The common practice for monitoring the Internet Protocol version 6 (IPv6) network traffic has been to pretend it doesn’t exist by simply ignoring it or disabling it across corporate networks. But with the growth of both IoT and hyperscale data centers, the demand for IPv6 visibility is real, and an increasing portion of the Internet-connected population is requiring IPv6 connectivity.
With the increasing number of Internet-connected devices like cars, drones, and devices, the previous Internet Protocol, IPv4, addresses have been exhausted, said Nick Kephart, senior director of product management at ThousandEyes. IPv4 uses 32-bit addresses, which limits the address space to under 4.3 billion addresses, he said.
To solve this exhaustion issue, IPv6 was created back in 1998. IPv6 uses a 128-bit address, and it is designed to work well with today’s connected devices, the network’s architecture, and its traffic patterns, according to Nadir Izrael, cofounder and CTO of Armis, an agentless IoT security solution. Izrael added that IPv6 allows exponentially more devices to be connected to the Internet, which enables the growth of personal connected devices and IoT.
In order to support this growth of IoT devices, and connected devices in general, IPv6 must be utilized. Without this visibility, a growing part of the network becomes a “black hole,” said Izrael, and this become a big concern for security.
“Without visibility into the devices connecting to a network, they neither have control nor the ability to protect their network,” said Izrael. “Many devices today support both IPv6 and IPv4 out of the box – this includes network equipment and edge devices. Without IPv6 visibility an entire network segment becomes invisible – this may attract attackers, as it is an easy to use attack vector.”
Why websites should adopt IPv6
IPv6 adoption is being driven by two factors, according to ThousandEyes’ Kephart. The first is a shortage of IPv4 addresses due to the explosion of IoT devices, and the second factor is the “complexity of managing Network Address Translation (NAT) which can translate IPv4 addresses into IPv6 addresses and back for travel across networks,” said Kephart.
Also, IPv6 is a necessary deployment for organizations as their networks scale, according to Armis’ Izrael. However, for companies that lack IPv6 visibility, this new implementation creates a “huge and growing blind spot,” he said.
“As IPv6 is not well understood, and any devices that have serious vulnerabilities in their implementations can put the entire network at risk,” said Izrael.
Despite the obvious benefits of IPv6 adoption, there is a delay in deploying IPv6. According to Kephart, this stems from the fact that the Internet Engineering Task Force (IETF) decided that the IPv6 protocol wouldn’t be backward compatible with IPv4. As a result, workarounds like NAT are needed to allow legacy IPv4 hardware and newer IPv6 hardware to talk to each other, he said.
In addition, the inefficiencies of NAT become overwhelming, said Kephart, and for network operators moving to sophisticated software defined models, hosting ephemeral services and managing end devices at scale, IPv6 is just the preferable model.
“That is why we are seeing organizations such as Facebook, Comcast and T-Mobile leading the IPv6 charge and others, such as Google, Microsoft, Amazon and Apple, helping to advance the transition,” said Kephart.
These big tech companies are not the only ones driving IPv6 adoption. ThousandEyes’ own solutions extend network intelligence capabilities to include IPv6 devices. The company’s recently announced Cloud Agent supports IPv6 tests, and it’s provided on six continents offering global coverage for organizations. It also supports the use of dual-stack IPv4 and IPv6 Enterprise Agents.
According to Kephart, Enterprise Agents can have both addresses assigned and it will excuse tests biased on a user-defined preference for only IPv4 and IPv6 or a preference for IPv6, he said.
“ThousandEyes’ support for IPv6 delivers visibility and insights into both IPv6 and dual-stack networks, enabling organizations to troubleshoot and analyze performance issues in the transit path that impact application and service delivery,” said Kephart. “By simulating end user and network behavior from major metro areas around the globe and gaining insights about performance to applications, organizations can deliver a superior digital experience and ensure a smoother transition to IPv6 over time.”