Think Information. Think Security.
 
Picture
A successful IPv4 to IPv6 migration strategy can be broken into six manageable phases. BlueCat Networks leverage IP Address Management solutions and expertise to help customers take a structured approach to these phases:

How can companies move from IPv4 to IPv6?

1. Discover – Discover all IPv4 and IPv6 resources on your network to prepare for IPv6 and identify potential security gaps.
2. Plan – Plan your IPv6 environment based on a thorough understanding of your existing networks and IP addresses that are already in use.
3. Model – Create and model IPv6 blocks and networks including local and global unicast address space for optimal design. Add IPv6 hosts and define IPv4, IPv6 or dual addresses for each host.

4. Map – Map IPv6 networks and addresses to existing IPv4 devices and track dual-stacked IPv4/IPv6 hosts by DNS name, MAC address or device.
5. Implement – Deploy IPv6-enabled DNS hosts and create the necessary IPv6 AAAA records and corresponding NAPTR records alongside existing IPv4 DNS data.
6. Manage – Simplify the ongoing management of IPv6 and dual-stacked environments with a cohesive, business-centric view of your entire naming and addressing infrastructure (both IPv4/IPv6).
With this phased migration approach, organisations can reduce migration costs and minimise the business impact of the changeover. Organisations need to put the transition into perspective and think of IPv6 in business rather than technology terms.

All organisations will need to migrate to IPv6 but, at this point, most only need to look at external IPv6 connectivity. Some organisations will face limits on their internal IPv4 address space, but most will be fine for a few more years. Over the next few years, the next generation of ‘killer apps’ and network technologies, which will be built around IPv6, will create the demand and business case for migrating most internal networks to IPv6.
How does IPv4-6 migration hardware/software work?

While there are several different IPv4-IPv6 migration tools available, including tunneling and translation, most organisations will likely opt for a dual-stacked approach in which IPv4 and IPv6 are run simultaneously. The ability to run IPv4 and IPv6 within the same network means that there’s no need to move to IPv6 all at once – you can gradually migrate parts of your network as you go forward.

Dual-stacked IPv4/IPv6 networks will require a new approach to IP Address Management. In a dual-stacked environment, organisations will have difficulty managing their IP space with traditional manual methods like spreadsheets or database tools. These legacy methods lack the automation, integration and agility needed to effectively manage today’s dynamic and complex data center and cloud networks, much less accommodate IPv6.

With an enormous address pool and complex subnet structure, IPv6 simply cannot be tracked on a spreadsheet – finding a specific address in a seemingly endless list of IPv6 addresses in Excel would be like finding a needle in a haystack. Everyday tasks such as determining the next available network will become anything but trivial. In the short term, organisations looking to reduce costs for their external IPv6 connectivity should look at DNS64/NAT64. Although not as flexible as dual-stack, network address translation (NAT) allows you to keep your IPv4 infrastructure by NATing the traffic in front of it.

This works by mapping existing DNS IPv4 Address (A) records to IPv6 (AAAA) records and NATing the IPv6 traffic to IPv4. This method works well for most environments, although scalability may become an issue as organisations continue to add more devices to our networks. Another potential with NAT is logging and tracking source addresses, since they are not visible to IPv4 applications. Some vendors have workarounds for this, but it does add an extra wrinkle to the process.

IP Address Management (IPAM) solutions automate common administrative tasks and insulate network administrators from the complexity of defining, allocating and managing IPv6 blocks, dual-stacked networks and addresses. Without IPAM, organisations will be unable to cope with the added complexity. An IP Address Management (IPAM) solution offers capabilities for controlling, automating and managing IPv6 address space and name space.
Is IPv4-6 migration a large expense for enterprises?

Migrating an entire organisation will be expensive and will take several years. Gartner estimates that as much as 6% of the total annual IT budget will be spent on IPv6 migration. Some organisations have the latest and greatest routers and switches but most have a mixture of new, old and in between.

Many of the larger names in switching and routing have had IPv6 functionality for sometime since the IPv6 RFC standard was issued in 1998. Although your device might have IPv6 functionality, the big question will be ‘Does it run in software or hardware?’ If the answer is software, it will be good for a test system, but probably not for your production environment. This is an unfortunate expense, but you need to keep in mind that many organisations have yet to transition their infrastructure and having IPv6 functionality in software helped keep costs in line over the last several years.

Networking hardware is only part of the issue; the potentially larger expense will lie in the software systems that you use to run your organisation. The latest operating systems from Microsoft, Apple and Linux fully support IPv6, but the previous implementations that many of us have don’t work as well.

Operating systems such as Microsoft XP that has been released for over a decade has many issues running the IPv6 protocol. One solution might be to upgrade the operating systems but in many cases, the software running on them is not compatible with the new technology. In addition, many in-house or custom applications will require close examination to determine if they are IPv6 compatible.

If not, additional expenses will add up fast. Transitioning for some might make the Y2K effort seem small in comparison. In addition to the software, hardware and application costs, one needs to factor in the cost for training, education, consulting and cutover costs. Today, most enterprises are simply not equipped for IPv6 and need to build their in-house expertise.
What is the timeline for companies in the region to move to IPv6?

On September 14, 2012, The RIPE NCC, the regional internet registry for Europe, the Middle East and parts of Central Asia, announced that it is now allocating IPv4 addresses from ‘the last /8’ – the final block of 16.8 million IPv4 addresses. From now on, the RIPE NCC can only distribute IPv6 addresses and a one-time /22 IPv4 allocation (1,024 IPv4 addresses) from the last /8 to those Local Internet Registries that meet the requirements. For organisations in the Middle East, this essentially means that IPv4 exhaustion has arrived and the time for talking about IPv6 is over.

Technologies like NAT may help you extend your existing IPv4 address space, but this is not a permanent solution. With IP-dependent initiatives like cloud, virtualisation and BYOD rapidly consuming the last remaining IPv4 addresses, organisations need to get serious about planning IPv6 migration. Like any large-scale IT initiative, fire drills are not the way to approach IPv6, you need a migration plan to reduce transition costs, mitigate risk and minimise disruption.

Cross-posted from: ITP.Net



Leave a Reply.