With World IPv6 Day upon us, I thought I’d take a moment to expound on the IPv6 transition so far, and what we are likely to see in the near future.
IPv6 is like a dead animal lying on the road: a group of kids has gathered around it, sticks in hand negotiating who gets to poke it first. ISP and carriers are waiting for customers to demand it and all of their vendors to support it. You have hardware and software vendors waiting until IPv6 becomes more important to customers than the features their customers are willing to pay extra for. Then you have your other businesses that have to weigh IPv6 activities against anything else on the plate of their IT departments. Given the current security/breach climate, it is no surprise to me that IPv6 is not making huge strides.
Finally you have the end user. Without a killer app, there is very little motivation for end users to demand IPv6. Grandma wants pics of the grandkids, what protocol those images arrive over makes no difference to her. At the moment the hassle of converting just doesn’t seem worth it for most users.
I myself have gone through the process of converting. I updated my personal website, e-mail setup a tunnel to my home network, and even got myself certified at ipv6.he.net. After all was said and done, the only thing I had to show for it was my new-found ability to go to ipv6.google.com, or pass the various IPv6 tests. The cool factor of this lasted for 10 minutes. By the time it turned off, I found myself wondering why I wanted to maintain 2 sets of firewall rules plus RA and DHCP (not all of my devices at home support IPv6) and deal with the extra troubleshooting and maintenance. Having been through the exercise, I knew what devices I need to replace, services that need to be updated and had a much better idea about how to keep things secure. When the time comes, it should be easier the second time around.
When I first heard about World IPv6 Day, I was hoping it would be a turning-point where the participants would start to support IPv6 going forward. Since that point, it has evolved into a day for participants to test the waters. Any disappointment aside I think this is for the best. To paraphrase the German war strategist Helmuth von Moltke, “No battle plan survives contact with the enemy”. The World IPv6 day has become a “safe” way for organizations to try out their IPv6 strategies, retreat so they can reflect, and re-assess and re-calibrate their ongoing plan. Many of the participants will also be looking at traffic numbers from their IPv6 day experience to gauge interest. Ideally, this day will not leave too many casualties on the field.
Carolyn Duffy Marsan has proposed that hackers may try to disrupt World IPv6 Day. I have to agree. It would be naive to expect that only goodhearted IPv6 groupies will be scanning the IPv6 world on this day. However I have to disagree that this disruption will mostly take the form of DDoS. This is a perfect opportunity for the underground community to take a stab at networks that are in many cases exploratory in nature, and in some downright cobbled into production. I expect to see more targeted attacks looking for back-rev software or incomplete network and security configurations etc. The holy grail would be a foothold into your existing, well-protected IPv4 network through some well known weaknesses in back-rev software that may be required to get all your IPv6 components talking correctly, or an ignored service running unprotected.
Be careful out there.
Leave a reply