IPv4 Address Exhaustion and the Workaround Options (IPv6)

Internet evolution and the need for IPv6: This section focuses on the existing solutions that extend the life of the Internet and the advantages that IPv6 provides over other solutions. This section also outlines the IPv6 market drivers and the frequently asked questions/concerns about IPv6.

IPv6 in the IETF: As IPv6 goes mainstream, it is important for the standards bodies like IETF to standardize on these capabilities, which can be adopted across all network and computing devices.

Enterprise IPv6 deployment status: While many enterprises are looking to enable IPv6 or establish plans for the deployment of IPv6, some of the enterprise verticals such as Retail, Manufacturing, Web 2.0 and Enterprise IT organizations are leading the adoption both by enabling network and computing devices to support IPv6 and also enabling their business applications over IPv6.

The Internet has evolved from an internal distributed computing system used by the U.S. Department of Defense to a medium that enables enterprise business to be innovative and more productive in providing goods and services to its global customers. The Internet Protocol Suite (TCP/IP) is the underlying technology used to enable this communication.

Although the Internet has no centralized governance, it does have overarching organizations that help implement and maintain policy and operation of key Internet elements such as the IP address space and the Domain Name System (DNS). These critical elements are maintained and managed by the Internet Corporation for Assigned Names and Numbers (ICANN), which operates the Internet Assigned Numbers Authority (IANA). ICANN/IANA assigns unique identifiers for use on the Internet, which include domain names, Internet Protocol (IP) addresses, and application port numbers.

More information can be found at

■ ICANN: http://www.icann.org

■ IANA: http://www.iana.org

The Internet Engineering Task Force (IETF) www.ietf.org), a nonprofit organization, standardizes the core protocols based on the technical expertise of loosely affiliated international participants. These protocols are used in all products that provide network connectivity, and individual product manufacturers provide a user interface to configure and use these protocols.

The IETF evaluated the growth of the Internet protocol with emphasis on addressing. The organization evaluated the following:

■ Address space exhaustion: The IETF, along with industry participation from the IANA, the Regional Internet Registry (RIR), and the private sector, predict the exhaustion of the public IPv4 address pool by 2011.

■ Expanding routing tables: The practice of classifying and allocating IP addresses based on classes has lead to an alarming expansion of the routing tables in the Internet backbone routers.

The next sections describe in more detail some of the issues surrounding IPv4 address exhaustion and options developed as temporary workarounds. You then learn how this lead the IETF to develop IPv6.

Without sufficient global IPv4 address space, hosts are forced to work with mechanisms that provide the capability for an internal (private) IP address space to be translated to a smaller or single externally routable IP address space. Network Address Translation (NAT) enables multiple devices to use local private addresses (RFC 1918) within an enterprise while sharing one or more global IPv4 addresses for external communications. Although NAT has to some extent delayed the exhaustion of IPv4 address space for the short term, it complicates general application bidirectional communication. These workarounds have resulted in the following:

■ Establishing gateways, firewalls, and applications that require specialized code to deal with the presence of NAT/PATs (for example, NAT transparency using UDP)

■ Mapping of standard ports to nonstandard ports (port forwarding) Establishment and use of NAT workaround code (STUN, TURN, ICE, and so on)

■ Nested NAT/PAT addresses

■ Complexity of the supporting infrastructure, applications, and security

■ Complexity of installing and managing multiple address pools

■ More time, energy, and money spent coding and managing the workaround

■ Inability to easily identify all connected devices on an organization’s network

Note Sensors, even inline, might not be completely successful at dropping packets of an attack. An attack could be on its way, if only partially, before even an inline sensor starts dropping packets matching a composite pattern signature. The drop action is much more effective for atomic signatures because the sensor makes a single packet match.

Note It took 40 years for radio to achieve an audience of 50 million; it took 15 years for TV and just 5 years for the Internet!

IPv6 is designed to replace IPv4. It enables an unimaginably large number of addresses and brings with it easier network management, end-to-end transparency, and the opportunity for improved security and mobility, as discussed in the following section.

Next post:

Previous post: