Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

What Does "IPv6 Day" mean to you?

Published: 2012-06-01
Last Updated: 2012-06-01 14:40:51 UTC
by Johannes Ullrich (Version: 1)
1 comment(s)

the Internet Society has declared this coming Wednesday, June 6th, "IPv6 Day" [1]. We had a similar IPv6 day last year, but this year things will be a bit different. First of all, like last year, numerous large web sites declared their participation in IPv6 day.

As of June 6th, participating web sites will be reachable via IPv6, and they will remain reachable via IPv6 beyond June 6th. Last years IPv6 day was different in that it only lasted one day, and IPv6 connectivity was disabled the next day. Last year was more of a trial run and based on it's success, it was decided to maintain IPv6 connectivity beyond IPv6 day this year. 

So what does this all mean? First of all, the web sites in question will still be reachable via IPv4. However, if you do have some form of IPv6 connectivity, you will likely use IPv6 to reach them (see my "Happy Eyeballs" video about some of the odd issues that may arise . https://isc.sans.edu/ipv6videos/HappyEyeBalls/index.html )

If you are using an IPv6 tunnel, or in particular if your operating system decides to auto-configure a tunnel, you may see some degradation in speed and reliability. It is time to get a native IPv6 connection. I know most of you can't get it. But this is another problem... "Teredo" connections will not be used if IPv4 connectivity is available.

Get ready to secure your IPv6 network. Right now, IPv6 is a blind spot to many detective controls. Don't consider IPv6 a threat. Use it as an opportunity. There are a lot of neat things you can do in IPv6 to secure your network better. But get on it and learn about it now.

In the end, we do need IPv6. IPv4 was designed as a research network for the 70s/80s. It has outlived its purpose. The current global business network we call the Internet can not continue to run and grow much. Already, we are running into issues not just with address utilization, but also with routing efficiency, integration of modern networking paradigms like mobility, modern hardware opportunities that make IPv4 inefficient. I consider it like the DC power grid as a nice starter network that helped us get going, but in the end, AC was the way to go to actually create large efficient power grids that jump started so many great innovations.

We do also have a special summit coming up: The Security Impact of IPv6. See http://isc.sans.edu/ipv6 .

[1] http://www.worldipv6day.org/

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

Keywords: ipv6 ipv6 day
1 comment(s)
Diary Archives