In 2004 I wrote that although the US Government was implementing next generation IPv6-compliant gear, large corporations were adopting a wait-and-see approach to the updated Internet Protocol. Jim Bound, chairman of the North American IPv6 Task Force, warned at the time: “If you are not thinking about planning a move to IPv6 today, it’s costing you money. The longer you wait and live with IPv4 bandaids, plugs and fixes to make it all work, the more kit you’ll be buying that doesn’t support IPv6 and the more it will cost you to move in the end.”
But two years down the line, IPv6 is not noticeably more prevalent than it was then, and few if any companies are embarking on projects to move to updated protocol in the near future. “Worldwide, most organizations will have little benefit, and incur huge costs, from moving to IPv6. So they simply won’t do it,” says Neil Rickard, a research vice president at Gartner Group.
One of the key drivers to a move to IPv6 has always been the idea that sooner or later the world will run out of 32 bit IPv4 addresses. In theory there are 4,294,967,296 (232) unique IP addresses, although for various practical reasons it turns out that the real number is closer to three thousand million. IPv6, with its vastly larger 128 bit address space, solves this problem at a stroke by allowing for billions upon billions of addresses. But how acute is the IP address problem? Is there really any urgency for enterprises to move to IPv6 to ensure they have adequate IP addresses?
The answer to this is a resounding no – certainly in countries like the US. That’s largely due to NAT – network address translation (define) . Developed by Cisco, NAT has enabled everyone from domestic users to large corporations to share a single, or more likely a limited number, of public IP addresses with large numbers of hosts on private networks, so these hosts don’t need their own public IP addresses all the time. In fact domestic subscribers to certain cable Internet services running a traceroute will find that their ISPs are using NAT to move traffic onto their own networks with private IP addresses to conserve IP public IP addresses before sending the traffic back out onto the public Internet.
“NAT has been a huge factor in the limited uptake of IPv6,” says Rickard. “NAT is good enough, so NAT wins over IPv6,” he says.
“The principal drivers are applications which IPv6 enables, but these are not there yet. People touted security as a benefit, but we now have IPSec with IPv4. It is part of IPv6, but so what?”
It is true that some service providers, like mobile phone operators or cable TV companies, and some countries, like China, are likely to need huge numbers of IP addresses in the future. It may be that they implement IPv6 in order to get their hands on enough IP addresses, but these pockets of IPv6 can co-exist with a primarily IPv4 world and infrastructure. This has already happened in countries like Japan where the government has effectively subsidized IPv6 implementations. The bottom line is it doesn’t effect the US corporate position at all.
While there is no need to move to IPv6 to get adequate numbers of IP addresses, there is a very good reason why corporations shouldn’t move to IPv6: the cost of such a move would be astronomical “As far as costs are concerned moving to IPv6 will be a larger project than Y2K and it will be harder,” says Rickard.
Like the Y2K projects which all organizations were forced to undertake in the late 90s, an IPv6 project would largely be a journey into the unknown, he says. Most routers and LAN switches may be IPv6 upgradeable, but what about client machine OSes? What about printers, cameras, IP phones and every other piece of network connected hardware? Even if these can be upgraded, the biggest problem is likely to be presented by application software. “Many applications don’t use the OS to talk to the network. Middleware certainly doesn’t – it talks direct to the network,” says Rickard.
The biggest problem will be working out what software needs upgrading or patching and which doesn’t. “You’d have to set up test labs, identify which software will cause problems, and then decide whether to upgrade or replace it,” says Rickard. “With Y2K you could do it app by app, independently, but if one package uses IPv6 then the network must be IPv6 compliant, and then all the other apps must be too. With IPv6 it all has to be ready at once.”
Running IPv6 requires about 10 per cent more server resources, so organizations will have to be prepared to buy more servers and mainframe capacity too.
Corporations will only face these overwhelming costs and start to adopt IPv6 if there is a compelling reason to do so, and as yet none exist. “The corporate world has no interest in IPv6 – they simply see no reason to adopt it,” says Sam Masud, principal analyst at research house Frost & Sullivan. “The principal drivers are applications which IPv6 enables, but these are not there yet. People touted security as a benefit, but we now have IPSec (define) with IPv4. It is part of IPv6, but so what?” The same applied to QoS (quality of service) (define) . It may be easer with IPv6, but it is do-able with IPv4, so it’s not a reason to switch.
Security is actually a point which is worth a closer look. The question that needs to be asked is whether IPv6 is really any more secure than IPv4. As Microsoft’s Steve Ballmer found out to his cost when he pronounced that Windows XP would be the most secure version of Windows ever, it’s usually a rash move to declare any new piece of software to be secure – the only way to find out how secure it really is is for millions of people to use it. “How many holes are there in IPv6 code? The truth is that it has not really been tested in the field like IPv4,” says Gartner’s Neil Rickard. “You’d have to say that for that reason IPv6 is less, not more, secure than IPv4,”
So here’s the situation: there are still plenty of IP addresses to go around for the moment, because NAT has eased the shortage. Large US service providers and developing countries in the Far East who need large numbers of IP addresses can adopt IPv6 and use gateways to communicate with the rest of the global computer network. There are no compelling reasons for large enterprises to adopt IPv6, and a huge cost and business risk in doing so. So, to put it simply, it isn’t going to happen, any time soon. Maybe in five years’ time though …
This article was first published on EnterpriseITPlanet.com.