The Internet’s IPv4 clock keeps ticking down. As Robert Cannon, the FCC’s senior counsel for Internet law, observed recently, “The original [Internet] address space, IPv4, is nearly exhausted.” He’s so right.
Still, I’ll bet most of you are still scared to death of having to learn IPv6, never mind actually deploying it. I know I would be if I were an overworked network administrator. Fortunately, there is help.
The National Institute of Standards and Technology (NIST) has just released Guidelines for the Secure Deployment of IPv6 (PDF Link). This is an excellent and free 188 page guide to IPv6. Besides covering the basics, it also does an excellent job of covering IPv6 security issues and how to deploy and management dual IPv4/IPv6 networks. Frankly, it’s the best guide I’ve seen to date on how to actually put IPv6 to work on a network.
Color me green with envy, I’d planned on writing my own e-book on IPv6 sometime this year, and now I have a very high standard to shoot for. This isn’t just a network administrator’s manual, it’s also, to quote NIST’s Evelyn Brown, “a guide for managers, network engineers, transition teams and others to help them deploy the next generation Internet Protocol (IPv6) securely.”
That last word, “securely” is an important one and it’s another reason I highly recommend that you download a copy of this NIST document. As lead author Sheila Frankel said, “Security will be a challenge, however, because organizations will be running two protocols and that increases complexity, which in turn increases security challenges.” These challenges will “include fending off attackers that have more experience than an organization in the early stages of IPv6 deployment and the difficulty of detecting unknown or unauthorized IPv6 assets on existing IPv4 production networks.”
I know. Just what you needed: deploying a new network stack and a new set of network security problems. That’s why I can’t recommend enough that anyone getting ready to deal with IPv6, read this document. You’ll be glad you did.