The internet protocol (IP) is the standard used in the information technology by the computer systems to intercommunicate. Majority of the high-level application or protocols such as P2P, SMTP, HTTP among other depends on IP for their functionality. Devices and computers relying on the IP protocol have a unique identifier known as IP address assigned to them. IP address transfer the information from the source to the destination through the different communication network nodes (Partridge, Arsenault, & Kent, 2007). The unique identifiers consists of 32-bit integer number which in grouped into four numbers separated by a dot. The integer ranges from 0 to 255 and the separation by dot enhance greater ease of handling. It has been observed that the IP address consisting of 32 bits have the possibility of generating about 4,300 millions of unique addresses. However, as the number of computers and devices using the IP protocol continues to increase, the availability of IP protocol consequently continues to diminish (Frankel, Graveman, & Pearce, 2010). Despite the efforts to alleviate this problem through the introduction of CIDR and NAT, the basic problem continues to persist and also elevate the shortcoming related to loss of end-to-end connectivity. This problem is common to IP protocol version 4 (IPv4).
Read also Proposal to Upgrade From IPv4 to IPv6
As a result, a new version of protocol was introduced to resolve the diminishing number of IP address. The introduced IP protocol version 6 (IPv6) consists of a 128-bit integer which has 2^96 times more IP addresses than the IPv4. This new IP protocol (IPv6) has the capacity to create more IP addresses since it has the smallest subnet of 64 bits long. Also, IPv6 has more capabilities and improvement in term security.
Benefits of implementing IPv6 over IPv4
Massive size of the IP address space: This makes harder for the attackers to carry out port scanning. Normally, attackers carry out port scanning as a familiarization method in order to collecting as much information as possible about victims’ network. Experts have observed that since IPv4 has only 32-bit long, an attacker with enough bandwidth can scan the entire IPv4 in just 10 hours (Palet, 2011). The introduction of IPv6 has expanded the IP addresses to 128-bit, which is a massive size that makes it significantly harder for the attackers to carry out comprehensive port scanning. Nonetheless, it is significant to note that the port scanning used in IPv4 as a reconnaissance technique is also used in IPv6. Therefore, it is important to employ internal-use IPv6 addresses in the border router, and use the firewall to filter un-used in IPv6 networks.
Cryptographically Generated Address (CGA): The new generation IP protocol IPv6 has make it possible to bind public signature key to an IPv6 address. The process of binding public signature key to the IPv6 address is known as a Cryptographically Generated Address (CGA). The inclusion of CGA in IPv6 is an additional security to the IPv6 network since it provide defense for the IPv6 locality router detection mechanism (Frankel, et al., 2010). It also requires the user to make available a “proof of ownership” for a specific IPv6 address. This is concept that make IPv6 different from IPv4 in relation to security aspects (HP, 2006). It makes it impossible to incorporate this functionality to IPv4 because of the limited space which is currently stand at 32-bit address.
IP Security (IPsec): This is the technique that provides cryptographically, high quality and interoperable security services for traffic at the IP layer. IPsec was created mandatory in the IPv6, but is optional in IPv4, thus making IPv6 more secured than IPv4 (Partridge, et al., 2007). IP Security ensures that there is originality of IP protocol through access control, confidentiality, integrity and authenticity of each IP packet by the use of Encapsulating Security Payload (ESP) and Authentication Header (AH) protocols.
Potentials issues and concerns
IP Addressing Structure: This is responsible for defining the architecture of a network. IP addressing structure should be well designed in order to reduce potential risks related to the new features found in IPv6. Some of the factors that need to be considered when designing a IPv6 network include:
- Hierarchical addressing and numbering plan: This describes the process in which an organization segregate its IPv6 allocation. For example, organizations that are allocated a 16 subnet bits (/48) address block, should plan numbering to support 65,000 subnets (Palet, 2011). The numbering plan should be designed to simplify access control to interface and links, identify ownership as well as make firewall rules easily accessible in security operations. Careful planning and creation of hierarchical addressing involves the consideration of the following subnet methods:
- Functional unit of an organization such as operation and accounts among others
- Physical location of network IPv4 subnet number
- Sequentially numbering subnets
- Issues associated with tractable EUI-64 addresses: The use of EUI-64 addresses provides the attackers the potential of revealing the model and make of a remote machine, which makes the victims more vulnerable to attackers (Frankel, et al., 2010). In order to mitigate the vulnerability, the organization should use non-predictable addresses by employing cryptographic algorithm such as CGA and allocating addresses with DHCPv6.
Whether or not to continue using the network services
Since IPv6 is the next generation IP protocol designed to mitigate security problems associated with IPv4, the organization should transit from IPv4 network to IPv6 network. For the transition to be smooth, the organization can run IPv4 and IPv6 side by side. This approach allow the network to run in dual mode using routers that support both IPv4 and IPv6. However, there is challenge of maintain the IPv4 and IPv6 domain consistently (Partridge, et al., 2007). This problem is associated with IP address space which is massive in IPv6. Considering the security benefits brought about by IPv6, the organization should implement the use of IPv6 network over the traditional IPv4 since it provide more protection and space for more IP addresses.
Necessary changes to existing hardware
There are several hardware changes that are necessary in ensuring effective implementation of IPv6. The hardware that needs to be changed or upgraded include layer 2 switches, layer 3 router and the desktop hosts such as operating systems. Although the implementation of IPv6 does not require significant change to the layer switches, IPv6 support VLAN requires hardware support (Frankel, et al., 2010). Layer 3 router should be changed to allow forwarding and routing mechanism needs to recognize IPv6. Protocols such as OSPFv3 and RIPng needs to be changed to be IPv6 capable. The desktop operating systems needs to be changed to support IPv6. The application changes needs to support peer-to-peer and end-to-end communications models on the internet.
Some of the factors that needs to be considered when drawing implementation plan include service provider support, network planning, return on investment as well as protecting the existing investment. The organization needs to consider the existing investment in order to evaluate the cost effective way of using this infrastructure to transit to IPv6 implementation without incurring large costs.
Order Unique Answer Now