Tag Archives: ipv6

Researches Demonstrate How IPv6 Attacks Can Bypass Network Intrusion Detection Systems

With the increasing popularity of IoT devices and the added interest of transition to IPv6, a whole new range of threat vectors are evolving that allow attackers to set up undetectable communications channels across networks. Juha Saarinen reporting in… Continue reading

Posted in circleid | Tagged , , | Comments Off on Researches Demonstrate How IPv6 Attacks Can Bypass Network Intrusion Detection Systems

2017 North American IPv6 Summit to Be Held at LinkedIn Headquarters

​​The collective North American IPv6 Task Forces announced the 2017 North American IPv6 Summit will be held at LinkedIn headquarters in Sunnyvale, CA. The two-day event (April 25-26), designed to educate network professionals on the current state of IPv6 adoption, will feature a variety of speakers from leading organizations, including LinkedIn, ARIN, Google Fiber, Microsoft, Cisco, Comcast, and others. The IPv6 North American Summit, first held in 2007, will cover such topics as exemplary IPv6 adoption, best practices in IPv6 deployment, methods for driving increased usage of IPv6, current IPv6 adoption trends, and future IPv6 growth projections. Awards will be presented to the top 10 North American service providers who achieved connecting over 20% of their subscribers with IPv6.

Follow CircleID on Twitter

More under: IPv6

Continue reading

Posted in circleid | Tagged | Comments Off on 2017 North American IPv6 Summit to Be Held at LinkedIn Headquarters

Verizon to Stop Issuing New Public IPv4 Addresses

Verizon has announced that starting June 30, 2017, it will stop issuing new Public Static IPv4 addresses due to a shortage of available addresses. While customers that currently have active Public Static IPv4 addresses will be able to retain their addr… Continue reading

Posted in circleid | Tagged , | Comments Off on Verizon to Stop Issuing New Public IPv4 Addresses

Commercial Incentives Behind IPv6 Deployment

From “IGF 2016 Best Practice Forum on IPv6,” co-authored by Izumi Okutani, Sumon A. Sabir and Wim Degezelle.

The stock of new IPv4 addresses is almost empty. Using one IPv4 address for multiple users is not a future proof solution. IPv4-only users may expect a deterioration of their Internet connectivity and limitations when using the newest applications and online games. The solution to safeguard today’s quality is called IPv6.

The Best Practice Forum (BPF) on IPv6 at the Internet Governance Forum (IGF) explored what economic and commercial incentives drive providers, companies and organizations to deploy IPv6 on their networks and for their services. The BPF collected case studies, held open discussions online and at the 2016 IGF meeting, and produced a comprehensive output report. This article gives a high-level overview.

IP addresses and IPv6

An IP address, in layman terms, is used to identify the interface of a device that is connected to the Internet. Thanks to the IP address, data traveling over the Internet can find the right destination. The Internet Protocol (IP) is the set of rules that among other things define the format and characteristics of the IP address.

IPv4 (Internet Protocol version 4) has been used from the start of the Internet but has run out of newly available address stock. IPv6 (Internet Protocol version 6) was developed to address this shortage. IPv6 is abundant in its address space, can accommodate the expected growth of the Internet, and allows for much more devices and users to be connected. To communicate over IPv6, devices must support the IPv6 protocol, networks must be capable of handling IPv6 traffic and content must be reachable for users who connect with an IPv6 address.

General state of IPv6 deployment

According to the APNIC Labs measurements for November 2016, the global IPv6 deployment rate was close to 8%, with large differences between countries from zero to double-digit IPv6 deployment rates up to 55%. The higher deployment does not entirely follow the traditional division between industrialized and developing countries. There is not always a clear link between economic performance (e.g. GDP) or Internet penetration and IPv6 uptake in a country. The top 20 countries (end 2016), in terms of IPv6 deployment, are a diverse group with among others (in alphabetical order): Belgium, Ecuador, Greece, Malaysia, Peru, Portugal, Trinidad and Tobago, United States, Switzerland

The commercial incentives for IPv6 deployment

Major global players and some local and regional companies and organizations have commercially deployed IPv6. The BPF collected case studies from different regions and industry sectors to learn about the key motivations behind these decisions to deploy IPv6.

The imminent shortage of IPv4 addresses is the obvious and most cited reason to deploy IPv6. IPv6 is regarded as the long-term solution to prepare network and services for the future and to cope with growth. Investing in IPv6 is cheaper in the long-term than the alternative solutions that now prolong the life of IPv4. Alternatives come with their own cost, and eventually, IPv6 deployment will be inevitable. It is advised to plan IPv6 deployment over a longer period and include it in existing maintenance cycles and in projects to renew and upgrade infrastructure, equipment and software. This can drastically reduce the burden and cost. Some see IPv6 deployment and providing IPv6 services as a way to show that a company has the technical know-how and capability to adapt to new technical evolutions. In today’s competitive markets branding and image building are important. IPv6 can also create new business opportunities. It allows offering a high-quality Internet and some services and applications only work or work better with IPv6. There are examples of providers that deployed IPv6 to meet the demand of existing or new customers.

Observations per industry sectors

The higher deployment rate in a country is usually the result of a decision by one or a few commercial players (e.g. a large ISP or telecommunications provider) to deploy IPv6.

For ISPs, nearly all current routers and access equipment available on the market supports IPv6. Replacing the equipment in the customers’ premises, the so-called CPE, is often cited as a major challenge, in particular for large networks with many end-users. Including IPv6 deployment in regular upgrades and planned renewal cycles will reduce the cost of deployment and avoid work done today to be redone when IPv6 has become inevitable.

Several global content providers support IPv6, among them are Google, Yahoo, Facebook, and LinkedIn. The number of users accessing content over IPv6 is increasing. For example, Google reported that the number of users connecting to its websites over IPv6 increases by 1% every three months and was more than 14% in September 2016. In October 2016, only 5.8% of the Alexa top one million websites was IPv6 ready, and 22% of the Top Alexa 1000 websites. It is important that also local content providers make their content available over IPv6.

The fast growing mobile Internet is expected to continue to accommodate large numbers of new subscribers in the coming years. In the US, several mobile operators, among others T-Mobile and Verizon Wireless, have started to deploy IPv6 on their networks. Reliance Jio in India recently observed over 70% of traffic in IPv6. In Japan, the government promotes IPv6 as the way forward and stimulates the mobile providers to provide IPv6 by default in 2017. SKTelecom in Korea completed commercial deployment in its mobile network in September 2014.

Also, there is IPv6 adoption outside the traditional sector of Internet providers — some examples: In Japan, a large telecom operator uses IPv6 for a nationwide platform for image streaming and a network of smart meters in the electricity grid uses IPv6 addresses. German automotive manufacturer Continental has enabled IPv6 for its websites and set as a target that all connectivity to external partners via the Internet runs over IPv6. Banks and financial institutions have adopted IPv6, for example, Banrisul, Banco do Estado do Rio Grande do Sul, Rabobank and Wells Fargo. Sony has its corporate network deployed in IPv6 and provides commercial TV, which can be connected with IPv6.

Common Challenges

The case studies collected by the BPF showcase successful deployment and allow identifying challenges. One of the main hurdles early on in the decision-making process for commercial IPv6 deployment is the difficulty in defining a clear business case with a short-term return on investments (RoI). The deployment takes time and planning, and most important benefits are related to the long-term sustainability of a network or service.

A decent training for the technical staff is indispensable and will avoid problems and misconfigurations. For small companies and providers with a limited technical staff, it can be challenging to organize training and collect the knowledge to deploy an IPv6 network. There is a call for more vendor support for IPv6 to help technical teams that come across specific issues and bugs.

For ISPs with a large number of customers, adapting or replacing all the CPE is a time intensive and costly process that is best spread over a longer period. Private equipment bought and used by the customer might pose problems. It’s important that customers are stimulated to ask for IPv6 enabled products. This might avoid costs later on. If an ISP only offers IPv6 on request or as an opt-in option, it will slow down the IPv6 uptake.

Developing countries face specific challenges such as bandwidth limitations or the widely spread use of IPv4-only second-hand equipment.

* * *

At the IGF meeting in Guadalajara, the BPF on IPv6 discussed the messages from the 2016 work. They can be grouped as takeaways for policymakers, business decision makers, service providers and vendors that want to support IPv6 uptake.

Takeaways for policy makers

  • Reach out to businesses and industry to discuss how policymakers can support and stimulate local IPv6 deployment.
  • Encourage vendors to support IPv6.
  • Support initiatives to raise awareness and inform consumers about IPv6 and encourage the purchase of IPv6 enabled products.
  • Support IPv6 training for engineers, in particular for small and medium-sized businesses and in developing countries. Organizations, such as the Regional Internet Registries (RIR), have experience with organizing training and workshops.

Takeaways for business decision makers

  • IPv6 deployment is not an “insurance” for an unexpected situation.
  • Doing nothing hurts! Every person, business, government and organization that today depends on the Internet must understand that IPv6 is needed if they want to continue to rely on the Internet in a similar way.
  • Consider IPv6 for long-term sustainability. IPv4 addresses are a limited and finite resource. It is unlikely that you can continue buying all the IPv4 addresses you need. IPv4 address sharing technologies such as CGN cost money as well and can have higher operational costs than running IPv6. Some applications or services might not work correctly without native IPv6. Customers are not aware of IPv6 but might complain about a degrading quality of service.

Takeaways for vendors

Have your products support IPv6!

Takeaways for service providers

  • Choose IPv6 supported products when updating or renewing the network.
  • When deploying IPv6 commercially, turn it on by default (not as an opt-in). Do not require your clients to ask for IPv6. Several companies have already done this without major problems or complaints from their clients.
  • Training staff is not hard if they already know how to run an IPv4 network. Make use of the available external training courses. Problems with IPv6 are often caused by simple misconfiguration. Having your staff properly trained will help to avoid them.
  • Not deploying IPv6 in new infrastructure and services is a wasted opportunity and a waste of money. Require IPv6 with every purchase, even if the own network is not yet ready. This will save on upgrade and replacements costs in the future.

Takeaways for consumers

Consumers can help in encouraging IPv6 deployment, by requesting IPv6 from their ISP and buying IPv6 capable equipment and devices (including routers, smartphones, etc.). This will create a higher demand for IPv6 enabled products. Most devices are programmed to automatically use IPv6 when available. Let’s each do our part in deploying IPv6.

* * *

About the IGF Best Practice Forum on IPv6:

IPv6 adoption was for the second consecutive year selected as a topic for a Best Practice Forum (BPF) of the Internet Governance Forum (IGF). As part of the IGF’s community intersessional work program, BPFs provide an open platform to collect and exchange experiences on Internet governance related issues. The 2016 BPF on IPv6 was active during the months leading to the 11th IGF meeting in Guadalajara, Mexico, 6 – 9 December 2016, and recently produced a best practice outcome document.

The outcome document of the 2016 IGF BPF on ‘Understanding the commercial and economic incentives behind a successful IPv6 deployment’ is available at http://www.intgovforum.org/multilingual/content/bpf-ipv6

A video of the BPF on IPv6 workshop at the 11th IGF meeting in Guadalajara, Mexico (7 Dec 2016) can be found at https://youtu.be/g9EmjZXpscA.

We would like to thank all supporters and contributors to the work of the BPF.

About the authors:

Izumi Okutani and Sumon A. Sabir served as members of the 2016 Multistakeholder Advisory Group (MAG) of the Internet Governance Forum (IGF) and coordinated the work of the Best Practice Forum on IPv6. Wim Degezelle, served as a consultant with the IGF Secretariat to support the work of the BPF on IPv6.

Written by Wim Degezelle, Independent Internet Policy Analyst and Consultant

Follow CircleID on Twitter

More under: Internet Governance, Internet Protocol, IP Addressing, IPv6, Policy & Regulation, Telecom

Continue reading

Posted in circleid | Tagged , , , , , | Comments Off on Commercial Incentives Behind IPv6 Deployment

NFV Orchestration Without Network Visibility: OS MANO Needs Operational Improvements

Open Source (OS) Management and Orchestrations (MANO) is a European Telecommunications Standards Institute (ETSI) initiative that aims to develop a Network Function Virtualization (NFV) MANO software stack, aligned with ETSI NFV. The main goal of MANO is to simplify the onboarding of virtual network components in telco cloud data centers. The initiative has gained impressive momentum among leading Communication Service Providers (CSPs) around the world as part of their NFV programs.

A major limitation of the initial MANO releases was that they only supported one data center. That of course is not acceptable for production NFV, because regulations alone require a distributed infrastructure to ensure service continuity. While there has been much debate as to why CSPs have been slow to roll out NFV into production, the limitations of the initial OS MANO releases have not come up that often.

In October 2016, the OS MANO community addressed the continuity issue with its new RELEASE ONE. More specifically, the latest version of the OS MANO allows the NFV infrastructure and, consequently, the Virtualized Network Functions (VNF) to be distributed across multiple sites. The new OS MANO functionalities making this possible include:

  • Multisite Support allowing a single OS MANO deployment to manage and orchestrate VNFs across multiple data centers.
  • Network Creation via Graphical User-Interface or automatically by a Service Orchestrator.
  • The ability to manage IP parameters such as security groups, IPv4 / IPv6 ranges, gateways, DNS, and other configurations for VNFs.

While these features enable centralized orchestration of highly available network fabrics that span across multiple data centers, the problem is that the OS MANO framework has no mechanism for managing these attributes properly. It is simply assumed that they will come from somewhere — either manually or magically appearing in the service orchestrator — which to me does not represent the level of rigor that is required when designing automated service architectures of tomorrow.

Since any workflow is only as efficient as its slowest phase, leaving undefined manual steps in the NFV orchestration process is likely to create multiple operational and scalability issues down the road. In the case of OS MANO RELEASE ONE, at least the following problems are easy to foresee:

  1. Agility. Automating the assignment of logical networks and IP parameters is mandatory to reap the full benefits of end-to-end service automation. Two possible approaches would be to either retrieve this information from a centralized network Configuration and Management Database (CMDB) by the Service Orchestrator, or alternatively by pushing the networks and IP parameters directly into their place. Either way, to ensure the integrity of the configured data and to automate this part of the workflow, the logical networks and IP parameters must be managed within a unified system.
  2. Manageability. As the NFV network fabrics span across multiple data centers, the CSPs running these environments need unified real-time visibility into all the tenant networks across all sites. As the multisite model in OS MANO assumes that each data center runs its own dedicated cloud stack for NFV-I, the unified visibility can only be achieved on a layer that sits atop the NFV-Is. Therefore, this is something that either OS MANO should do — or alternatively, there can be a separate layer for the authoritative management of all networks and IP parameters.
  3. Administrative Security. The problem with the current OS MANO framework is that it leaves the door open for engineers to manage the network assignments and IP parameters in any way they see fit. An ad hoc approach would typically involve a number of spreadsheets with configurations like security groups in them, which may be rather problematic from the security and regulation compliance perspective since it can easily lead to not having proper authorization and audit trail mechanisms in place.

In fairness to OS MANO, most CSPs still continue to mostly experiment with NFV. It is therefore likely that these operational issues are yet to surface in most telco cloud environments. That said, we have already seen these issues emerge at early NFV adopters, creating unnecessary bottlenecks when the NFV environment is handed over to operations. Therefore, my suggestion to the Open Source MANO community is to establish a best practice for addressing these issues before we reach a point at which they start slowing down the NFV production.

Written by Juha Holkkola, CEO of FusionLayer, Inc.

Follow CircleID on Twitter

More under: Access Providers, Broadband, Cloud Computing, Data Center, DNS, Internet Protocol, IP Addressing, IPv6, Mobile, Telecom

Continue reading

Posted in circleid | Tagged , , , , , , , , , | Comments Off on NFV Orchestration Without Network Visibility: OS MANO Needs Operational Improvements