What does World IPv6 Day mean to the JANET community?

World IPv6 Day was an excellent chance for JANET-connected sites to gain some additional experience with and confidence in IPv6. It seems that about 15 universities or colleges took part in some way, either by offering IPv6-capable web sites, or seeing much increased traffic due to their existing IPv6-enabled clients having much more external IPv6-capable content to use. Here at Southampton our external traffic is usually about 2% IPv6, but on World IPv6 Day it was around 15%. This was due to Google (and thus YouTube), Facebook, Yahoo, the BBC, CNN and many other sites offering content over IPv6, and our users being encouraged to try that content on the day. It was essentially a glimpse a year or so into the future.

One other benefit of World IPv6 Day for the JANET sites that took part is that while IPv6 is something that is usually initiated in a site by the networking team, many universities in particular now run their operations with teams devoted to particular functions. So the day was a good way for the non-networking teams to gain some exposure to IPv6, and what it means for their parts of their organisation's IT systems.

The event was successful enough that Google, Facebook and Microsoft have all left certain parts of their web content available via IPv6. It was a little disappointing the only UK-based big name participant on the Day was the BBC. While 16 of the UK Top 200 Alexa sites were dual-stacked, the rest were international/US oriented.

Are there any security issues associated with IPv6? Or does it improve security? Explain?

Yes, there certainly are, and of course it's important to be aware of them. There are also equivalent issues to IPv4. So for example if you have an intrusion detection system, the payload inspection for IPv4 and IPv6 http traffic will be pretty much the same, but the IDS may need to look at different IP header data, e.g. for Routing Header 0 in the IPv6 packet. One of the most common new issues is rogue IPv6 Router Advertisements. Routers multicast information to hosts on a subnet from which hosts can autoconfigure basic network settings, but of course a 'bad' host could do the same. It's thus important to consider having switches and WAPs snoop for RAs from non-router switch ports. This is new, but not that dissimilar to snooping DHCPv4 traffic to ensure lease and other configuration information is only sent from genuine server ports.

Hosts will also be multiaddressed, in a dual-stack network with at least an IPv4 address, an IPv6 link-local address and an IPv6 global address, so your monitoring equipment will need to cater for that, and not think it has separate devices present. In addition, IPv6 supports privacy addresses, by which hosts can generate and use additional 'random' addresses to initiate new connections from within their subnet. This adds complexity that you need to be able to handle. But it's possible to do so. I gave a brief talk on this subject at Networkshop 39.

Is the commercial world adopting IPv6 at the same pace as academia?

The biggest native IPv6 deployments are happening in academia, but that's still largely in the backbones, like JANET and the Regional Networks. Pushing IPv6 out to the universities and colleges is happening, but it's going slowly. Over 100 IPv6 prefix allocations have been made to JANET-connected sites, and we know at least 15 have IPv6 activated to some degree at some point. There are some UK ISPs offering IPv6, e.g. Andrews and Arnold, Entanet and Goscomb, but the large commodity ISPs aren't there yet, so home users need to use their own solutions if they want to try IPv6, a tunnel broker probably being the best bet, e.g. tunnelbroker.net.

Comcast are doing a lot in the US, but the biggest ISP in terms of IPv6 traffic from its customers is probably Free.fr in France, which shifts 10Gbit/s+ of IPv6 traffic, thanks to it providing IPv6 to its users by a transition mechanism called 6rd. While World IPv6 Day was a success, it mainly validated content provision, and the next challenge is access networks. Stats suggest only 0.3% of access networks have IPv6 in use; that obviously needs to improve, and may be the focus of the next World IPv6 event.

Are there many vendors supporting IPv6 within their networking equipment?

Yes, pretty much every current OS or router platform supports IPv6, be that Windows 7, MacOS X, Linux or the Android OS or iPhone iOS. And IPv6 is on by default on those devices. Cellular data isn't there yet, so while your iPhone can use IPv6 on an IPv6-enabled WLAN, it can't use IPv6 over its 3G link. It's fair to say that OS and router support for IPv6 is not the blocking factor in IPv6 deployment. ISPs may argue that more IPv6-capable commodity ADSL routers would help them, but it will take time for customers to refresh their CPE hardware unless the ISP provides it for them (as was the case for Free.fr).

What is the UK government doing to push IPv6 adoption?

The UK government's IPv6 position has generally been to let the market decide. There are no financial advantages or subsidies out there to encourage deployment of IPv6, and probably nor should there be. But the government could do more, e.g. perhaps to support an independent IPv6 centre of excellence, or to make stronger recommendations for public sector IPv6 procurement policies (even if services don't enable or use IPv6 yet). Many government networks have very long refresh cycles, so considering IPv6 now is important. At the moment it's operator communities like UKNOF (http://www.uknof.org.uk) where discussion of deployment happens.

What is the EC doing about IPv6 adoption?

The EC has issued many statements encouraging IPv6 deployment, which are of course very welcome. It has also funded many IPv6-related research projects over the past 10 or more years, most notably 6NET. But despite 6NET leading to IPv6 deployment in the NRENs and validating a lot of IPv6 technology between 2002 and 2005, we're still here now with adoption moving at a slow pace. I don't think that slow uptake is the fault of the Commission, nor should it need to offer financial incentives for deployment. The EC recently made its main IPv6 information site available via IPv6 in time for World IPv6 Day, see http://ec.europa.eu/information_society/policy/ipv6/index_en.htm.

What should organisations do in order to prepare themselves for IPv6 adoption?

The important step is to begin planning, which can include a number of activities. IPv6 training will be important, mainly for network operations staff, but also for many other areas, as IPv6 touches all aspects of systems and networks. By training staff, and conducting small-scale pilots, you will become more familiar with IPv6, and understand its impact across your organisation. This should help make the introduction of IPv6 more orderly and effective. Ensuring procurements include IPv6 capabilities is prudent, such that as equipment and software is refreshed, the capability to subsequently turn on IPv6 won't be hindered by missing IPv6 features. And getting some initial testbed and deployment experience is also useful, both to identify the issues in deployment, and to help inform the procurement processes. These issues are discussed in the JANET IPv6 Technical Guide.

Should organisations be thinking about full native deployment of IPv6 or dual stack?

Dual-stack is currently the preferred option, given there's a lot of investment and capabilities in the existing IPv4 infrastructure. If IPv6-only is to be used, the required IPv6-to-IPv4 translation tools, like NAT64 or IVI, are in their infancy and lacking large-scale testing. Dual-stack is what pretty much every academic site is doing at the moment. The only exception might be a greenfield campus, should one emerge, and JANET(UK) not be able to provide IPv4 address space.

At the current time there are probably three ways to consider introducing IPv6 into an existing IPv4 organisation. One would be to add IPv6 to a site's eduroam wireless network; the 802.1X protocol used in eduroam will support IPv6 quite happily. Another is to add IPv6 to public facing services (initially web, but perhaps later DNS and mail exchangers). The other 'low hanging fruit' would be deploying IPv6 to some or all of a site's Computer Science department, where research and teaching can make immediate use of it. Each of those scenarios would be a dual-stack deployment, though it may be that in some cases web servers stay IPv4-only but load balancer(s) in front of them are made dual-stack.

What help and support is available for those organisations who are thinking about rolling out IPv6 or dual stack?

The aforementioned IPv6 Technical Guide covers - as the name suggests - many technical areas of IPv6 deployment, while JANET(UK) also has a Management Briefing booklet aimed at more senior managers.  Training in IPv6 Fundamentals is available from JANET(UK).  Other resources include RIPE NCC's www.ipv6actnow.com site, and the IPv6 material at www.ipv6.ac.uk.  There's a rapidly growing number of subscribers to the JISCmail ipv6-users mail list, where many people already deployinbg IPv6 are subscribed and able to offer help.  Finally, JANET(UK) are (provisionally) running an IPv6 workshop in Loughborough in November or December focusing on hands-on 'war stories' and discussion - probably worth signing up to.