How to begin an IPv6 deployment
The benefits of moving to IPv6, advice on how to create a business case and tips for deployment.
Introduction
IPv6 is the newest version of the Internet Protocol over which all network services run.
This guide reviews potential business drivers for deploying IPv6 in Janet-connected research and education sites and provides pointers to help you get started.
Why you should move to IPv6
The primary benefit of IPv6 over IPv4 is using 128 bit Internet Protocol (IP) addressing rather than just 32 bit, allowing there to be enough globally unique IP addresses to support internet growth for everyone for the foreseeable future.
The final supply of unused IPv4 address space held by RIPE ran out in November 2019. While Jisc has a small pool of unused addresses, this is limited, and generally further supply is only available from companies who trade in IPv4 address space, where prices are currently at $40-$50 per address, or around $3M for the IPv4 /16 block many universities hold.
While the future is IPv6, Janet-connected organisations will still require enough IPv4 address space to support their existing public-facing services for many years to come.
The challenge for Jisc members is to introduce IPv6 capability in a timely way while ensuring existing services continue to be accessible using IPv4.
The challenge for Jisc members is to introduce IPv6 capability in a timely way while ensuring existing services continue to be accessible using IPv4.
IPv6 has been specified in the Internet Engineering Task Force (IETF) for over 20 years but has only come to prominence since the World IPv6 Launch in 2012. The good news is that IPv6 continues to see healthy growth in adoption, particularly in residential and mobile networks.
Various organisations provide data points on IPv6 usage, one being Google, who report on the percentage of traffic accessing its services over IPv6. As of the start of 2023, over 40% of Internet user traffic is now IPv6 with the UK also sitting at a similar level. This figure is reflected in most other IPv6 measurements.
Creating a business case for IPv6
In order to begin a project to deploy IPv6 in your organisation, it is likely you will require a business case to justify resources.
Business drivers for IPv6
Although there is no single case that would apply to all members, here are a number of drivers that you can tailor to your specific circumstances when developing your case.
Enabling digital transformation
As the drive towards new network-based services continues to grow, IPv6 is the only viable solution to meet that need at scale. Only IPv6 provides the necessary global IP address space for internet growth.
IPv6 is also required to support innovation at the edge, for the Internet of Things (where IPv6 and protocols such as 6LoWPAN are becoming increasingly common), for 5G and 6G, and to enable the myriad of services that are likely to be demanded in the campus of the future.
As the drive towards new network-based services continues to grow, IPv6 is the only viable solution to meet that need at scale. Only IPv6 provides the necessary global IP address space for internet growth.
IPv6 is also required to support innovation at the edge, for the Internet of Things (where IPv6 and protocols such as 6LoWPAN are becoming increasingly common), for 5G and 6G, and to enable the myriad of services that are likely to be demanded in the campus of the future.
Future-proofing
As mentioned above, over 40% of internet user traffic is IPv6. If its linear growth continues, IPv6 will be the dominant Internet Protocol by the end of 2024, meaning support for it in your network is becoming increasingly hard to ignore. Ensuring your systems and networks have the capability to run IPv6 should be seen as very important.
To ensure this, you should at the very least include IPv6 capability in all new projects and procurements, even if you do not plan to turn it on from day one.
As mentioned above, over 40% of internet user traffic is IPv6. If its linear growth continues, IPv6 will be the dominant Internet Protocol by the end of 2024, meaning support for it in your network is becoming increasingly hard to ignore. Ensuring your systems and networks have the capability to run IPv6 should be seen as very important.
To ensure this, you should at the very least include IPv6 capability in all new projects and procurements, even if you do not plan to turn it on from day one.
Deteriorating IPv4 service performance and stability
Network services using IPv4 are becoming increasingly fragile due to the need for operators to use address sharing and translation technologies, including NAT and carrier grade (two layer) NAT. Most smaller organisations connected to Janet already use NAT, and even larger universities are now often having to do so as well.
The use of NAT can lead to additional deployment and management complexity, and adversely affect performance. Apple has reported that IPv6-based connection setup was 1.4x faster than IPv4. Similar reports have come from other sources in the past, including Facebook.
Network services using IPv4 are becoming increasingly fragile due to the need for operators to use address sharing and translation technologies, including NAT and carrier grade (two layer) NAT. Most smaller organisations connected to Janet already use NAT, and even larger universities are now often having to do so as well.
The use of NAT can lead to additional deployment and management complexity, and adversely affect performance. Apple has reported that IPv6-based connection setup was 1.4x faster than IPv4. Similar reports have come from other sources in the past, including Facebook.
Ensuring robust access to your public-facing services
Many internet service provider (ISP) access networks are becoming IPv6-only, particularly mobile networks (EE in the UK has several million such handsets), so providing robust and efficient access to your services for users who are on IPv6-only networks is increasingly important.
While IPv6-to-IPv4 translation technologies generally work well, the most robust way to make your content available is by IPv6-enabling all your public-facing services, such as your organisation’s web presence.
This is the approach that has been taken by the major content providers like Google and Facebook and content delivery networks such as Cloudflare and Akamai for several years.
Even if you are not yet deploying IPv6 on your internal user-facing networks, you should enable it for your public-facing services.
Many internet service provider (ISP) access networks are becoming IPv6-only, particularly mobile networks (EE in the UK has several million such handsets), so providing robust and efficient access to your services for users who are on IPv6-only networks is increasingly important.
While IPv6-to-IPv4 translation technologies generally work well, the most robust way to make your content available is by IPv6-enabling all your public-facing services, such as your organisation’s web presence.
This is the approach that has been taken by the major content providers like Google and Facebook and content delivery networks such as Cloudflare and Akamai for several years.
Even if you are not yet deploying IPv6 on your internal user-facing networks, you should enable it for your public-facing services.
Enhancing network security
Campus networks that haven't deployed IPv6 might be considered IPv4-only by those who manage them, but with all common computer and network operating systems supporting IPv6 and generally having it enabled by default, IPv6 is a potential security risk even in an “IPv4 only” network.
An example of such security issues lies with rogue Router Advertisements (RAs), where an attacker can pretend to be an IPv6 router on your "IPv4-only" network, or provide bad DNS server information to network devices.
The best way to secure your network against IPv6-based attacks is to deploy IPv6, and to configure it and proactively manage it following best IPv6 network security practices.
Campus networks that haven't deployed IPv6 might be considered IPv4-only by those who manage them, but with all common computer and network operating systems supporting IPv6 and generally having it enabled by default, IPv6 is a potential security risk even in an “IPv4 only” network.
An example of such security issues lies with rogue Router Advertisements (RAs), where an attacker can pretend to be an IPv6 router on your "IPv4-only" network, or provide bad DNS server information to network devices.
The best way to secure your network against IPv6-based attacks is to deploy IPv6, and to configure it and proactively manage it following best IPv6 network security practices.
Supporting teaching and research
A key differentiator for a research and education campus compared to a typical enterprise network is the requirement to provide a leading-edge environment to support teaching and research, at the very least for computer science related disciplines.
Students graduating into a world where IPv6 will be the dominant Internet Protocol should have first-hand experience of using it for coursework and projects, and researchers should be able to build and run software in an IPv6-enabled environment.
A key differentiator for a research and education campus compared to a typical enterprise network is the requirement to provide a leading-edge environment to support teaching and research, at the very least for computer science related disciplines.
Students graduating into a world where IPv6 will be the dominant Internet Protocol should have first-hand experience of using it for coursework and projects, and researchers should be able to build and run software in an IPv6-enabled environment.
Supporting communities moving towards IPv6-only
While it is not yet common, some research communities are eyeing an IPv6-only future. A notable example is the Worldwide Large Hadron Collider Computing Grid (WLCG) which facilitates international collaboration on the CERN experiments, where 90% of the Tier 2 storage sites around the world now support IPv6.
The WLCG IPv4/IPv6 network traffic visualisations show well over 80% of the traffic to and from CERN being IPv6, higher on their Large Hadron Collider Optical Private Network. On Janet, Imperial College recently saw periods where all its incoming traffic over its 100G Janet link was using IPv6.
It is quite possible that organisations will need to support IPv6 in the not-too-distant future to participate in certain distributed computing infrastructures.
While it is not yet common, some research communities are eyeing an IPv6-only future. A notable example is the Worldwide Large Hadron Collider Computing Grid (WLCG) which facilitates international collaboration on the CERN experiments, where 90% of the Tier 2 storage sites around the world now support IPv6.
The WLCG IPv4/IPv6 network traffic visualisations show well over 80% of the traffic to and from CERN being IPv6, higher on their Large Hadron Collider Optical Private Network. On Janet, Imperial College recently saw periods where all its incoming traffic over its 100G Janet link was using IPv6.
It is quite possible that organisations will need to support IPv6 in the not-too-distant future to participate in certain distributed computing infrastructures.
Consider your deployment approach
Having determined that your organisation will embark on a plan to deploy IPv6, there are several aspects to consider.
Procurement
You should seek to procure equipment, software and services that support IPv6. To do that, developing a better understanding of IPv6, and what “supports IPv6” means in practice is important.
Ensure items and services you have procured have the right capabilities to save you problems down the line.
Even if you are not planning to turn on IPv6 yet, it is wise to ensure items and services you have procured have the right capabilities to save you problems down the line.
The good news is that most common router platforms and operating systems already have the necessary IPv6 support. However, you should also assess the IPv6 capabilities of the systems and software you currently have in place, including network monitoring tools, firewalls, IP and address management platforms, DNS and DHCP server systems, etc.
Read guidance for writing tenders as shared by the RIPE community.
Connectivity
IPv6 is available alongside IPv4 on the Janet Network in a model known as “dual-stack” where both versions of IP are supported.
The IPv6 service is included as part of Janet IP connection service to all Janet-connected organisations - your organisation just needs to confirm that you require IPv6 enabled.
IPv6 address space
All Janet-connected sites can apply for IPv6 address space. The vast majority of members who have sought IPv6 address space have a /48 assigned by Jisc, which is enough for over 65,000 IPv6 subnets each of /64 in size.
Such assignments are provided from Jisc's allocation as a Local Internet Registry (LIR) from the RIPE NCC.
An organisation wanting a larger assignment can discuss the rationale with Jisc, or may choose to become an LIR itself, through which it would receive an initial /32 allocation. Jisc will route a site's IPv6 traffic whatever method was used to obtain the address space.
Once you have the address space, you will need to form an IPv6 address plan.
In practice you will assign IPv6 host subnets to all existing IPv4 subnets. The difference is that while with IPv4 you will likely resize your IPv4 subnets for more efficient use of your address space, in IPv6 all host subnets are /64 in size due to the way stateless address autoconfiguration (SLAAC) works.
More information about IPv6 address planning
- Preparing an IPv6 addressing plan - a guide published by RIPE
- Watch a video showing the top things to keep in mind when preparing your IPv6 addressing plan, presented at a UKNOF meeting
A phased approach
When planning an IPv6 deployment, remember that you do not need to deploy IPv6 on your whole network in one go. More specific projects allow for a targeted and incremental approach. Examples include:
- IPv6-enabling your public-facing services (such as web presence, and/or DNS and mail exchangers)
- Adding IPv6 to your WiFi (most likely eduroam); this will typically lead to 30-40% of your WiFi traffic being IPv6, possibly more
- Adding it to your Science DMZ network in support of large scale research data file transfers
- Deploying IPv6 in your computer science department network or labs in support of teaching and research
- Deploying it in your own computing service staff labs and offices, so your staff can better understand it and gain experience
Your first step may be a limited testbed deployment, which you could do within a local test lab, or by setting up an isolated network off your campus edge router where IPv6 is available to you via Janet.
It's worth remembering that not all of your required IPv6 support is on-campus. Cloud is becoming increasingly important to support services delivered to campus users. You should review your use of cloud and support from the providers you use, for example AWS recently presented on architecting services with IPv6.
Deploying IPv6 alongside IPv4
In general, you will be deploying IPv6 dual-stack, alongside IPv4. While the end game is IPv6-only, at this stage Janet-connected sites who have deployed have chosen dual-stack.
There are technologies available that help support IPv6-only operation by providing a way to access IPv4-only content (such as NAT64, DNS64 and 464XLAT as used by mobile operators).
You should be thinking about opportunities to remove IPv4 where needed, but interoperability with existing IPv4-only services is a consideration.
Next steps and further information
In support of your IPv6 deployment, Jisc:
- Provides IPv6 connectivity to your organisation as part of your existing standard IP connectivity service; IPv6 is delivered “to your doorstep”, ready for you to enable and use
- Provides IPv6 address space for your organisation (which by default would be a /48 prefix taken from our Janet range 2001:630::/32)
- Supports IPv6 in the public-facing services we operate, such as the .ac.uk name servers, and our Janet NTP servers. For example, you can use our IPv6-enabled nameservers as your DNS secondaries
Jisc has authored a Janet IPv6 technical guide (pdf) to provide more information on the topics mentioned in this article.
Jisc members are welcome to talk to us about IPv6. The author of this article can be reached via your relationship manager.
Get involved
- Sign up to the IPv6 users JiscMail list, where you can get help from the Janet community
- Sign up to the Networkshop community Slack channel