Networking

Making the Switch to IPv6

Consider these six steps to make adoption as painless as possible.

Joel Snyder, Ph.D., is a senior IT consultant with 30 years of practice. An internationally recognized expert in the areas of security, messaging and networks, Dr. Snyder is a popular speaker and author and is known for his unbiased and comprehensive tests of security and networking products. His clients include major organizations on six continents.

As organizations choose to adopt IPv6, bringing the new version of the Internet Protocol into your network might seem an insurmountable task. But by taking on one piece at a time, you can smoothly integrate IPv6 — with a minimum of interruption and downtime.

1. Start with servers and an easy task.

Give yourself a simple goal, such as making the agency's main Internet web server available via both IPv4 and IPv6, and work toward that without trying to understand how the entire network is going to evolve. IPv6 is not just IPv4 with longer addresses; you need to get started with something simple.

For most organizations, you'll need to coordinate with your Internet service provider, upgrade or update your firewall and edge router, and activate IPv6 on an existing system. Those four steps can take months, but once you complete them, you'll know what you need to make your entire external network accessible via IPv6.

2. Build an IPv6-only test lab.

To understand and test IPv6, you need to have a test lab running only IPv6. Use a spare router to build a tunnel to your ISP or use a public IPv6 tunnel broker. Don't just tunnel from a single host; get a whole subnet so that you can set up Windows (and Mac) clients that have IPv4 entirely deactivated.

3. Learn to love your Domain Name System.

If you're still typing IP addresses here and there, stop that. IPv6 requires a solid DNS and Dynamic Host Configuration Protocol infrastructure, and these services must be rock-solid and self-updating.

Without a foundation that includes DNS and DHCP, building an IPv6 network that works will be impossible. This includes offering DNS and DHCP service to IPv6 clients, making sure that DHCP properly updates DNS and adding IPv6 addresses to existing domain names.

This is also a good time to re-evaluate IP address management. If you're still using spreadsheets or text files, get a good IPAM tool before you start with IPv6.

4. Don't worry about legacy equipment.

If you have wiring closets full of perfectly good Layer 2 switches, there's no reason to replace them just because you can't manage them with IPv6. The same is true of other devices that won't leave your network boundary, such as printers and embedded devices (badge readers or thermostats, for instance). If they work today, they'll work until they break, and you don't need to worry about (or budget for) swapping them out any sooner.

5. Plan on dual-stack networks for the foreseeable future — at least a decade.

All modern client and server operating systems are dual-stack already, and that's the way the Internet is going to be for a very long time. Gateways can help connect IPv4-only and IPv6-only islands to the rest of the world, but you should use them sparingly, if at all.

6. Stop buying IPv4 equipment.

The trend toward embedded appliances in data centers — proxies, antispam gateways, storage servers, intrusion prevention systems and so on — has saddled a lot of IT managers with expensive equipment but no clear IPv6 transition plan. These devices will end up being barriers to your IPv6 adoption.

Starting today, don't buy another box unless it supports dual-stack operation or offers a clear, well-defined upgrade plan. It doesn't matter if the manufacturer is “up and to the right” in the latest Gartner report; anything you buy from now on that is IPv4-only is a waste of valuable resources.

You'll be surprised at how much gear is IPv6-ready — and how many of your favorite products are not ready — so be a smart shopper.

Hemera Technologies/ThinkStock