The Next Y2K — Are We Ready for a Web Without IPv4 Yet?

0
4511
Warning signs!

Warning signs!

Yes, we’ve have done it again — brought the world to the brink of another disaster, because we’ve failed to foresee the exponential growth of the Internet! Read on to learn about why IPv4 shows threatening signs of becoming the next Y2K disaster.

The Internet has become an essential part of our lives. Everybody is on the Net, surfing with different types of devices: PCs, laptops, iPads, mobile phones, etc. Each of these needs a unique IP address on the Internet, when directly connected. The present IP (Internet Protocol) addressing system, IPv4, uses a 32-bit number, represented in 4 octets — for example, 192.16.1.2.

The problem

Since IPv4 addresses are 32-bit numbers, there are only 232, or just over four billion, possible addresses available — and they have all been allocated. On February 3, 2011, the Internet Assigned Numbers Authority (IANA), which controls the world-wide distribution of IP addresses, allocated the final pool of IPv4 address space to the five Regional Internet Registries (RIRs). This means that there are no longer any IPv4 addresses available for allocation from the IANA to the five RIRs.

So does this mean the end of the Net? Well, not really. Luckily, this problem was foreseen, and an alternative to IPv4 developed. The new addressing scheme, IPv6, uses 128-bit numbers for addresses — hence, there are 2128 individual addresses available (approximately 3.4×1038). All new IP addresses from now will be IPv6.

What, then, is the “next Y2K”? The problem is that IPv4 is NOT directly compatible with IPv6. This means that devices connected via IPv4 (which make up most of the existing Internet) cannot communicate directly with systems connected using IPv6 (and vice versa). If your website is on an IPv4 connection, it won’t get traffic from IPv6 sites/users and the reverse is also true. Getting traffic is essential to any business on the Net; nobody can afford to lose IPv6 users. Hence, to continue offering customers the same level of service, every organisation needs to be planning IPv6 deployment now.

The IPv6 compliance scenario

All major US government federal agencies have migrated their infrastructure (network backbones) to using IPv6, and all agency networks were enabled to interface with this infrastructure with effect from June 2008. The US government’s Chief Information Officers require that all new IT procurements be IPv6 compliant. An IPv6-compliant product or system must be able to receive, process, and transmit or forward (as appropriate) IPv6 packets, and should interoperate with other systems and protocols in both IPv4 and IPv6 modes of operation.

The US Defense Department, with its $30 billion budget, has been buying only IPv6-compliant networking gear since October 2003, and had already achieved full IPv6 compliance in 2008. ICANN, the company that handles the domain names and IP addresses for the world, has also enabled its servers to be IPv6-compliant. There has been significant IPv6 adoption in Japan and Korea, with production networks and consumers paying for IPv6-based services. China is spending millions developing a new backbone network that is reportedly going to be IPv6. The European Union (EU) has also heavily financed R&D in IPv6 backbone networks and innovative services that leverage many of the beneficial features of IPv6.

On June 8, 2011, Google, Facebook, Yahoo!, Akamai and Limelight Networks are among some major organisations that will offer their content over IPv6 for a 24-hour “test flight”. The goal of this Test Flight Day is to motivate organisations across the industry — Internet service providers, hardware manufacturers, operating system vendors and Web companies — to prepare their services for IPv6, to ensure a successful transition as IPv4 addresses run out.

India will start using IPv6 from March 2012, according to a new roadmap released by the Indian government. All telecom companies and ISPs will have to be IPv6-compliant by the end of next year, and offer IPv6 services thereafter. Federal and state government ministries, departments and public sector companies will switch over to IPv6 services by March 2012.

So what do I do?

It is imperative for any organisation to be IPv6-ready, in order to remain competitive. The first step is to assess where your organisation stands in relation to IPv6. If your website is hosted by an Internet Service Provider (ISP), ask its customer support personnel the following questions:

  • Do you currently provide IPv6 connectivity?
  • If not, when do you plan to deploy IPv6 on your customer networks? What is your deployment timeline?
  • When will my website be available over IPv6? What extra cost will that entail?
  • Do you provide customers with IPv6-compatible modems, or other devices necessary for connecting over IPv6?
  • Why have you not provided us any information on IPv6 that would help us put in place all that’s needed from our side, to be ready for IPv6 compliance?

Next, carry out an audit of your entire IT infrastructure, and identify the hardware/software that needs to be changed or upgraded. For your hardware (routers, servers, etc), get in touch with the OEM or vendor to check for IPv6 compliance. Ensure that all the equipment is dual stacked (running both IPv4 and IPv6). If the hardware does not support IPv6, find out from the OEM whether a replacement is required, or if an upgrade/patch will suffice.

For software purchased from a third party, get in touch with the provider to check if the product is already IPv6 compatible, or if there’s an upgrade available. If no IPv6 upgrade is available, look for an alternative software source. Any software that has been developed in-house may have to be rewritten. Identify and change all hard-coded IPv4 addressees in software code to IPv6. Any application that directly uses network sockets or other network-related programming might have to be rewritten. Most operating systems are IPv6 compatible — IPv6 support is built in, and you only need to activate it. However, identify any legacy systems running an OS without IPv6 support, and either replace them, or patch/upgrade the OS.

I use FOSS; am I affected?

IPv6 migration is an issue that affects everyone. It is not restricted to only particular hardware or software. The problem is independent of the technology or software you use, as it stems from a core flaw in the TCP/IP addressing scheme. So yes, people using open source operating systems and applications could also be affected.

Linux and IPv6

The first IPv6-related network code was added to the Linux kernel 2.1.8 in November 1996 by Pedro Roque. In most Linux configurations these days, IPv6 is active by default, and the required IPv6 kernel modules are loaded automatically. To check whether your current running kernel supports IPv6, look in your /proc filesystem for the pseudo-file /proc/net/if_inet6. If this entry is not present, you can try to load the IPv6 module by executing modprobe ipv6. If successful, this module should be listed by the following command:

lsmod | grep -w 'ipv6' && echo "IPv6 module successfully loaded"

It is also possible to automatically load the IPv6 module on demand. You have to add the following line to the kernel module-loader configuration file, which is normally /etc/modules.conf or /etc/conf.modules:

alias net-pf-10 ipv6 # automatically load IPv6 module on demand

If your kernel has no IPv6 support, then you can try one of the following options:

  • Update your Linux distribution to a current one that supports IPv6 out-of-the-box.
  • Compile a new vanilla kernel.
  • Recompile kernel sources given by your Linux distribution.
  • Compile a kernel with third-party IPv6 extensions.

However, it is pertinent to point out that IPv6 support in the kernel and the other basic packages is pretty average in terms of performance, and does not conform to all drafts and RFCs (request for comments). Most people tend to switch off the IPv6-compliance feature, as it makes the DNS queries kind of slow.

To overcome this, you can make use of the USAGI (Universal Playground for IPv6) kit, which contains an enhanced IPv6-enabled version of both the latest 2.6.x Linux kernel, and the most important networking software packages for Linux. USAGI is a project run by volunteers from various organisations, and aims to develop a production-quality IPv6 protocol stack and IPsec for Linux. Based in Japan, USAGI teams up with other such projects like the WIDE Project, the KAME Project and TAHI, to implement all absent or obsolete IPv6 support in Linux. You can download the latest release of the USAGI kit from here.

Apache and IPv6

The Apache HTTP server supports IPv6 on most platforms, allowing Apache to allocate IPv6 sockets and handle requests sent over IPv6. However, to allow the IPv6 socket to handle both IPv4 and IPv6 connections, you will need to tweak the configuration parameter and use generic Listen directives. To verify that Apache is working in dual-stack mode (supporting both IPv4 and IPv6), use the netstat command.

The writing is on the wall. With IPv4 addresses having been exhausted, the time, cost and complexity of operating a stable and growing Internet will rise significantly, unless IPv6 deployment is well under way. So hurry and make your organisation IPv6-ready, now!

Feature image courtesy: Cameron Adams. Reused under terms of CC-BY-ND 2.0 License.

LEAVE A REPLY

Please enter your comment!
Please enter your name here