With the recent exhaustion of unassigned IPv4 address and the limited availability of assigned addresses under IPv4, networks of every size and shape need to prepare for the coming IPv6 migration. In short, this means that every device that connects to an IP network will need to support IPv6 in the near future, as content and service providers begin to transition more of their infrastructure to IPv6.
To support the new standard, most devices will require an update to support IPv6 as well as IPv4. Unfortunately, many legacy products that communicate via IPv4 today do not have any upgrade path whatsoever due to lack of support for the necessary firmware needed for IPv6 compatibility, and will need to be replaced.
Compounding the challenge to network administrators is that many vendors today have not made the necessary R & D investment to make their products compliant with IPv6. Vendors are now rushing to close the IPv6 compliance gap before their customers abandon them for their competitors, as forward-looking administrators are now beginning to ask the question, “Are you compliant?”
To assist you in understanding the scope of the migration and provide as much early warning as possible, we developed a checklist of the top 3 businesses should take before making the transition from IPv4 to IPv6:
Inventory: IPv6 will affect every device and application in a network. The first step towards a successful migration is to conduct an inventory all of the devices that are currently connected to the network.
Research: After taking inventory, review each vendor’s IPv6 roadmap and timeframe for full compliance. This research will reveal both the level of preparedness of your vendors and whether the device requires a simple software update or a complete hardware refresh.
- Be sure to look under the hood: It’s important to make sure your vendors will deliver feature parity in IPv6. For example, in the network security industry, many vendors say they support IPv6. However, being able to pass an IPv6 data packet from one side of a firewall to another is not the same as being able to perform deep packet inspection and detect malicious content or unwanted applications.
- Don’t believe everything you read: Make sure you can validate the vendor’s claim. In network security, this translates into testing a product’s ability to detect and block the same threats in IPv6 that it detected under IPv4. What’s more, there may be a drop in performance for IPv6 traffic, as some vendors will not provide hardware-based acceleration in IPv6, like they do for IPv4 traffic today.
- Look across the vendor’s entire product line: Is the vendor shipping IPv6-compliant products designed for your market segment? Or is it delivering just select products in attempt to satisfy its higher-end customers? Check the product’s certifications: Even though many vendors claim to be IPv6 compliant, it’s still good to check if the product under evaluation has been certified by respected, vendor-neutral third parties, such as JITC (US Defense Department certification).
Budget: Last but not least, once you have identified those systems for which you need to purchase upgrades (either hardware or software) you’re going to have to find a way to pay for them. The sooner you understand these IPv6-related costs, the easier it will be for you to integrate them within your normal device refresh cycle. The last thing you want to do is have to explain why you need an emergency budget to address a problem that the industry has known about for years.
By Patrick Bedwell, Vice President of Product Marketing, Fortinet
