IPv6 Questions and Answers
The IPv6 Center of Excellence team answers your IPv6 adoption questions.
Have a question that isn’t answered below? Contact the team at firstname.lastname@example.org
Q: Is there any business case behind a migration to Dual Stack?
A: The business case for adopting IPv6 in a dual-stack configuration is based on risk management and business continuity–i.e. leveraging existing network functionality in IPv4 while mitigating the risk of IPv4 exhaustion by preparing for IPv6 those network elements and services most vulnerable to interruption or unavailability
Q: How many devices globally REALLY need a Public IP address? with 7Bn people is it really 14Bn devices?
A: Quick answer is yes but which technologies isn’t clear yet. But end to end and no NAT will allow all sorts of apps we don’t have now due to lack of address space
Q: The doubling logic was dodgy; in that server can serve content to more than one user.
A: See answer above.
Q: What exactly does “dual stack” mean?
A: An interface supporting both IPv4 and IPv6 addresses.
Q: What is the main security concern of dual stack implementations?
A: The key security concern is that you need to be able to monitor and filter applications on both IPv4 and IPv6, however, with no NAT and a good IP subnetting scheme with IPv6, ACLs could be simplified within the organization and therefore have the potential to become more secure. The main issue with dual stack means that you have double the effort to ensure that your security policy is correct.
Q: Please can you give some App examples that sound interesting.
A: Probable apps include automobiles, smart power, RFID in consumer goods, etc.
Q: Do companies need to request/register for IPV6 address with IANA?
A: No. You get IPs from your ISP or an RIR, like RIPE or ARIN.
Q: How difficult would it be for a translation layer to be developed between IPv4 and IPv6 or would you have to rely on bridges?
A: There are a number of existing transition techs, such as nat64/dns64, 6to4, isatap, etc. all have drawbacks
Q: Guys, what we need is simple advice on how to pilot this quickly. There must be a way to cut through the complexity and find a simple solution that will work for 80% of us. This is what we are attending this call to find out.
A: Please review the presentation and focus on the three calls to action. They will work for most organizations.
Q: In a LAN, can you totally disregard IPV4 and implement IPV6 instead?
A: If you don’t need to access IPv4 only sites or machines, yes.
Q: I’ve hard someone say the IPv4 will be around forever. Do you think that’s true or will IPv6 eventually wipe out IPv4?
A: There are still sites using SNA and X.25. IPv4 will be around longer than us
Q: Do you have any best effort experience when it comes to (dual stack enabled) IP address Management Tools?
A: I’m uncertain what “best-effort experience” means but Infoblox IPAM solution is fully IPv6 capable.
Q: Google, Yahoo, Microsoft, etc have IPv6 implementations. Where can I see the signup sheet for who else is already stable on IPv6?
A: There is some useful information here: http://bgp.he.net/IPv6-progress-report.cgi
Q: Can legacy equipment handle IPv6 or will they need equipment upgrades?
A: Currently, you need to talk to all your vendors. There is no central place that lists everything that correctly supports IPv6
Q: Many large companies need multi-site multi-homed internet access. This is difficult to do in IPv4. Is it easy to do today with IPv6?
A: Probably not but check with your vendor.
Q: If we use the dual stack method, we need both IPv4 and IPv6 addresses for each customer, am I right?
A: Yes. Dual stack means every network interface having both v4 and v6 addresses.
Q: A centralized registry / certification of IPV6 “ready” vendors / suppliers/ ISPs etc would be fantastic. would IANA be the right people to drive this?
A: IANA is a registration body for numbers and addresses. they would not be the right folks to drive IPv6 readiness. there is the IPv6forum and other govt and vendor groups that are starting to do this but there is no one place to look currently.
Q: I need some guidelines about the IPv6 migration plan for the cable operators. I am working for the cable operator, I am talking about isp perspective
A: There are several specific industry sectors that will have some very specific requirements, particularly from their vendors. If you need more detail regarding cable operations specifically then it may be worth considering getting some consultancy in to help with your planning.
Q: What are the main IPv6 drivers in Europe / Asia and the US?
A: IPv4 exhaustion in Asia and Europe. Proactive risk management and business continuity in the US.
Q: If we have to use both IPv4 and IPv6 addresses per user in dual stack method, how can it be possible to use IPv4 address per user today IPv4 addresses is depleted already.
A: There is nothing more or less complex with multi-homing between v4 and v6. It’s the same amount of work and complexity.
Q: What is the impact of IPv6 to OSS and BSS?
A: It will vary greatly from organization to organization depending on how they’ve implemented OSS and BSS. As a general rule the more customized these services are the more at risk processes will be given applications that don’t support IPv6 and must be replaced. Early auditing and validation is the key to determining and mitigating this risk.
Q: It is possible to adopt IPv6 only and use transition technologies such as NAT64 and DNS64 to allow these to connect to IPv4 internet/services.
A: It is possible but undesirable due to the generally believed performance tax associated with transition technologies (the alternative of a dual-stack configuration is recommended). That said, there are some subscriber networks and service providers currently using this approach.
Q: There is at least one difference: it is almost impossible to obtain vendor independent IPv4 addresses and this is a requirement form multi-homing. I guess this is easier in IPv6, but are the ISPs ready to provide this?
A: If an organization can make an effective case for its need for PI space it can receive it directly through the appropriate RIR rather than the ISP.
Q: I have heard that if you want use NAT64 / DNS64, all of the client applications have to support IPv6 not only the cpe devices. Is it right ?
A: If I’m understanding the question correctly the answer is ‘no’ as the transition technology is used to provide access to service regardless of whether the client is IPv4 or IPv6.
Q: What is the main issue about OSS/BSS? Lifecycle management or the installed legacy basis?
A: Most modern OSs already handle IPv6 well. but apps (commercial and custom) will potentially require a large effort to upgrade.
Q: I think large companies will have a big problem when IPv6 arrives but it will not be a network problem but an application problem
A: This is likely to be true as network hardware and software support for IPv6 is very mature while effective IPv6 support for the tens of thousands of applications businesses rely on is highly variable.
Q: Is it necessary to change to IPv6 internally on the private address range or only publically on the public IP address range and use NAT?
A: There is already in the address space given out to the RIR by IANA, and so yes geo-databases will still work with IPv6 and due to ‘hopefully’ less or no NAT they will become more accurate as time and adoption goes by.
Q: What are the best arguments to achieve the commitment of (non technical) managers/stakeholders
A: Emphasize the risk management aspect of the effort and argue that the exhaustion of IPv4 and the accelerating adoption of IPv6 on the Internet creates risks to business continuity, business agility, and competitive advantage.”We know that in these days we have IPv4 segmentations among RIR’s, and because of that we can detect where does some IP address and access come from.
Q: In IPv6 will we have the same situation regarding geographically IPv6 distribution?
A: I believe eventually yes.
Q: I didn’t understand quiet well why there would be a performance issue if continuing with IPv4 ?
A: If the internet is primarily IPv6 and you are IPv4 only, you will have to NAT. NAT introduces latency and performance problems.
Q: is-is to ospf?
A: IS-IS handles both v4 and v6 within the same routing process and RIB, as does BGP
Q: At what point do in the future do you see an IPv4 ONLY user unable to access an Internet resource because they’ve not adopted IPv6?
A: That date is years away for most commercial content.
Q: What is RIB
A: RIB routing info base. the list of routes you have and what interface you send packets out on.
Q: We have an ISP to access the Internet and have IPv4/20 addresses, also I have read that google.com does not accept IPv6 Dual Stack to access their websites/services. Is this is going to be a must to have External IPv6 and IPv4 addresses to access both sites? do i have to double costs until all the world have IPv6?
A: Google.com most certainly accepts requests from dual-stack clients. You may not receive a AAAA record however if you are requesting content from an IPv4 host. The general approach is to make the client address irrelevant to the server offering the content.
Q: If there was an opportunity to roll out IPv6 on a new Network segment (for example a new product platform), rather than onto a large existing Network, would that be the preferred approach?
A: Some combination of these steps: audit hardware and software, get addresses, make an address plan, deploy and validate.
Q: What are the most obvious security threats with IPv6?
A: The threats in IPv6 are quite similar to the ones in IPv4 but many organizations aren’t yet prepared to properly assess and mitigate security risks in the IPv6 space based on a lack of familiarity with IPv6.
Q: My questions: Any major issues found so far for NAT64 translation. Eg. In the past NATv4 had issues with application like FTP.
A: This is certainly an option for new segments with NAT64/DNS64, but doesn’t remove the need to adopt dual-stack on existing network to allow connection to newer application in the IPv6 environment.
Q: Would the quality of this web broadcast have been better if we who attend connected to the internet via IPv6 ?
Q: What is RIR standing for?
A: RIR + Regional Internet Registry, i.e. RIPE, ARIN, etc.
Q: How similar it NAT to NAT64 ? Or what is the difference between the two ?
A: NAT64 is really protocol translation from IPv6 to IPv4 rather than just address translation in standard NAT.
Q: You did not mention about tunneling mechanism for transitioning to IPv6. Is there any good reason?
A: Most of the tunneling mechanism are used to transport IPv6-IPv6 over an IPv4 network, so although useful as part of transition they are not sufficient by themselves.
Q: Hi Chris, I am just wondering where there is any obvious list of known problems NAT64. Some of us in asia sorta have a deadline to implement IPv6 on public facing services. The more information on any known problems the better.
A: There will still be ‘NAT’ type problems with NAT64 (especially as it is also performing protocol translation) but not aware of specific sources of problems at this time. It would be good to hook up with F5 or A10 as two of the prominent NAT64 vendors.
Q: How does IPv6 affect bgp?
A: BGP supports v4 and v6 in same instance just fine
Q: From where do I get my IPv6 addresses?
A: You get IPv6 addresses from ISP or RIR, just as you do with IPv4. but with v6, you can get enough addresses.
Q: Will there be certification requirements for Network Admin/Engineers to implement IPV6?
A: There is no specific certification body, however, there are plenty of courses/vendors that include IPv6 in their courses and certifications. Infoblox have a generic IPv6 course available soon.how does IPv6 cope up with existing networking protocols ,like WCCP -where they operate only on IPV4?
Q: What will happen of our home/personal routers? Software upgrades to IPv6?
A: Maybe but most CPE (home routers) are very cheap hardware and underpowered, so odds are good we’ll be replacing a lot of them in the next few years.
Q: Are IPV4 Addresses put back into the pool once a company is bankrupt and no longer in existence?
A: depends on RIR as to exact rules but IPv4 addresses are transferrable in some cases, even with bankruptcy, so could very well be assumed by creditors or bought in liquidation. see your RIR for more details.
Q: The performance hit of an IPv6 host hitting an IPv4 web server was discussed, but what about an IPv4 host hitting an IPv6 web server? Is it best to run both protocols and route IPv4 client traffic to IPv4 servers and IPv6 client traffic to IPv6 servers?
A: Since v4 hosts hitting a v6 server and v6 hosts hitting a v4 server will require some form of transition technology and all of them have some performance/latency, native v4/v4 and v6/v6 will give best performance. if you can, it’s best to have your server be native dual stack.
Q: My company’s network has DMZ and multiple instances of natting. How difficult will it be to update those natting instances?
A: NAT44 won’t get you to IPv6, so you are probably going to wind up with yet another layer of NAT beyond what you have now. that’s not going to be the best performance. you should be looking at how to eliminate NAT in your environment rather than adding to it.
Q: Do you have to recompile or make any changes to networked programs when you move to a dual-stacked network?
A: Unfortunately the answer will be this depends on how ‘low level’ the networking application is written so if for instance I use a URL call then probably not, but if I want to perform a DNS lookup (AAAA) then it may even be that the application doesn’t just need re-compilation but some modification as well.
Q: We installed IPV6 equipment 7 or 8 years ago, but are now finally starting to implement IPv6. I am concerned that the Standards have changed since we installed this equipment. Should there be any problems to be concerned about? Firmware updates have been performed as they come out.
A: If you’ve been keeping up with udpates, you *should* be OK but keep checking with your vendors. the IPv6 and dhcpv6 standards are still evolving, even now.
Q: Will SSL be around once everyone migrate to IPv6?
A: there are arguments for and against having security at every layer in the 7 layer model. the argument for having ipsec as part of IPv6 was more because folks were already doing this in IPv4 but in a very crude fashion and having it be more elegant seemed a good thing. security at other layers will still be done for the reason they chose that layer now.
Q: Will IPv6 affect packet tracer or netework simulators pakages?
A: Yes, as they will need to support IPv6 for instance traceroute (v4) = traceroute6 (v6).
Q: What is the dependency on Java version for IPv6 support? For example, does it require Java 1.6 or even 1.7, perhaps caused by NIO / OIO dependencies?
A: As with any other programming language, how much you will need to change to support IPv6 depends on how low level your networking calls are
Q: What IPv6 features should we look for our Firewalls to support?
A: All of them. It needs to support all router features and should be able to detect all transition and tunnel types.
Q: Does Infoblox have any resources for assisting in designing an IPv6 addressing plan?
A: Infoblox has done a webinar creating IPv6 address plans. There are no large case studies but RIRs like RIPE and ARIN do have good info in their IPv6 address allocation application docs.
Q: In your view – what are the main differences regarding security when comparing IPv6 and IPv4? What are new threats in IPv6, and what IPv4 threats will disappear?
A: Though the threats are turning out to be quite similar the largest difference is that many organizations aren’t yet prepared to properly assess and mitigate security risks in the IPv6 space.
Q: We currently use NAT on our Internet firewall. This is used for our default requests and a small number of incoming NATed services. If we switch to IPv6 on our DMZ and our Internet connection can we still use our current NAT? Would we have to change to an IPv6 address for the NAT?
A: Just as IPv4 and IPv6 can’t communicate directly, NAT44 and various IPv6 NAT techs are not compatible. You will need v6 compatible NATs.
Q: Are smartphone providers actually using IPV4 addresses?
A: Smartphone providers use IPv4 and IPv6 (though not always both).
Q: Public and Private Cloud Impact – please discuss the impact of IPv6 on Public and Private Cloud Network and Data Centers
A: There is no dependency between the two. The IPv6 DNS RR Types (AAAA and PTR) are just signed in the same way as all other RRs in the relevant zone.
Q: Does 550-A support dual stack on the same physical interface..same vlan or is it IPv6 on a specific VLAN and IPv4 on a different VLAN
A: The Infoblox appliances support Dual Stack on the same physical interface and the expectation is that this is the same VLAN.
Q: With the NAT 64 function do we need a DNS 64 as well?
A: You must have both
Q: Besides AAAA address scheme – is the alternative A6 approach still supported? see specification in RFC 2874 and RFC 3364
A: A6 have been officially deprecated
Q: Where do telcom companies fall in the spectrum of need for IPV6 implementation?
A: Most 2G/3G are IPv4 (but still provider dependent) whilst most 4G/LTE utilise IPv6. However, this really is provider dependent.
Q: What advances has Microsoft made in their OSs to adopt IPv6 in normal DHCP use? Will Infoblox’s products always be needed / be preferred?How large is the IPv6-only Internet in Asia? How many users can access only IPv6-based services?
A: Good questions for which little consistent or reliable data exist to answer.
Q: For IPv6 adoption, what sort of conversation would IT have with the silo stakeholders, such as from HR? Why would HR care about IPv6?
A: Every department will care if they are using hardware or software that uses an IPv4 network.
Q: Any suggestions for dealing with dynamic dns and dual stack networks?
A: Use a DDI solution (DNS, DHCP, and IPAM) with robust support for IPv6 (Infoblox!).
Q: Is there a private IP range in IPv6 similar to the 10.0.0.0/8, etc… in IPv4? Or does every company technically have to be assigned a /64 in order to implement IPv6 in their infrastructure?
A: There are ULA addresses in IPv6 (fc00::/7) but in general organizations are encouraged to use global unicast allocations (from 2000::/3) to address all resources. The minimum allocation for a site is a /48.
Q: What kind of changes you anticipate/see in the application layer to support IPv6 calls (millions of these applications).
A: Microsoft have added support for DHCPv6 to their server products, and Vista/Win7 fully support IPv6. However, DHCPv4 and DHCPv6 are different protocols. However the integration of DNS, DHCP (v4 and v6) and IPAM as part of an automated solution in Infoblox will still provide significant benefits.
Q: Does IPv6 add a new dynamic to vulnerability management?
A: It adds at least to the load of vulnerability management though many of the emerging threats are identical to the ones observed in IPv4.
Q: Are all the IPV6 address publicly addressable, does it have any Private space like IPv4 that requires NAT ?
A: One advantage to IPv6 is that we can all get enough public space and don’t *have* to use private space. There is an RFC 1918 equivalent, Unique Local Addresses (ULA) but the hope is that we won’t have to use them.
Q: Do you recommend ubiquitous implementation for the enterprise?
A: Not sure in what sense “ubiquitous” is being used here.
Q: Are there any applications that require V6
A: This really depends on the application and how low level it is. So will range from no change to re-compilation or even re-writing of the network layers.
Q: What governance on IPv6 address allocation is planned/already in place? For IPv4 addresses were allocated by geo location and big enterprises. Will this be the case also in IPv6? What about allocation by type of devices?
A: As per another response, there is ULA but it’s just like current private space. Isn’t guaranteed unique, can’t be directly connected to internet, etc. Using GUA (Global Unicase Addresses), which are publically routable, guaranteed unique and in plentiful supply is what the IETF recommends.
Q: Are there any killer apps on the horizon
A: Well things like Microsoft Direct Access already utilise IPv6, but your crystal ball is as good as mine 😉
Q: How do we monitor how much IPv6 traffic do I have in my enterprise network?Why would you want to use IPv6 internal to a small organization when cost would currently high? when would a small corporation start considering paying a consultant to go to IPv6?
A: I think the key here is that early adoption will be cheaper in the long run as a smaller network will be simpler to roll-out IPv6 than trying to migrate later once the network has become large.
Q: Where are telco companies on the spectrum of need for IPV6 implementation?
A: Most large telco companies with IP networks have adopted or well on the way to adopting IPv6.