Pitfalls In The Use Of IPv6

Posted on October 29, 2013 by Nikhil P Naik

With every passing day, the topic of IPv6 continues to gain explosiveness. Although many companies have not yet converted their network infrastructure to the expanded address space, the knowledge about is already widely used: hardware and software must be thoroughly tested, employees must be trained and policies that affect the network must be re-installed or adjusted.

ipv6

Assuming that you already have some basic knowledge about IPv6 [Read here] , we will directly leap to the “Pitfalls in the use of IPv6 and the methods to avoid them”. Here are some of them:

1 – Use IP Address Management Tools

IPv6 is a bonus for those looking for distributed and managed IP addresses. But certainly making transition [from IPv4] is never going to be easy. The change from 32-bit IPV4 to 128-bit IPv6 addresses makes it necessary for companies to consider factors like how will they allocate IP addresses from now on. With IPv4 addresses that was easy and could be done manually by using tables. For IPv6 it does not work anymore, so the sheer length is forcing companies to use IP address management (IPAM) tool that are automated and compatible with IPv6.


2 – Check DNS architecture

Once IPv6 is used on the internal network, companies need to consider whether the rest of the IP management infrastructure is ready for the changeover. For example DHCP (Dynamic Host Configuration Protocol) is used for address allocation, it is necessary that the DHCP server is IPv6 compatible. According to Infoblox, DHCP is only one part of what an IPv6 endpoint needs.

In addition, support DNS domain, DNS server addresses, addresses of network time servers and many other elements must be compatible with IPv6. This needs to ensure that a modern DNS infrastructure has been implemented and also the the compatibility between DNS and DHCP systems are tested.


3 – Rethink policies for security and maintenance

Also, the guidelines for safety and maintenance must be adjusted when switching to IPv6. The problem is:  The weaknesses of IPv4 are well known and can be controlled, but there is still no past experience as far as IPv6 is concerned. Therefore one must consider the possible threats that it can bring into the new system, hence it has to be consistently analyzed. Companies should remember to revise their security arrangements in the transition to IPv6.


4 – Check inventory of network infrastructure

A transition to IPv6 can only work if a company has a complete insight about it’s network and its components. Therefore, network infrastructure and traffic routing should be thoroughly investigated. For example, each sub-network should be checked to see if the connection to the backbone also works under the new protocol.


5 – Check compatibility of applications

Companies should be wary of assumptions that applications may run automatically on an IPv6-based network – they also need to be tested before converting. With IPv6, 4 Layers of TCP protocols are used, which may well have an impact on some applications.


6 – Update backend tools

To manage an IPv6 network and identify and solve problems, companies will need to evaluate whether their existing tools would be suitable. If necessary, entirely new solutions needs to be purchased here. This applies both to the operation as well as for maintenance.

IPv6 addresses has already turned out to be problematic for some databases that cannot save such addresses. Even using an analyzer and other monitoring solutions might not prove to be a success as some of them are often not IPv6 compatible.


7 – Keep an eye on network performance

The changes caused by IPv6 can adversely affect the performance of a network. The topmost part i.e. the header itself consists of 40 bytes, twice as large as in IPv4. Therefore, applications that need small packet sizes can provide significant performance impact.

Although most system suppliers would have a strategy for IPv6 deployment, this is not necessarily true for the performance of systems running the IPv6 protocol. For a comprehensive internal conversion, the hardware of the network infrastructure will need to be improved to a great extent, to remain efficient enough.


8 – Warning: develop new spam filter!

Spam Blocker today rely mostly on DNSBLs [DNS-based Blackhole List]. But these are worthless in the transition to IPv6 as for IPv4 hosts have only a few hundred addresses, hence individual addresses can be simply listed and blocked. For IPv6 Hackers can assign thousands of addresses to a server, and select a new address for each new spam message.

To list all the IPv6 scopes in DNSBL is not the ideal solution is made for IPv4, because this would allow cache and DNS servers to collapse due to their size.

Also cache would prefer new DNS as compared to the older ones so that the large number of DNSBL data would push all other DNS information from the cache. Often, the same cache is also used as for all other DNS queries for DNSBL so that DNS servers get back the deleted answers.  Hence releasing of new spam filters is the need of the hour.

IPv6 is relatively new. It’s hardly been about a year and a half since it’s release. So, one shouldn’t really be surprised if many more pitfalls and glitches pop up in the near future. The global use of IPv6 has more than doubled since it’s launch but with security issues becoming noticeable at regular intervals, it will take some more time before many organisations in the corporate world would look to incorporate IPv6 into their scheme of things. Well, anyway it is just a matter of time. All that we can do is to wait and watch what follows.

With additional inputs from Infoblox

About Nikhil P Naik

Nikhil Naik has finished his graduation in the field of IT and is currently mastering at the University of South Florida. He also loves watching cricket, listening to music and travelling. Twitter Handle - @buzz_nikhil.

Leave a Comment

*