The disadvantages to an IPv4-based internet were apparent all the way back in the early 90s, but steps were taken to delay the inevitable and allow for the staged development and deployment of IPv6.
Internet Protocol version 6 was codified in RFC 2460 back in 1998, and testing began on research networks worldwide, leading to revisions and updates and an official launch on the public Internet on June 6, 2012. More than ten years on, many organizations have yet to adopt IPv6 as the current and future standard of the Internet.
There are several reasons why deploying IPv6 is important for the future of the Internet. Here are just a few:
1. Public IPv4 addresses are dwindling
Unassigned public IPv4 blocks are a thing of the past, regional registrars have years-long waiting lists for blocks that get abandoned, and IPv4 brokers are charging a lot of money to transfer a /24 block. Large IP blocks that do come up for sale are quickly snagged by cloud providers, and those costs are passed on to their customers. IPv6 is functionally limitless and affords network architects the ability to plan for the unexpected by adding padding to our addressing plans.
2. Private addresses aren’t limitless either
I can’t tell you the number of organizations I’ve worked with that were running wildly inefficient private IP addressing schemes internally. On the surface, there doesn’t really appear to be a problem with this if the addressing scheme fits the size of the organization, but this is a very narrow point of view. For most organizations, it’s very unlikely that they’re going to maintain complete autonomy forever; there’s a large chance that a merger or acquisition is in their future, or a partnership with another organization necessitates the integration of the two networks. Overlapping IP space in one of these scenarios becomes a headache fast. The quick band-aid solution is to slap a NAT44 gateway between the two network domains, which reduces end-to-end visibility and makes holistic management of the entire network a nightmare. Long term, these organizations must plan out an overhaul of their networks just to accommodate the interconnections.
3. The transition is already happening
Trends from publicly available sources place the migration to IPv6 at about 40% complete at the time of this writing (2023). Google and Facebook both publish statistics about their traffic, and it’s hard to make any other conclusion other than the migration is happening at a slow and steady pace, and IPv6 is set to become the majority of internet traffic very soon. The transition has largely been completed in the residential and mobile markets, with enterprises lagging. This is evidenced by the fact that Google and Facebook both show spikes in IPv6 adoption on weekends. There was also a noticeable uptick in March 2020 when the usual Monday-to-Friday dip of IPv6 traffic flattened as employees were sent home to use their home Internet connections. If your clients are all using IPv6, don’t you think you should cater your services to them?
4. Security is just as good and maybe better
A lot of people read about end-to-end global addressing and think to themselves, “but isn’t NAT on my firewall keeping me safe?”. Unfortunately, that line of thinking comes from a fundamental misunderstanding of the mechanism that’s in NAT44 that helps keep networks from being under constant threat of full-scale network scans, and that is that Port Address Translation necessitates statefulness on an edge device. You simply can’t initiate a connection from the outside NAT44 interface because the firewall won’t know which internal address to forward traffic to unless we manually configure port forwarding or one-to-one NAT44 rules (UPnP aside, but that requires the internal device to register with the firewall). The good news is stateful firewall rules are easily configurable and the norm these days. Malicious parties on the Internet aren’t going to suddenly be able to connect to your entire network because of a transition to IPv6. In fact, IPv6 might have an advantage when it comes to staying hidden, though, because, while it’s not impossible to scan public IPv6 networks, it’s very impractical.
5. Better insights into traffic
Going back to my point on end-to-end addressing, a move to IPv6 brings with it richer data logs with less effort to track users’ traffic. Your security team no longer needs to correlate public to private translations to investigate the source of security logs, and your marketing team might like to know that user traffic statistics could be more accurate with the elimination of CGNAT in carrier networks.
6. It’s FASTER
I admit, I left the best point for last. Internet-bound IPv6 traffic is likely faster, according to reports from both Apple and Facebook. Facebook claims a meaningful 10-15% faster performance, and Apple claims IPv6 is 1.4 times faster than IPv4 clients. Reportedly, this is due to the elimination of NAT44 and improvements in routing efficiency. Who doesn’t want to be the person responsible for helping speed up the internet?
Deploying IPv6 is important for the future of the Internet. It will ensure that the Internet has enough addresses to support its continued growth. It has numerous operational benefits and might even be an advantage to your organization.
Having the right partner, who can help you navigate your way through all the architectural, design, and addressing choices is key.
Let’s start a conversation! Contact us to see how NetCraftsmen experts can help with your complex challenges.