[ISN] IPv6 fears seen unfounded

From: InfoSec News (isn@private)
Date: Tue Dec 16 2003 - 03:36:18 PST

  • Next message: InfoSec News: "RE: [ISN] InfoSec 2003: 'Zero-day' attacks seen as growing threat"

    http://www.nwfusion.com/news/2003/1215ipv6.html
    
    By Carolyn Duffy Marsan
    Network World
    12/15/03
    
    ARLINGTON, VA. - Early adopters of IPv6 say deployment of this upgrade
    to the Internet's main communications protocol is significantly easier
    than expected and costs less than anticipated.
    
    These findings run counter to longstanding conventional wisdom from
    the Internet engineering community, which for years has warned ISPs
    and corporate network managers about the need to prepare for a
    time-consuming and expensive upgrade to IPv6.
    
    The U.S. Department of Defense and several universities reported
    positive feedback about their IPv6 deployments at the U.S. IPv6 Summit
    2003, held last week in Arlington, Va.
    
    The Internet Engineering Task Force (IETF) has worked on IPv6 since
    1992. While the transition to IPv6 has taken longer than advocates
    expected, that pace appears to have generated an unintended benefit:  
    Now that users want to deploy IPv6, it's already bundled in the
    hardware and software they need to buy in the course of normal
    infrastructure upgrades.
    
    "IPv6 is less complex than we thought, and it doesn't take as many
    resources as we thought,'' says Jim Bound, chairman of the North
    American IPv6 Task Force and an HP fellow. Bound has been involved in
    IPv6 development and transition issues for nearly a decade.
    
    IPv6 promises easier administration, tighter security, greater
    mobility and an enhanced addressing scheme over IPv4, the Internet's
    current protocol. IPv6 uses a 128-bit addressing scheme and can
    support a virtually limitless number of uniquely identified systems on
    the Internet. In contrast, IPv4 supports only a few billion systems
    because it uses a 32-bit addressing scheme.
    
    The North American IPv6 Task Force joined the military and university
    communities in building the largest-ever network based on IPv6. Dubbed
    Moonv6, this network connects more than 80 servers, switches and nodes
    in eight states. Moonv6 was completed in October and is running IPv6
    and IPv4.
    
    "We were all shocked'' at how simple it was to deploy Moonv6, Bound
    says. "It went way easier than we thought. But the trick is you have
    to plan, plan, plan.''
    
    More significant for corporate network managers is the idea that IPv6
    will require few additional costs beyond regular network upgrades.  
    That's what NTT subsidiary Verio discovered as it developed the first
    commercial IPv6 service in the U.S., which it announced last week at
    the summit.
    
    "There wasn't a lot of cost to deploy our IPv6 service,'' says Cody
    Christman, director of product engineering for Verio. "IPv6 has been
    on our road map since 1997. We've always kept it in mind when we were
    upgrading our switches and routers.''
    
    Verio has priced its new IPv6 offerings at the same rates as its IPv4
    services. The company now offers commercial IPv6 service at every
    location in the U.S. where it offers Internet access.
    
    "It's kind of a myth that when people deploy IPv6 it's going to
    require an enormous capital expenditure,'' Christman says. "It
    definitely wasn't the case at Verio.''
    
    The IETF finalized the main IPv6 specifications in 1998. However, IPv6
    has taken the intervening years to gain momentum among network vendors
    and ISPs.
    
    IPv6 deployment is easier and costs less than anticipated because the
    protocol now ships with many networking products. All the major router
    manufacturers - including Cisco, Juniper, Foundry Networks and Extreme
    Networks - support IPv6. Microsoft supports IPv6 in Windows XP, and
    IPv6 comes bundled with the most popular versions of Unix and Linux.  
    Key public domain software packages such as the Mozilla Web browser,
    Apache Web server and Sendmail e-mail software also support IPv6.
    
    "All the network infrastructure components are IPv6 enabled,'' Bound
    says. "What we're still missing are software applications. We need the
    major business applications such as Oracle, PeopleSoft and SAP to
    support IPv6.'' These applications are coming, as evidenced by Oracle
    executives unveiling their IPv6 road map at the IPv6 Summit last week.
    
    Industry observers now expect corporations to upgrade to IPv6
    gradually as individual departments need newer software and hardware.  
    IPv6 and IPv4 will coexist for many years because most companies
    replace desktops, servers and network gear every few years.
    
    "IPv6 deployment will be interesting because it will not happen
    overnight,'' says Ben Schultz, managing engineer at the University of
    New Hampshire's Interoperability Lab in Durham. "Instead, there are
    going to be small experimental pockets within companies. . . . There's
    always going to be some legacy router that's a pain to upgrade and
    you'll have to tunnel around it.''
    
    Early adopters say that because IPv6 comes bundled with network
    hardware and software, deployment costs are low. Verio found its IPv6
    deployment costs to be negligible because the protocol comes built in
    with the latest router software. Verio uses routers from Cisco and
    Juniper.
    
    "It does have to be tested like any [Juniper or Cisco software]
    rollout," Christman says. "We also modified our provisioning and
    automated network monitoring tools. But the costs are not significant
    from an ISP standpoint.''
    
    That's why Verio is not charging a premium for its IPv6 service.  
    Corporate network managers can purchase an IPv6 fractional DS-3 line
    for the same cost as an IPv4 fractional DS-3, he says.
    
    Easy to deploy
    
    Early adopters of IPv6 also are finding that the protocol is easier to
    deploy than expected.
    
    The high-speed Abilene network, which links 200 U.S. universities, has
    enabled IPv6 on half of its network connectors. About 40 universities
    use the new protocol.
    
    "You have to have routers capable of doing IPv6,'' says Rick
    Summerhill, associate director of backbone network infrastructure for
    the Internet2 consortium, which operates Abilene. "All we did was take
    our backbone and add IPv6 to our 11 [Juniper] routers. . . . It was
    easy.''
    
    Summerhill predicts most universities that use Abilene will upgrade to
    IPv6 within three years. He says the upgrade to IPv6 will not be that
    expensive because it will happen as part of a "natural evolution'' of
    university networks.
    
    "Putting IPv6 on a network backbone is relatively simple. Even
    regional-type networks are relatively easy,'' Summerhill says. "Closer
    to the [network] edges, the routing infrastructures may not be
    IPv6-capable. That may be a little harder. So people will evolve to it
    over three or four years.''
    
    The positive feedback from early adopters of IPv6 is good news for the
    Defense Department, which has committed to a complete migration to
    IPv6 by 2008. The Defense Department's CIO John Stenbit has mandated
    that all IT purchases after Oct. 1, 2003 be IPv6-capable.
    
    The Defense Department supports Moonv6, which links the University of
    New Hampshire's Interoperability Laboratory with military sites in
    Arizona, California, Illinois, Maryland, New Jersey, South Carolina
    and Virginia. Twenty-six network vendors have tested their hardware
    and software for IPv6 compliance and interoperability on the Moonv6
    backbone.
    
    Maj. Roswell Dixon, who oversees IPv6 testing for the Joint
    Interoperability Test Command at Ft. Huachuca in Arizona, says about
    90% of the interoperability testing on Moonv6 has been successful.
    
    Some of the IETF's IPv6 specifications "left a little room for
    interpretation,'' Dixon says. "We need better defined [specifications]
    but these are little glitches that can be fixed. We see no
    showstoppers with IPv6.''
    
    Dixon says the military is migrating to IPv6 because of the mobility
    and security benefits that it offers. "We need IPv6 for
    network-centric warfare,'' he says.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Tue Dec 16 2003 - 06:09:26 PST