As everyone already knows, on February 3, 2011, IANA reported that it was running out of its last available IPv4 addresses, and therefore the beginning of the end of IPv4 was beginning. What does it really mean?
Since that date, the answer is very simple: the RIRs (Regional Internet Registries) were unable to replenish their “reservations” of IPv4 addresses that they assigned to service providers and companies.
10 years have passed, and it seems clear that the Asian area will be the first to run out of IPv4 addresses, and then it will be in Europe where RIPE will exhaust its reserves. While North America is the one with the largest number of addresses. The proverb already says it: “whoever part and distributes gets the best part”.
What will happen then?
Well, ISPs and organizations that need new public addresses must use IPv6, or buy public IPv4 addresses in other areas or from other companies, thus beginning another decisive phase towards IPv6. Almost 10 years ago, Microsoft made headlines in this regard by purchasing 666,000 public IPv4 addresses from the defunct Nortel for a value of 5.3 million euros. Neither dollar, nor euro, nor gold, the new monetary standard should be IPv4!
The last milestone will be when it is difficult or excessively expensive to have new IPv4 addresses. It is also very likely that new services or applications based exclusively on IPv6 will dominate, which will undoubtedly accelerate the process of transition to IPv6.
Is anything being done about the IPv4 address shortage?
Yes, the first step that some ISPs have taken, in addition to requesting IPv6 address blocks, just in case, has been to preserve and save public IPv4 addresses in their own infrastructures. This decision is a tactical one. It is not a long-term strategy since the existing IPv4 addresses will definitely be exhausted. It is a matter of time and how the market evolves.
For some owners, monetizing IPv4 addresses is another solution. There are many platforms for that, but the most interesting one is probably the IPXO which will be launched in the next 1-2 months. It is a modern, transparent platform for IP monetization and IP lease. Both owners and tenants will find it easy on this new platform. The platform works on three important points; filter subnets by RIR or CIDR, automated LOAs & ROAs, and reassign to any network.
On the other hand, the different proposals to massively use the private IPv4 address space to provide public services, from my point of view, do not prevent migration to IPv6. First, it is still a contradiction: offer public services with private addresses? Second, it does not scale indefinitely and poses serious problems when moving private addresses to public addresses on NAT devices.
It seems at first that we still have a lot of time, and therefore the best thing would be to sit and wait to see how events unfold. But doing nothing is the worst possible strategy. In some business schools, this way of acting is called “the ostrich technique” or the “groundhog strategy”. In the first case, the predator always ends up eating you, while in the second, the groundhog always stays “out of the game”. The smartest thing to do is to analyze, study and understand what the foreseeable phases will be during the forced transition from IPv4 to IPv6 and make decisions based on two parameters: the evolution of the IPv6 environment itself (standards, technologies, market) and the needs of our communications infrastructures and information systems.
What are the transition phases to IPv6?
We can clearly define four stages in this regard:
In the first stage, to introduce IPv6 in current information and communication systems, it is necessary to meet the following requirements:
Support of the two protocols in the equipment (“dual stack”)
Use of both addressing schemes (IPv4 and IPv6)
Full access to both legacy IPv4 applications and new applications using only IPv6.
In order not to fall into known errors, to ensure that all stages are developed in the best possible way, and to make only the appropriate investments, it is necessary to have an IPv6 development plan designed within the ICT infrastructure of each company. It will affect the two classic areas, LAN (switches, servers, hosts, applications, etc …) and WAN (routers, firewalls, accesses, service providers, VPNs, security elements, etc …).
All this means that it is necessary to review all the elements that make up my current Information and Communications Systems, which are affected by the introduction of IPv6. For this process to come to fruition, it will be essential that ALL the people involved in these departments have good training on IPv6. In general, the current knowledge that we have about IPv6, we cannot compare it at all with what we have accumulated throughout all the years of existence of the current Internet.
The Internet has been built from scratch, and the IPv6 Internet has to assume everything that exists in the current IPv4, which radically complicates decision-making. At this point, having good training will have the most impact, which allows us to do what must be done at all times and not make decisions based on trends, third-party criteria, interested advice, or simply do nothing. Without a doubt, the most complex stage of all is that of the coexistence of both protocols. Therefore, we must try to minimize the problems that can occur throughout this phase.
For this, we will clearly define which technologies and functions are strictly necessary during it. Relevant aspects such as:
Duration of coexistence
Support for both protocol
Transition of services and applications to support IPv6
Selection of technologies to use during the transition
The issue of security is a critical aspect since we can find ourselves with serious insecurity problems just by introducing the IPv6 protocol and its coexistence mechanisms in IPv4 infrastructures. I leave the kind reader to reflect on the innumerable problems that can appear, and for this, I ask some questions:
How will my security teams, firewalls, IDS, etc … behave?
How does the use of IPv6 tunnels over IPv4 affect current security?
Will we be more vulnerable to internal attacks?
Is it possible to design more effective and less detectable phishing and pharming attacks?
How secure are the new ICMPv6-based protocols?
Will the new ICMPv6 protocol affect IPv4 security?
Hopefully, this article has inspired you!