September 17th, 2014 - by Walker Rowe
The world is running out of IPv4 IP addresses and will soon only issue IPv6 addresses. What does the system administrator need to do to make the transition to this new reality?
An IPv4 address is in the form of 255.255.255.255, which is 4 octets of 8 bits each equals 32 bits. A bit can be 0 or 1, so there are 2^32= appx 4.3 billion possible IP addresses. That is a smaller number than the number of people on the planet, and since people living in developed countries have multiple computers and cellphones, the world is running out of IP addresses.
The Microsoft cloud, Windows Azure, for example, has already run out of IP addresses for new customers in the USA. The only way to obtain more is to buy them from an ISP since ICANN does not have many more to issue. But in fact ISPs do not have many left to sell. ISPs in Europe only have about 16 million left according to RIPE; to say that these are taken means they have been allocated to ISPs. Brazil has some still available from its allotment. Africa as a continent has more.
The answer to this problem is to move to IPv6, which will allow 3.4×1038 addresses, which is enough for every computer, TV set, cell phone, wind machine, thermostat, and many trillion more domains to have IP address. In other words, the plan is to allow the internet to grow to an almost unlimited number of domains and devices. In the future, cars and devices not even built yet will be attached to the internet. This IPv6 number 3.4×1038 is greater than the weight of the earth in grams (2.09*1027) so we will never (never say 'never'?) run out again.
The new format for IP addresses is 8 groups of hexadecimal digits, which is written like this:
FFFF:FFFF:FFFF:FFFF:0000:0000:0000:0000 where the last four are zone information that can be left off. Zone information indicates routing type, like locally routable or globally routable.
Each of these groups has 16 bits. So the maximum number of combinations is 2^16 = 0xFFFF or 65,636. But 0 is a valid address, so we subtract 1 to give a possible 65,635 addresses. 0 is a valid address format too; you can abbreviate 0000 to 0 just like you can abbreviate 0DEF to DEF.
What do I need to do?
Google keeps track of IPv6 adoption here. For example, they show that 6.11% of domains in the Czech Republic have adopted IPv6, but that this is not enough because there is a 0.1% increase in latency due to routing issues there.
First, you need to make sure that your domains have an AAAA record (IPv6) in addition to an A record (IPv4).
For example, Facebook has one: 2a03:2880:2050:3f07:face:b00c::1.
Some things you are going to need to do are the following.
In addition to updating your DNS record, if you run a DNS server, it will need to be upgraded or configured to support IPv6. For example, IPv6 makes DNS queries using both UDP and TCP. IPv4 uses UDP only.
If you are an ISP, cloud company, or web hosting company, you can read information from the RIPE Network Coordination Center (Europe) here on how to get IPv6 addresses for your customers.
For detailed information on routing and other DNS and security issues you can read Guidelines for the Secure Deployment of IPv6 from the American NIST's (National Institute for Standards and Technology's).
Some older Cisco routers have already hit a 500K limit on routing table space, resulting so far in at least one global slowdown. This means that the global routing table has grown to such proportions that at times it exhausts the 500K memory limit in certain Cisco routers under certain conditions. IPv6 is supposed to make routing easier, since routing information is built into the zone part of the IP address itself. Less memory will be required, but that does not mean internet backbones can keep the old Cisco routers.
Because there are enough IP addresses to give every device on this planet (and other planets too!) an IP address, there will be no more need to do NAT routing. With NAT, all the devices on an internal network translate to one IP address on the internet. With IPv6 each device can have its own address.
All of this means you will need to reconfigure or replace your routers, especially those connected directly to the internet.
Web servers too must be configured to listen on an IPv6 address, like the Apache httpd.conf file:
<VirtualHost [2607:f0d0:1002:11::4]> ServerAdmin email@example.com DocumentRoot /home/httpd/cyberciti.biz/http ServerName cyberciti.biz ServerAlias www.cyberciti.biz ErrorLog logs/cyberciti.biz-error_log TransferLog logs/cyberciti.biz-access_log ErrorLog "/home/httpd/cyberciti.biz/logs/ipv6.error.log" CustomLog "/home/httpd/cyberciti.biz/logs/ipv6.access.log" common ScriptAlias /cgi-bin/ "/home/httpd/cyberciti.biz/cgi-bin
Storage arrays and Apache Hadoop also have IP addresses that you might need to change. So have application servers. Ubuntu is set up by default without IPv6 support. Windows has had IPv6 support since the year 2000.
You can choose to keep IPv4 addresses for internal systems for many years as internal networks can still use IPv4, and Apache and other devices and software can run in dual-stack mode. However, as you add new domains to your hosting environment, your ISP is going to run out of IPv4 addresses for new customers, so your web server, firewall, and routers all need to be configured to support this. Your ISP will also need to upgrade their DHCP servers.
Mobile cell phones too will have to make the switch to IPv6. This is being addressed in the 4G mobile phone standard. But 4G is not available everywhere. 3G and even 2G remain the only options in most of the world. So you might find that people using mobile devices cannot even access the internet: but this is a problem for the phone company to fix; not you.
Cloud Tools and Other Apps
If your Microsoft Exchange server is configured to connect to the cloud and to connect to your antispam and antivirus vendor, it might need to be changed to IPv6. Domains get blocked when their IP address are blacklisted for sending spam, but what if that IP address is IPv6? SpamHaus and others maintain a list of these blocked domains. You will need to make sure that your antivirus and spam software and vendor supports IPv6.
These are just a few of the issues and action items to address for the system administrator who is facing the end of IPv4 and will be forced onto IPv6 - and soon. Now is the time to plan to revise all of your devices and applications, as well as your domain names for you and for all of your hosting clients, many of whom may have no technical knowledge about this and will rely on your for direction.
Akamai’s State of the Internet Q1 2014 Report
American NIST (National Institute for Standards and Technology) Guidelines for the Secure Deployment of IPv6
RIPE Network Coordination Center (Europe) guide for IPv6