Tag Archive for IPV4

| November 19, 2010
Comments Off on Do You Know Where Your IPv6 Is?

Do You Know Where Your IPv6 Is?

Do You Know Where Your IPv6 Is?Earlier, I covered the iSuppli announcement that nearly 3 out of every 4 people on Earth will soon own a mobile phone. Now, this factoid has some consequences. Johannes Ullrich, PhD, chief research officer for the SANS Institute is predicting that the arrival of new and upgraded IPv6-enabled operating systems, can open new and unrecognized security weaknesses in otherwise secure environments.

SANS Institute logo

Dr. Ullrich told Net Security, “One of the problems is the accidental implementation of IPv6. You may already have IPv6 on your network without knowing about or configuring it.” He continues, “Windows 7, OS X, and Linux enable it by default. In the last round of operating system updates, it has tended to be turned on by default.” Dr. Ullrich, who is currently responsible for the SANS Internet Storm Center (ISC), also highlights devices running Apple’s IOS such as iPhone as well as some Google Android devices come with IPv6 enabled by default.

Dr. Ullrich says that the growth of mixed IPv4 and IPv6 networks, sometimes without the knowledge of IT security teams, can introduce a variety of potential security risks. Attacks designed to exploit IPv6-enabled devices could also be missed by security teams not looking for  IPv6 traffic, “Many organizations will look at their own networks and not see a big problem staying on IPv4,” he explains.

According to Net Security, Ullrich believes that organizations have failed to grasp the full impact of a move to IPv6 or the amount of time needed to plan, test, and secure any migration strategy. Ullrich believes that it will take at least about a year for larger organizations to move over to IPv6. Although most modern routers and switches are capable, supporting SIEM, IDS, IPS, and monitoring tools will need reconfiguration. The application layer is more problematic according to the SANS Institute expert  “It is comparable to the Y2K problem, and there may well be many complex or custom applications that are affected by switching over that need to be tested.”

This gadget has been developed by Takashi Arano, Intec NetCore

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , ,
| October 22, 2010
Comments Off on IPv4 Doomsday Pushed Back

IPv4 Doomsday Pushed Back

IPv4 Doomsday Pushed BackThe American Registry for Internet Numbers (ARIN) announced (10-20-2010) that Interop returned its unneeded Internet Protocol version 4 (IPv4) address space. The ARIN Press Release explains that Interop was originally allocated a /8 before ARIN’s existence and the availability of smaller address blocks.

Another press release indicates that Interop founder Dan Lynch acquired the addresses block to allow for unfettered Interoperability Testing between TCP/IP equipment vendors in the formative years of the Internet. Interop will continue to use a small part of the original grant to continue Interop’s 25-year mission to foster industry-wide interoperability while returning the rest of the address block to ARIN for the greater good of the Internet community. The organization recently realized it was only using a small part of its address block and that returning the rest to ARIN would be for the greater good of the Internet community.

ARIN will accept the returned space and not reissue it for a short period, per existing operational procedure. After the hold period, ARIN will follow global policy at that time and return it to the global free pool or distribute the space to those organizations in the ARIN region with documented need, as appropriate.

With less than 5% of the IPv4 address space left in the global free pool, ARIN warns that Interop’s return will not significantly extend the life of IPv4. ARIN continues to emphasize the need for all Internet stakeholders to adopt the next generation of Internet Protocol, IPv6.

rb-

As the original poster at Slashdot points out, if any of the other IPv4 /8 address holders return their unused addresses, the IPv4 exhaustion date would be pushed back even further. I wonder what some of these companies plan on doing with all of these IP addresses?

  • HP has 32 million publicly routable addresses (16 million of its own and 16 million from DEC which HP acquired when it ingested Compaq) most of which seem to be used to handle VoIP calls to India for sales and support calls.
  • Is Ford going to install a IPv4/IPv6 gateway on all the cars with My Ford Touch, an upgrade of Sync, its in-car Internet service with Microsoft?
  • How is the USPS using it 16 million IP addresses?

Some IPv4 /8 Address Holders

PrefixDesignationDate
003/8General Electric Company 1994-05
004/8 Level 3 Communications, Inc.1992-12
008/8 Level 3 Communications, Inc.1992-12
009/8IBM 1992-08
012/8 AT&T Bell Laboratories 1995-06
013/8Xerox Corporation 1991-09
015/8Hewlett-Packard Company 1994-07
016/8 Digital Equipment Corporation 1994-11
017/8Apple Computer Inc. 1992-07
018/8MIT 1994-01
019/8Ford Motor Company 1995-05
034/8 Halliburton Company 1993-03
035/8MERIT Computer Network 1994-04
040/8Eli Lily & Company 1994-06
048/8Prudential Securities Inc. 1995-05
054/8Merck and Co., Inc. 1992-03
056/8 US Postal Service 1994-06
The allocation of IPv4 address space to various registries is listed at www.iana.org/assignments/ipv4-address-space/ipv4-address-space.xml.

This gadget was developed by Takashi Arano, Intec NetCore

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , ,
| June 20, 2010
Comments Off on Facebook Adds IPv6

Facebook Adds IPv6

Facebook Adds IPv6NetworkWold is reporting that Facebook began offering “experimental, non-production” support for IPv6 on June 10,2010. With more than 350 million active users. 65 million of them accessing the site through mobile devices, Facebook is planning its deployment of native IPv6 to its network backbone. The social network says it wants to support both IPv4 and IPv6-aware clients. In a presentation at the Google IPv6 Implementors Conference, Facebook’s network engineers said it was “easy to make [the] site available on v6.”

FacebookFacebook said it deployed dual-stack IPv4 and IPv6 support on its routers, and that it made no changes to its hosts to support IPv6. FB also said it was supporting an emerging encapsulation mechanism known as Locator/ID Separation Protocol (LISP), which separates Internet addresses from endpoint identifiers to improve the scalability of IPv6 deployments. “Facebook was the first major Web site on LISP (v4 and v6),” Facebook engineers said during their presentation. They also said that using LISP allowed them to deploy IPv6 services quickly with no extra cost. Facebook’s IPv6 services are available at www.v6.facebook.com, m.v6.facebook.com, www.lisp6.facebook.com, and m.lisp6.facebook.com.

John Curran, president, and CEO of the American Registry for Internet Numbers (ARIN) has been urging Web site operators to deploy IPv6. Curran set a deadline of Jan. 1, 2012, when all public-facing Web sites must support IPv6 or risk providing visitors with lower-grade connectivity. The remaining pool of unallocated IPv4 addresses could be depleted as early as December due to unprecedented levels of broadband and wireless adoption in the Asia-Pacific region, experts say.

ARIN logoRichard Jimmerson, CIO at the American Registry for Internet Numbers (ARIN), told NetworkWorld, “It’s moving so fast now that it’s hard for us to be current on it any longer,” ARIN provides IPv4 addresses to carriers in North America. “We’ve gone through 10 /8s since the beginning of this year,” Jimmerson says. “To put that in perspective, in all of 2009, we only went through eight /8s. It’s very possible that the IANA free pool will deplete in December or January at the earliest.”

The article reports that demand for IPv4 addresses remains flat in North America, there has been a huge surge in the Asia-Pacific region this year that is likely to stay strong. “The Asia-Pacific region has very large economies that are underserved by IP addresses such as India, China, and other places,” Jimmerson told NetworkWorld. “They are really seeing a big surge in broadband deployment and wireless data handset deployment, and that translates into having to have unique IP address space. That trend is likely to continue.”

rb-

Just last week, I was speaking with a potential client about getting ready for IPv6 on their network. They had not even talked yet with their ISP about getting IPv6 traffic to them, let alone how they were going to deal with IPv6 in and out of the network.

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , ,
| July 28, 2009
Comments Off on Feds to Test IPv6

Feds to Test IPv6

Feds to Test IPv6NetworkWord is reporting that the U.S. government has reportedly launched a comprehensive product testing program for IPv6. The new program, USGv6 Test Program, will be run by the National Institute of Standards and Technology (NIST) will require all network hardware and software vendors to pass IPv6 compliance and interoperability tests before they can sell their products to the U.S. federal government market.

NIST logo

The NIST IPv6 test plan covers basic IPv6 functionality as well as related standards such as IP Security (IPsec), Internet Key Exchange (IKEv2 ), Dynamic Host Configuration Protocol (DHCPv6), Open Shortest Path First (OSPFv3), Border Gateway Protocol (BGP4+) and multicast requirements in MLDv2.

The USGv6 program will allow vendors to run IPv6 compliance tests in their own labs as long as it is accredited by NIST, but they must run IPv6 interoperability testing in someone else’s lab. Erica Johnson, Director of the University of New Hampshire InterOperability Laboratory told NetworkWorld, “The way that the NIST profile is going to work is that conformance testing can be done in an accredited first-party [vendor], second-party [buyer] or third-party [independent] lab…But the interoperability testing must be done in a second-party or third-party lab.”

The time frame for the USGv6 Test Program is tight. NIST is expected to publish this week [July 31] the final version of its IPv6 test specifications aka Special Publication 500-273 and to finalize its test plan in November 2009. Testing labs are to be accredited before the end of the calendar year. Network vendors will have six months to get their routers, operating systems, firewalls and other security systems through IPv6 testing before the federal government’s July 2010 acquisition deadline.

By July 2010, federal agencies will be required to buy only hosts, routers, and network security systems that have been tested for IPv6 compliance. Vendors must issue a “Suppliers’ Declaration of Conformity” that states host and router products have been tested for IPv6 compliance and interoperability, while security products must undergo functional IPv6 testing. All of the testings must be done in NIST-accredited labs.

rb-

It’s about time – I have included IPv6 requirements in RFP’s for over 6 years. It is amazing to watch the vendors tap-dance around what IPv6 compatibility means. Only some of these products from Cisco or Foundry Brocade are IPv6 compatible depending on the image you buy. I guess the real trick will be to get a “Suppliers’ Declaration of Conformity” if you are not a Fed.

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , ,
| May 30, 2009
Comments Off on IPv6 Has a Business Case

IPv6 Has a Business Case

According to a Network World article business incentives are completely lacking today for upgrading to IPv6. The next-generation Internet protocol does not have a reason to be, according to a survey of network operators conducted by the Internet Society (ISOC).

In the report, ISOC says that ISPs, enterprises, and network equipment vendors report that there are “no concrete business drivers for IPv6.” However, survey respondents said customer demand for IPv6 is on the rise. They are planning or deploying IPv6 because they feel it is the next major development in the evolution of the Internet. All of the ISOC survey respondents said they are planning for IPv6, and most have begun deployment.

IPv6 deployment remains spotty, even for organizations committed to the technology, the survey found. When asked how they were deploying IPv6, a little over half said they were deploying IPv6 on parts of their network rather than their whole network. Several respondents said they envision parts of their networks never operating with IPv6.

What’s driving network operators to IPv6 is demand from customers rather than IPv4 address depletion. The survey found almost half of the respondents report customer pressure to migrate to IPv6. Fewer respondents indicated a need for additional address space or the desire for simpler addressing or less complexity on their networks.

According to the survey, 77% of the respondents are using dual-stack, running IPv4 and IPv6 side-by-side. 45% of respondents used some kind of tunneling to implement IPv6 on top of their existing IPv4 networks. However, tunneling was largely viewed as a temporary measure that either had been phased out or would be phased out in the near future. Tunneling will be turned off when their upstream networking provider offered native IPv6 service. 45% of respondents stated that they had part of their network running a native IPv6 deployment.

More than half of the survey respondents said that additional address space is the primary motivator for IPv6. Network operators put less weight on the auto-configuration, built-in security, and mobility features that are found in IPv6.

rb-

The Network World article misses the point. The article does note that ISOC contracted 90 members and only twenty-two organizations responded for a response rate of less than 25%. Not the best body of work to declare there is no business reason to deploy IPv6.

Experts predict IPv4 addresses will be gone by 2012. At that point, all ISPs, government agencies, and corporations will need to support IPv6 on their backbone networks.  IP addresses are like crude oil, there is only so much of it around. Scarce resources cost more as the resource pool decreases.

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , ,
« Older Entries   Recent Entries »