With World IPv6 Day upon us, I thought I’d take a moment to expound on the IPv6 transition so far and what we are likely to see in the near future.
IPv6 is like a dead animal lying on the road: a group of kids gathered around it, sticks in hand negotiating who gets to poke it first. You have ISPs and carriers waiting for customers to demand it and all of their vendors to support it, you have hardware and software vendors waiting until IPv6 becomes more important to customers than the features their customers are willing to pay extra for then you have other businesses that have to weigh IPv6 activities against anything else on the plates of their IT departments. Given the current security/breach climate, it is no surprise to me that IPv6 is not making huge strides.
Finally, you have the end user. Without a killer app, there is very little motivation for end users to demand IPv6. Grandma wants pics of the grandkids, what protocol those images arrive over makes no difference to her. At the moment, the hassle of converting just doesn’t seem worth it for most users.
I myself went through the process of converting. I updated my personal website, email setup, a tunnel to my home network, and even got myself certified at ipv6.he.net. After all was said and done, the only thing I had to show for it was my newfound ability to go to ipv6.google.com or pass the various IPv6 tests. The cool factor of this lasted for 10 minutes. By the time it turned off, I found myself wondering why I wanted to maintain two sets of firewall rules plus RA and DHCP (not all of my devices at home support IPv6) and deal with the extra troubleshooting and maintenance. Having been through the exercise, now I already know what devices I need to replace and what services need to be updated and have a much better idea about how to keep things secure. When the time comes, it should be easier the second time around.
When I first heard about World IPv6 Day, I was hoping it would be a turning point where the participants would start to support IPv6 going forward. Now it has evolved into a day for participants to test the waters.
Any disappointment aside, I think this is for the best. To paraphrase the German war strategist Helmuth von Moltke, “No battle plan survives contact with the enemy.” The World IPv6 day has become a “safe” way for organizations to try out their IPv6 strategies, retreat so they can reflect, and reassess and recalibrate their ongoing plans. Many of the participants will also be looking at traffic numbers from their IPv6 day experience to gauge interest. Ideally, this day will not leave too many casualties on the field.
Carolyn Duffy Marsan proposed that hackers may try to disrupt World IPv6 Day. I have to agree. It would be naive to expect that only goodhearted IPv6 groupies will be scanning the IPv6 world on this day.
However, I have to disagree that this disruption will mostly take the form of distributed denial-of-service (DDoS). This is a perfect opportunity for the underground community to take a stab at networks that are, in many cases, exploratory in nature and, in some, downright cobbled into production. I expect to see more targeted attacks looking for back-rev software, for incomplete network and security configurations, etc. The holy grail would be a foothold into your existing, well-protected IPv4 network through some well-known weaknesses in back-rev software that may be required to get all of your IPv6 components talking correctly or into an ignored service running unprotected.
Be careful out there.