Crickets for IPv6


Several years ago, I wrote an article explaining how there is plenty of address space with IPv4 and that the IPv6 hype had some merit, but most of it was being used as another push to scare organizations into buying a bunch of equipment they may not need.  

It turns out that I was mostly correct

How do I know this? We are regularly inside customer networks doing upgrades and support. Yes, we do see a smattering of IPv6 traffic in their logs, but it generally does not originate from their users, and at most it is a fraction of a percent. Basically, this means that their old IPv4 equipment probably would still suffice without upgrades had they gone that route.

Back in 2012 the sky was falling, everything needed to be converted over to IPv6 to save the Internet from locking up due to lack of address space.  There may be elements of the Internet where that was true but such dire predictions did not pan out in the Enterprise. Why?

Lack of control over their private address space with IPv6.

For example, one of the supposed benefits of  IPv6 addressing schemes is that they are assigned to a device in the factory, as there are so many addresses available they are practically infinite.  The problem for an IT professional managing a network is that you can’t change that IPv6 address (as far as I know) and that is where the breakdown begins.

In private organizations, the IT department wants to manage bandwidth and security permissions. Although managing security and permissions are possible with IPv6, you lose the orderliness of an IPv4 address space. 

For example, there is no easy shorthand notation with IPv6 to do something like:

“Block the address range 192.168.1.100/24 from accessing a data base server”.   

With IPv4, the admin typically assigns IP addresses to different groups of people within the enterprise and then they can go back and make a general rule for all those users with one stroke of the pen (keyboard). 

With IPv6 the admin has no control over the ip addresses, and would need to look them up, or come up with some other validation scheme to set such permissions.   

I suppose the issues stated above could have been overcome by a more modern set of tools, but that did not happen either. Again, I wonder why?

I love answering my own questions. I believe that the reason is that the embedded NAT/PAT addressing schemes that had been used prior to the IPv6 push, were well established and working just fine.  Although I am not tasked with administering  a large network, I did sleep at a Holiday Inn (once), and enterprise admins do not want public IP’s on the private side of their firewall for security purposes. Private IP addresses to the end in itself is likely more of security headache than the Ip4 NAT/PAT address schemes.  

The devil’s advocate in me says that the flat address space across the world of an IPv6 scheme is elegant and simple on face value, not to mention infinite in terms of addresses. IPv6 promises 2,250,000,000 Ip addresses, for every living person on earth. It just was not compelling enough to supplant the embedded IPv4 solutions with their NAT/PAT addressing schemes.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: