITED : Department of Telecom, Govt of India empanelsTech ... IPv6 (Internet Protocol version 6) is a technology that is projected to succeed IPv4, which is the current scheme used for almost all traffic flowing through the Internet. Since the number of devices connecting to the Internet is rapidly growing, ... Read more on 4-traders How we tested next-generation firewalls We tried to build VPNs with other IPSec-based firewalls and tried to synchronize each device with Cisco IOS BGP routers running both IPv4 and IPv6 protocols. We looked at global management features, where the vendor provided a global management system, ... Read more on Computerworld Australia Orignal From: TECH MAHINDRA LIMITED : Department of Telecom, Govt of India empanelsTech ...
Read more

Basic firewall functionality: Check Point's maturity shows through

Basic firewall functionality: Check Point's maturity shows through With such a close feature set between products, we looked at more cutting-edge features, such as dynamic routing, global management, and IPv6 support. The leaders in our dynamic routing testing, which focused on BGP integration, were Check Point's ... Read more on Computerworld Australia Shining a Light on Shadow Networks By date: by Carl Weinschenk, IT Business Edge The gradual adoption of IPv6 networks is not without its challenges. Qing Li, Blue Coat's chief scientist, discusses what could be a serious vulnerability: Some IPv6 networks can traffic data before being ... Read more on IT Business Edge (blog) Cisco: Network Tops Cloud Challenges InformationWeek is conducting a survey to get a baseline look at where enterprises stand on their IPv6 deployments, with a focus on problem areas, including security, training, budget, and readiness. Upon completion of our survey, you will be eli...
Read more