Archive for IPv6

RB | December 4, 2010
No comments

U.S. Running Out Of IP Addresses

InformationWeek says IPv4 addresses will run out by the end of 2011. The plethora of mobile devices and an increase in Internet services to the home have led to a shortage of Internet addresses, which could run out by the end of 2011 according to InformationWeek. “We now face an exhaustion of IPv4 addresses,” Lawrence Strickling, administrator of the U.S. National Telecommunications and Information Administration (NTIA), said in the meeting, Reuters reported.  There’s only room for 4.3 billion IP addresses and the U.S. owns more than 90 percent of public IP addresses globally. The U.S. has used about 94.5 percent of it’s public IP addresses.

DONT PANICThe recent surge in tablet computers like the Apple iPad and Research in Motion Blackberry smartphones are depleting the supply of available addresses.  The remaining 5.5 percent of the IPv4 addresses will be distributed among the Regional Internet Registries by next summer Reuters reported. New IP-based technologies such as LTE and WiMax have also contributed to the dwindling number of IPv4 addresses. M2M devices and smart technologies in consumer products like refrigerators, dishwashers and vehicles also decrease the number of addresses available. “Fortunately, IPv6 will support 340 trillion, trillion, trillion addresses,” Strickling is  quoted in Reuters, and appealed to businesses to widely roll out and integrate IPv6.

The reason is that IPv6 is a much longer address, but it makes up a lot more possible numbers, said Todd Day, industry analyst, Mobile & Wireless Communications, Frost & Sullivan. “It’s similar to a phone number with many digits, so it’s like having a longer phone number.” Switching to IPv6 could be costly for businesses and the technology might not integrate well with what they are using. “Ultimately you have equipment that has to be replaced in order to support IPv6, you have software changes and upgrades in other pieces of equipment and testing and actual implementation costs,” Day said.

In spite of the challenges, the new protocol has its advantages, he said. “There are definitely a lot of benefits to IPv6,” Day said. “In the bigger picture it allows for more security, video and voice streaming and better quality of service.”

rb-
This is not a U.S. specific problem as InformationWeek would have their readers believe. This is a world-wide problem. John Curran President and CEO of ARIN pointed out in the article, “some other countries have already set their IPv4 depletion / IPv6 adoption plans.” Of course not in the US, there are so many other important issues to for the Feds to worry about, like the noise level of TV commercials.

This gadget has been developed by Takashi Arano, Intec NetCore

Category: IPv6, Networking | Tags: , , , , , ,
RB | November 19, 2010
No comments

Do You Know Where Your IPv6 Is?

Earlier, I covered the iSuppli announcement that nearly 3 out of every 4 people  on Earth will soon own a mobile phone. Now this factoid has some consequences. Johannes Ullrich, PhD, chief research officer for the SANS Institute is predicting that the arrival of new and upgraded IPv6 enabled  operating systems, smartphones and tablets have the potential to open new and unrecognized security weaknesses in otherwise secure environments. Dr. Ullrich told Net Security, “One of the problems is the accidental implementation of IPv6. You may already have IPv6 on your network without knowing about or configuring it.” He continues, “Windows 7, OS X and Linux enables it by default. In the last round of operating system updates, it has tended to be turned on by default.” Dr. Ullrich, who is currently responsible for the SANS Internet Storm Center (ISC), also highlights devices running Apple’s IOS such as iPhone as well as some Google Android devices come with IPv6 enabled by default.

Dr. Ullrich says that the growth of mixed IPv4 and IPv6 networks, sometimes without the knowledge of IT security teams, can introduce a variety of potential security risks. Attacks designed to exploit IPv6 enabled devices could also be missed by security teams not looking for  IPv6 traffic, “Many organizations will look at their own networks and not see a big problem staying on IPv4,” he explains.

According to Net Security, Ullrich believes that organizations have failed to grasp the full impact of a move to IPv6 or the amount of time needed to plan, test and secure any migration strategy. Ullrich believes that it will take at least about a year for larger organizations to move over to IPv6. Although most modern routers and switches are capable, supporting SIEM, IDS, IPS and monitoring tools will need reconfiguration. The application layer is more problematic according to the SANS Institute expert  “It is comparable to the Y2K problem, and there may well be many complex or custom applications that are affected by switching over that need to be tested.”

This gadget has been developed by Takashi Arano, Intec NetCore

Category: IPv6, Malware, Networking, Security | Tags:
RB | October 22, 2010
No comments

IPv4 Doomsday Pushed Back

The American Registry for Internet Numbers (ARIN) announced this afternoon (10-20-10) that Interop has returned its unneeded Internet Protocol version 4 (IPv4) address space. The ARIN Press Release explains that Interop was originally allocated a /8 before ARIN’s existence and the availability of smaller-sized address blocks.

Another press release indicates that Interop founder Dan Lynch acquired the addresses block to allow for unfettered Interoperability Testing between TCP/IP equipment vendors in the formative years of the Internet. Interop will continue to use a small part of the original grant to continue Interop’s 25-year mission to foster industry-wide interoperability, while returning the rest of the address block to ARIN for the greater good of the Internet community.  The organization recently realized it was only using a small part of its address block and that returning the rest to ARIN would be for the greater good of the Internet community.

ARIN will accept the returned space and not reissue it for a short period, per existing operational procedure. After the hold period, ARIN will follow global policy at that time and return it to the global free pool or distribute the space to those organizations in the ARIN region with documented need, as appropriate.

With less than 5% of the IPv4 address space left in the global free pool, ARIN warns that Interop’s return will not significantly extend the life of IPv4. ARIN continues to emphasize the need for all Internet stakeholders to adopt the next generation of Internet Protocol, IPv6.

rb-

As the original poster at Slashdot points out, if any of the other IPv4 /8 address holders return their unused addresses, the IPv4 exhaustion date would be pushed back even further. I wonder what some of these companies plan on doing with all of these IP addresses?

  • HP has 32 million publicly routable addresses (16 million of its own and 16 million from DEC which HP acquired when it ingested Compaq) most of which seem to used to handle VoIP calls to India for sales and support calls.
  • Is Ford going to install a IPv4/IPv6 gateway on all the cars with My Ford Touch, an upgrade of Sync, its in-car Internet service with Microsoft?
  • How is the USPS using it 16 million IP addresses?

Some IPv4 /8 Address Holders

PrefixDesignationDate
003/8General Electric Company 1994-05
004/8 Level 3 Communications, Inc.1992-12
008/8 Level 3 Communications, Inc.1992-12
009/8IBM 1992-08
012/8 AT&T Bell Laboratories 1995-06
013/8Xerox Corporation 1991-09
015/8Hewlett-Packard Company 1994-07
016/8 Digital Equipment Corporation 1994-11
017/8Apple Computer Inc. 1992-07
018/8MIT 1994-01
019/8Ford Motor Company 1995-05
034/8 Halliburton Company 1993-03
035/8MERIT Computer Network 1994-04
040/8Eli Lily & Company 1994-06
048/8Prudential Securities Inc. 1995-05
054/8Merck and Co., Inc. 1992-03
056/8 US Postal Service 1994-06
The allocation of IPv4 address space to various registries is listed at www.iana.org/assignments/ipv4-address-space/ipv4-address-space.xml.

This gadget has been developed by Takashi Arano, Intec NetCore

Category: IPv6, Networking | Tags: , , , , ,
RB | September 18, 2010
No comments

D-Link Raises Net Security Bar

Help Net Security reports that D-Link (TSEC dlink) has upgraded its products to rival some of the “enterprise level” devices I see at client sites.  The vendor has enhanced its router security to a higher level of protection  to guard against hacking, worms, viruses and other malicious Web attacks. by incorporating DNSSEC, IPv6 and CAPTCHA.

DNSSEC is a suite of Internet Engineering Task Force (IETF) specifications (Core DNSSEC RFCs are RFC 4033, RFC 4034, and RFC 4035) that adds security to the DNS to offer assurance that the information received from a Domain Name Server is authentic according to the article. The security extensions are designed to protect the DNS from man-in-the-middle and cache poisoning attacks, which can occur when hackers corrupt DNS data stored on recursive name servers to redirect queries to malicious sites.

DNSSEC applies digital signatures to DNS data to authenticate the data’s origin and verify its integrity as it moves across the Internet and can give users an effective means of verification that their applications, such as Web or email, are using the correct addresses for servers they want to reach.

D-Link is also providing additional security and  future-proofing its routers, by migrating to IPv6 certification according to Help Net Security. With the growing number of Internet-capable devices on the market the pool of IPv4 address has dropped to six percent and is expected to run out sometime in 2011. While this is a major motivation for IPv6, other improvements are also realized.

The IPv6 specification now specifies certain security measures that were not defined in IPv4, such as IPSec. IPSec is a method of authenticating and encrypting data transferred between pairs of hosts. Although it was possible to implement IPSec with IPv4, it was not part of the specification. IPSec is now a requirement, not an option, in the IPv6 specification.

D-Link as previous implemented Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA) to improve security. CAPTCHA is a challenge-response test that ensures that a response during a user logon is not computer-generated but instead is truly entered by a human hand, by requiring a user to manually enter a small amount of text displayed in an image to help prevent automated registration and fraud.

rb-

I looked at a production switch today that was still running only CatOS 9.0 (EOL 2009), they might be better protected with a new D-Link.

Category: IPv6, Security | Tags: ,
RB | June 20, 2010
No comments

Facebook Adds IPv6

NetworkWold is reporting that Facebook began offering “experimental, non-production” support for IPv6 on June 10,2010. With more than 350 million active users. 65 million of them accessing the site through mobile devices, Facebook is planning its deployment of native IPv6 to its network backbone. Facebook says it wants to support both IPv4- and IPv6-aware clients. In a presentation at the Google IPv6 Implementors Conference, Facebook’s network engineers said it was “easy to make [the] site available on v6.”

Facebook said it deployed dual-stack IPv4 and IPv6 support on its routers, and that it made no changes to its hosts to support IPv6. Facebook also said it was supporting an emerging encapsulation mechanism known as Locator/ID Separation Protocol (LISP), which separates Internet addresses from endpoint identifiers to improve the scalability of IPv6 deployments. “Facebook was the first major Web site on LISP (v4 and v6),” Facebook engineers said during their presentation. Facebook said that using LISP allowed them to deploy IPv6 services quickly with no extra cost. Facebook’s IPv6 services are available at www.v6.facebook.com, m.v6.facebook.com, www.lisp6.facebook.com and m.lisp6.facebook.com.

John Curran, president and CEO of the American Registry for Internet Numbers (ARIN), has been urging Web site operators to deploy IPv6. Curran set a deadline of Jan. 1, 2012 when all public facing Web sites must support IPv6 or risk providing visitors with lower-grade connectivity.  The remaining pool of unallocated IPv4 addresses could be depleted as early as December due to unprecedented levels of broadband and wireless adoption in the Asia-Pacific region, experts say.

Richard Jimmerson, CIO at the American Registry for Internet Numbers (ARIN), told NetworkWorld, “It’s moving so fast now that it’s hard for us to be current on it any longer,” ARIN provides IPv4 addresses to carriers in North America. “We’ve gone through 10 /8s since the beginning of this year,” Jimmerson says. “To put that in perspective, in all of 2009, we only went through eight /8s. It’s very possible that the IANA free pool will deplete in December or January at the earliest.”

The article reports that demand for IPv4 addresses remains flat in North America, there has been a huge surge in the Asia-Pacific region this year that is likely to stay strong. “The Asia-Pacific region has very large economies that are underserved by IP addresses such as India, China and other places,” Jimmerson told NetworkWorld. “They are really seeing a big surge in broadband deployment and wireless data handset deployment, and that translates into having to have unique IP address space. That trend is likely to continue.”

rb-

Just last week, I was speaking with a potential client about getting ready for IPv6 on their network. They had not even talked yet with their ISP about getting IPv6 traffic to them, let alone how they were going to deal with IPv6 in and out of the network.

Category: IPv6, Networking | Tags:
« Older Entries   Recent Entries »

Switch to our mobile site