Get Ready to Kiss IPv4 Goodbye: Q&A With ICSA Labs' Guy Snyder, Part 2
Oct 28, 2010 5:00 AM PT
Part One of this series discussed the push toward IPv6.
The drive to IPv6, the newer Internet communications protocol, appears to be driven by major networking vendors. Their contention is that we're running out of IPv4 network addresses.
They've got the Obama administration behind them, and the White House is pushing to have all federal departments and agencies enable the use of native IPv6 by the end of 2012 as part of an overall move toward this newer Internet communications protocol. However, the feds will continue running both IPv4 and IPv6 simultaneously into the foreseeable future to ensure interoperability.
The push to IPv6 echoes what happened 14 years ago, when the IEEE claimed that we were running out of IPv4 address space and urged everyone to move to IPv6, only to be met by a deafening silence.
What has changed now? Are we really running out of IPv4 addresses at last? If we are, how come it's happening 14 years after the IEEE first broached the topic? Can we believe the latest claims?
TechNewsWorld spoke with Guy Snyder, the secure communications program manager at ICSA Labs, one of three organizations certified to administer the U.S. government's USGv6 Testing Program, which certifies that products are in compliance with IPv6. ICSA Labs is an independent division of Verizon Business.
TechNewsWorld: What happened? How come we took so long to run out of IPv4 addresses? Did the naming conventions change to give us some breathing space? Was the IEEE wrong in its predictions?
Guy Snyder: To use up IPv4 addresses, you also have to have business expansion, and we've had a slow economy the past couple of years. Businesses are still expanding, and we do see the addresses being used up.
TNW: Would you have any figures on how many IPv4 addresses are being used up?
Snyder: Today the number shows 234 days remaining, and it shows 181 million IPv4 addresses remaining, and it's going down constantly. It shows 5 percent of those addresses are left.
TNW: How can we be confident that this isn't another one of those fear-mongering campaigns? Yes, the federal CIO has thrown his weight behind this move to IPv6; yes, the federal government has mandated that its agencies and departments move to IPv6 -- but we all know that a lot of decisions are made in Washington because of lobbyists' pressure. How can we be sure this isn't more of the same?
Snyder: The real people that monitor this and actually hand out the addresses is the organization called IANA [Internet Assigned Numbers Authority]. They are the ones that control all the addresses, so they are the ones that are basically preaching the same thing that I'm telling you.
TNW: One of the problems that came up when it was originally proposed that the world switch to IPv6 was that all routers were IPv4 at the time and couldn't run IPv6. We'd need to replace all those routers with IPv6 routers. What has changed? Has that problem been resolved, and how?
Snyder: The U.S. government went through the mandate in 2008, and all the backbone was tested. The only mandate was that IPv6 be implemented in the backbone routers, and they be tested to ensure they could run IPv6, but they weren't mandated to keep IPv6 up and running. They could have kept it up and running, or brought it up, tested, and turned it off, but either way it has been tested, at a minimum, on all the government routers. That provides some security that all those backbone routers can run IPv6.
TNW: [Federal CIO Vivek] Kundra's memo states that, to maintain interoperability, agencies will also continue to run IPv4 into the foreseeable future. Why?
Snyder: It could be 10 years, it could be 15 years out. We've been running this for so long that you could have apps that are going to take a long time, and we're communicating with so many different people that the government communicates with using different applications.
It's just so complex a network that it will take years and years for that to change entirely to IPv6.
TNW: In that case, aren't we wasting time and money upgrading to IPv6, which promises greater security?
Snyder: Not necessarily. It promises greater security, and they can implement greater security either from a gateway-to-gateway perspective or host-to-host perspective.
TNW: Doesn't IPv4 also let you implement gateway-to-gateway or host-to-host security?
Snyder: It does. The problem was that when IPv4 came out, security was an afterthought. Security measures didn't come out until some years later and, because of that, many people didn't go back and implement it.
Since security has been baked in from the beginning in IPv6, this is the chance to say we're going to put in IPv6 and we're going to put in security at the same time.
It's nothing new; they could have done it already, but now is the chance to do both at the same time.
TNW: What about the rest of the world? The Internet backbone routers will need to be switched out to IPv6 routers, yes?
Snyder: They can continue running what they're running because we have all kinds of transition mechanisms to handle that. We have all kinds of tunneling where we can switch from IPv6 to IPv4 or tunnel IPv6 through IPv4.