IPv6 Myths

Myth 1: We Don’t Need It

One of the first myths is that we do not need IPv6. Many people have taken this position, as indicated by the more than 10 years that have elapsed from the development of the standard, still without significant IPv6 deployment on a global scale. Today, however, that picture is changing rapidly. IPv4 address depletion is no longer a distant speculation but a concrete reality. In January 2011, the Internet Assigned Numbers Authority (IANA) allocated the last free IPv4 blocks to the Regional Internet Registries (RIRs). The RIRs still have free IPv4 addresses, but they can’t last forever.

Myth 2: Immediate Switchover

When the IPv4 addresses are depleted, IPv6 will be rapidly deployed everywhere. This, however, is also another myth. Unfortunately, the time for a smooth and fairly rapid transition has come and gone, and even though the depletion of IPv4 addresses is looming closer than ever before, the transition from IPv4 to IPv6 is still going to occur over the span of years instead of months. The phrase “kicking and screaming” comes to mind in this process much more often than “that’s a great idea.” During this transition both IPv4 and IPv6 will coexist on the Internet, along with numerous mechanisms to communicate between services in each environment.

Myth 3: NAT Provides Security

Our next myth is that IPv6 networks will be less secure because of the elimination of Network Address Translation (NAT). One of the reasons that the IPv4 addresses have lasted as long as they have is the extensive utilization of NAT. Many people, however, falsely believe that NAT is a security mechanism. Instead of a security mechanism, NAT is solely designed to allow many private addresses to share the same global IP address. This does little to nothing to increase your security posture. The real protection comes from having stateful inspection of inbound traffic into your network. The size of the IPv6 address space eliminates the need for this overloading. Without NAT, IPv6 network configuration will definitely be less complex, but eliminating NAT will not increase or decrease the security of IPv6 networks as long as you make sure that you deploy appropriate access controls on the boundary of your network.

Myth 4: Smaller Routing Tables

Another common myth is that IPv6 will reduce the size of the routing tables required on the Internet. Although the common routing protocols were rebuilt to support IPv6 more efficiently, there were no significant improvements to these protocols. Many plans exist for efficiently allocating addresses in an IPv6 world so that address blocks can be aggregated (similar to techniques used in IPv4), which can reduce the size of routing tables. During the transition period, the need to support both IPv4 and IPv6 routing tables could definitely cause problems. Even after the transition, however, the growth of routing tables is still a concern in IPv6 given the drastic increase in available addresses for IPv6, unless sufficient route aggregation is maintained.

Myth 5: Improved QoS

The notion that IPv6 provides better Quality of Service (QoS) than IPv4 is another common misconception. QoS on IP networks is delivered using a couple of different architectures. Both IPv4 and IPv6 provide Differentiated Services and Integrated Services, the two common architectures to provide QoS on an IP network. So what makes IPv6 different? Besides these QoS architectures, IPv6 also provides a 20-bit Flow Label field in the IPv6 Header. This Flow Label field, which does not exist in IPv4, has the potential to improve the efficiency of flows in an IPv6 network. Currently, however, this field is largely unused and does not provide a significant improvement of QoS on IPv6 networks.

Myth 6: IPv6 Means Improved Security

The most common security myth is that IPv6 is more secure than IPv4. From the beginning, the IPv6 standard has mandated support for IPSec. Many people have falsely translated that to mean an increase in security for IPv6 networks (even though IPSec only deals with authentication, integrity and confidentiality of connections). First of all, IPSec by itself can not stop all attacks against the IPv6 protocol, such as application-level attacks. Secondly, although mandatory IPSec support is a good start, it can’t even be realistically used for all connections. Many necessary ICMP messages utilize multicast. Utilizing IPSec for these multicast messages is not feasible. Key management for supporting IPSec for each and every connection on an Internet-wide scale for IPv6 is also definitely not trivial. Therefore, the utilization of IPSec in IPv6 networks will not dramatically increase beyond the levels currently used for IPv4 networks for some time to come. So in reality, both IPv4 and IPv6 have associated security issues (not necessarily the same), but neither protocol is really more secure than the other.

Well that’s all for now. Hopefully your understanding of some common IPv6 misconceptions has been clarified. Stay tuned for the next IPv6 post on how ICMP has changed in IPv6.

23 февраля

Стреляют пушки, пулеметы, ракеты с бомбами летают,
А в небе храбрые пилоты друг друга мастерски сбивают.
Пылает пламя, рвутся мины, лежат повсюду трупов горы,
И танки смертоносным клином сминают мирные заборы.
А полководец, взявши ластик, склонился над военной картой.
Вот это понимаю праздник,
не то што, б*я, 8 Марта

Генерал Ермолов

Избранные Фразы Героя Войны на Кавказе XIX века...Человека основавшего Грозный и Нальчик...

Во время смотра в 1805 году граф Аракчеев выказывает неудовлетворение утомленностью лошадей роты Ермолова, на что тот отвечает: «Жаль, Ваше сиятельство, что в артиллерии репутация офицеров зависит от скотов».
О штабе Барклая он отзывался со своей обычной резкостью. “Здесь все немцы,– сказал он однажды,– один русский, да и тот Безродный” .
При атаке французов при Гейльсберге на замечание офицеров о том, что не пора ли уже открывать огонь, полковник Ермолов говорит: «Я буду стрелять тогда, когда различу белокурых от черноволосых».
У Ермолова, как у человека замечательного и своеобразного, было всегда много врагов. Раз как-то ему высказал это великий князь Константин Павлович, с которым он был в дружеских отношениях. “Я считал их, когда их было много, но теперь их набралось без счету, и я перестал о них думать”,– ответил Ермолов.
Во время боевых действий на Кавказе: "Чеченцы — народ, перевоспитанию не поддающийся. Только уничтожению."
На Кавказе: "Если волка будешь ты кормить с руки — из хребтов кавказских спустятся полки"
Во время боевых действий на Кавказе: "За одного нашего - десять ваших"

"Хочу, чтобы имя мое стерегло страхом наши границы крепче цепей и укреплений, чтобы слово мое было для азиатов законом, вернее неизбежной смерти. Снисхождение в глазах азиатов - знак слабости, и я прямо из человеколюбия бываю строг неумолимо. Одна казнь сохранит сотни русских от гибели и тысячи мусульман от измены".