Wednesday, May 23, 2012

Preparing Your Enterprise for World IPv6 Launch


Things you should be doing even if you are not participating

Last year on June 8, 2011 we all experienced World IPv6 Day. This was a 24-hour test for web sites to use both an IPv4 and IPv6 addresses simultaneously for the same URL. One June 6, 2012 there will be World IPv6 Launch in which many organizations will enable IPv6 forever. Enterprises will need to prepare for World IPv6 Launch whether or not they are actively participating and enabling IPv6.
World IPv6 Day
Last year World IPv6 Day was organized by the Internet Society (ISOC) and several major content providers. IPv6 evangelists at GoogleFacebookYahoo!AkamaiLimelight Networks, and several other companies came up with the idea of conducting a 24-hour test of having their web sites have both an IPv4 DNS "A" record and an IPv6 DNS "AAAA" record simultaneously. The goal of this event was to test the end-user experience and help identify any problems their users might encounter if they were to fully deploy IPv6 someday. Hundreds of other organizations joined in, and in the end, it was determined that the amount of "IPv6 Brokenness" was less than previously measured. Fewer problems were encountered than anticipated and it showed that IPv6 was ready for broader deployment.

World IPv6 Launch
The Internet Society (ISOC) announced plans for World IPv6 Launch on January 17, 2012. This is an event that is a continuation of the World IPv6 Day concept but the plan is to make the transition to IPv6 permanent on June 6, 2012. This World IPv6 Launch event is similar to World IPv6 Day in that organizations will make their web sites dual-protocol enabled. However, it also includes service providers who are deploying dual-protocol Internet connectivity to their customers and equipment manufacturers who make IPv6-capable network equipment. At this year's North American IPv6 Summit event there was a presentation by a panel of experts on World IPv6 Launch.
Internet Service Providers (ISPs) have been cautious in joining the World IPv6 Launch movement because there are some significant requirements for them to participate. These requirements include: "ISPs participating in World IPv6 Launch will enable IPv6 for enough users so that at least 1% of their wireline residential subscribers who visit participating websites will do so using IPv6 by 6 June 2012." This may be a significant stretch for many service providers who have not aggressively adopted IPv6. Lee Howard, Time Warner Cable, gave a compelling presentation at the North American IPv6 Summitdescribing the challenges broadband providers face to provide even just 1% IPv6 capability by June 6. However, Time Warner CableComcastAT&TFree TelecomInternodeKDDI, and XS4ALL have all committed to join this initiative. There are also fully dual-protocol ISPs like Hurricane Electric which are participating in World IPv6 Launch because every day is IPv6 day at HE.
There are also network equipment manufacturers that are joining World IPv6 Launch. These companies are committed to make products for home broadband Internet routers operate with IPv4 and IPv6 simultaneously by default. So far, Cisco and D-Link have pledged their support and hopefully other network equipment manufacturers join the launch.
There are also requirements for content providers to participate in World IPv6 Launch. Again, the major content providers like FacebookGoogleMicrosoft BingYahoo!, and content delivery networks (CDNs) Akamai and Limelight Networks have also joined up. These companies represent the topAlexa worldwide sites so when these organizations IPv6-enable their content this should dramatically increase the amount of IPv6 traffic on the Internet.
Having the cooperation of content providers, service providers, equipment organizations, and enterprises is the best way to help move IPv6 adoption forward. Any one of these organizations could not drive this movement on their own. It takes a worldwide collaborative effort to help the Internet evolve.
How to Prepare to Participate?
Even enterprise organizations can participate in World IPv6 Launch. To participate as a web site operator you simply have to go to the World IPv6 Launch page and pledge your support and participation in the event. If your organization is planning on participating, there are many things that you will need to do to get ready. One good resource for your planning effort is a presentation by Shannon McFarland, Principal Engineer, Corporate Consulting Engineering Group Office of the CTO, Cisco given on the topic of "Enterprise Internet Edge Design for IPv6".
If your enterprise organization is participating then following are the things you will need to do to perform an Internet-edge IPv6 deployment.
Are all your Internet perimeter network devices, servers and security systems fully dual-protocol capable?
Are your authoritative DNS servers capable of having an AAAA or PTR and do they work with DNSSEC?
Have you tested your upstream ISP links and do you get the same performance with IPv4 and IPv6?
Are your server load balancers and application delivery controllers IPv6 capable?
Do you have firewalls configured with IPv6-specific policies?
Are your e-mail servers and spam filters IPv6 capable?
Have you performed a little one-hour mini-test during an off hours time?
Is your staff trained on IPv6 and how to troubleshoot IPv6 communications?
Are you familiar with the concept of "Happy Eyeballs" and how it works?
Do you have any web applications that will need to be modified for IPv6?
Last year's World IPv6 Day was only a 24 hour test so that may not have been enough time to uncover all the potential issues. This year the participants will turn on IPv6 and leave it on so there may be problems discovered several days after June 6th. There is also concern about attackers targeting IPv6-enabled servers because they know that IPv6 traffic path may not be as fortified as the IPv4 network. That is why you will need to check to make sure you have similar protections for IPv6 services as for IPv4. If you do not have equivalent IPv6 security controls then you may want to consider not enabling IPv6 to prevent exposing your organizations to unsecured vulnerabilities.
Prepare Even If You Are Not Participating
If your enterprise organization is not participating in World IPv6 Launch you will still need to be prepared. On June 6th there will be major Internet sites and service providers using IPv6 and your users on dual-protocol operating system computers may be trying to reach sites over IPv6 where they previously used IPv4. There could be systems outside of your control starting to use IPv6 and you should be well versed in how to troubleshoot dual-protocol connections.
Are you prepared to troubleshoot problems your local users may experience?
Do you know if any of your internal users are using 6-in-4 tunnels like 6to4 or Teredo?
Are you ready to troubleshoot problems your remote workers may experience?
Do you have visibility to IPv6 traffic crossing your organization using tunnels?
Are any of your remote workers using an ISP that is participating in World IPv6 Launch?
Are any remote workers international and may have IPv6 service on June 6th?
Are any of your business partners participating in World IPv6 Launch?
Are your external name servers ready to receive DNS AAAA responses?
Are your internal caching name servers ready to receive DNS AAAA responses?
Conclusions
We are anxiously awaiting June 6 and excited to discover how this event will increase adoption of IPv6 on a permanent basis. This will be the single most significant day in the evolution of IPv6. Without a "Flag Day", IPv6 may not have experienced the same rate of adoption otherwise. Many content providers, service providers, network device manufacturers, and enterprises are putting in tremendous amounts of effort to participate in World IPv6 Launch. If you are with an organization that is participating then you know what a significant event this is. However, even if your organization is not participating you should still be aware of this event and be able to troubleshoot IPv6 Internet connections as the rest of the world migrates to IPv6 in advance of your company.
Scott

No comments: