IPv6 is the newest version of the Internet Protocol over which all network services run.
This guide reviews potential business drivers for deploying IPv6 in Janet-connected research and education sites and provides pointers to help you get started.
The primary benefit of IPv6 over IPv4 is having 128 bits of address space rather than just 32 bits, allowing enough globally unique IP addresses to support internet growth for the foreseeable future.
The final supply of unused IPv4 address space held by RIPE ran out in November 2019. While Jisc has a small pool of unused addresses, this is limited (generally, further supply is only available from companies who trade in IPv4 address space). While the future is IPv6, Janet-connected organisations will still require enough IPv4 address space to support existing public-facing services for many years to come.
The challenge for Jisc members is to introduce IPv6 capability in a timely way while ensuring existing services continue to be accessible using IPv4.
IPv6 has been specified in the Internet Engineering Task Force (IETF) for over 20 years but has only come to prominence since the World IPv6 Launch in 2012. The good news is that IPv6 continues to see healthy growth in adoption, particularly in residential and mobile networks.
Various organisations provide data points on IPv6 adoption, one being Google, who report on the percentage of traffic accessing its services over IPv6. As of the start of 2021, almost 35% of Google traffic is now IPv6 with the UK also sitting at a similar level. This figure is reflected in most other IPv6 measurements.
In order to begin a project to deploy IPv6 in your organisation, it is likely you will require a business case to justify resources.
Business drivers for IPv6
Although there is no single case that would apply to all members, here are a number of drivers that you can tailor to your specific circumstances when developing your case.
Availability of globally unique IP addresses
An organisation needs enough globally unique IPv4 addresses to make its public-facing services available on the internet. If a campus wants to support growth in the number of devices on its network (particularly with the rapid growth in wireless devices, IoT, etc) and wishes to assign these devices globally unique addresses, then IPv6 provides the only future-proof approach.
While many universities have a /16 block of IPv4 - approximately 65,000 globally unique addresses - many are running out of that address space and moving systems to private IPv4 addressing with IPv4 Network Address Translation (NAT). Smaller organisations may only have a /24 block of IPv4 - around 250 usable addresses - and already make more use of NAT.
While IPv4 addresses can still be acquired, this is through a commercial market which costs around £20 per IP address.
Degradation of IPv4 service quality
The quality and responsiveness of IPv4-based applications is falling as IPv4 networks deploy increasing instances and layers of NAT (with many operators adopting carrier-grade NAT). Such middleboxes have an impact on performance.
Apple recently reported that IPv6-based connection setup was 1.4x faster than IPv4. Similar reports have come from other sources in the past, including Facebook.
Reducing network management complexity
Use of IPv4 NAT can make logging more complex and make tracking users or devices associated with certain network activity harder.
Where multiple private IPv4 address spaces are in use, it can increase the chances of overlaps in the use of such space within multiple parts of an organisation.
Ensuring robust access to your public-facing services
Many access networks are becoming IPv6-only, particularly mobile networks (EE in the UK has several million such handsets), so providing robust and efficient access to your services for users who are on IPv6-only networks is increasingly important.
While IPv6-to-IPv4 translation technologies generally work well, the most robust and performant way to make your content available is by IPv6-enabling all your public-facing services, such as your organisation’s web presence.
Improving your campus network security
Campus networks that haven't IPv6 might be considered IPv4-only by those who manage them, but devices that connect to the network care little for this and will quite happily use some IPv6 capabilities unless they are explicitly disabled or blocked.
An IPv4-only network is likely to be open to IPv6-based attacks from a hostile agent or accidentally misconfigured device unless preventative measures have been taken, for example, to prevent rogue Router Advertisements (RAs) being sent.
Supporting teaching and network research
Any Janet-connected organisation involved in teaching is likely to include computer science and other related subjects.
Given that students will be graduating into a world where IPv6 use is already hitting 35% of all internet traffic, there is a strong case for teaching them and exposing them to IPv6 on campus for courses and project work. Sky and BT have deployed IPv6 in around 10 million homes between them, so technically-minded students may be surprised that while they are increasingly likely to have IPv6 in their residential accommodation, it's less likely to be available on their campus.
Similarly, network researchers will most likely need access to IPv6 for experimental and test purposes, to validate their work.
Supporting emerging IPv6-only research infrastructures
CERN experiments which run over the Worldwide Large Hadron Collider Computing Grid (WLCG) involve distributed storage of many petabytes of data between sites around the world. This infrastructure is moving towards IPv6-only operation, in part to support IPv6-only compute nodes. As of the start of 2021, over 75% of the tier 2 storage supports IPv6.
It's likely that other infrastructures will adopt a similar strategy, so organisations that take part in associated research should be ready. Imperial College has demonstrated WLCG flows aggregating to several tens of gigabits per second of IPv6 traffic.
Also, some cloud providers support IPv6-only hosting, allowing organisations to have remote compute and storage for research or other purposes without needing IPv4. For example, Mythic Beasts uses IPv6 as the default and IPv4 is a chargeable option.
Avoiding a rushed IPv6 deployment
While there is no specific date when organisation's must deploy IPv6 across its infrastructure, it's not possible to predict exactly when that point might be reached.
Organisations, including larger residential ISPs such as Sky, who have deployed IPv6 already have typically taken around three to four years to do so. Starting the process sooner rather than later means you avoid the potential extra cost, pressure and potential pitfalls of a rushed deployment.
Supporting innovation at the edge
There is an increasing number of devices and applications running at the network edge that operate either IPv6-only or that prefer IPv6. By deploying IPv6 you can be confident that such devices will be able to operate optimally in your network. Such environments also foster the creation and operation of innovative new applications and services.
Having determined that your organisation is embarking on a plan to deploy IPv6, there are several aspects to consider.
You should seek to procure equipment, software and services that support IPv6. To do that, developing a better understanding of IPv6, and what “supports IPv6” means in practice is important.
Even if you are not planning to turn on IPv6 yet, ensuring your procurements have the right capabilities is likely to save you problems down the line.
The good news is that most common router platforms and operating systems already have good IPv6 support. However, you should also assess the IPv6 capabilities of the systems and software you currently have in place (including network monitoring tools, firewalls, IP and address management platforms, DNS and DHCP server systems etc.)
IPv6 is available alongside IPv4 on the Janet Network in a model known as “dual-stack” where both versions of IP are supported.
The IPv6 service is included as part of Janet IP connection service to all Janet-connected organisations - your organisation just needs to confirm that you require IPv6 enabled.
All Janet-connected sites can apply for IPv6 address space. The vast majority of members who have sought IPv6 address space have a /48 assigned by Jisc.
By default, you will be assigned a /48 prefix from the Janet allocation of 2001:630::/32. An organisation that is a RIPE LIR may apply directly to the RIPE NCC for an allocation of a /32.
Once you have address space, you will need to form an IPv6 address plan.
In practice you will assign IPv6 host subnets to all existing IPv4 subnets.
- In IPv6 - host subnets are /64 in size (due to the way stateless autoconfiguration works)
- In IPv4 - resize your IPv4 subnets for more efficient use of your address space
A phased approach
When planning an IPv6 deployment, remember that you do not need to transition your whole network in one go. More specific projects allow for a targeted and incremental approach. Examples include:
- IPv6-enabling your public-facing services (such as web presence, and/or DNS and mail exchangers)
- Adding IPv6 to your wifi (most likely eduroam)
- Adding it to your Science DMZ network in support of large scale research data file transfers
- Deploying IPv6 in your computer science department network or labs
- Deploying it in your own computing service staff labs and offices
Your first step may be a limited testbed deployment, which you could do within a local test lab, or by setting up an isolated network off your campus edge router where IPv6 is available to you via Janet.
Deploying IPv6 alongside IPv4
In general, you would be deploying IPv6 dual-stack, alongside IPv4. While the end game is IPv6-only, at this stage Janet-connected sites who have deployed have chosen dual-stack.
There are technologies available that help support IPv6-only operation (such as NAT64, DNS64 and 464XLAT as used by mobile operators) and you should be thinking about opportunities to remove IPv4 where needed, but interoperability with existing IPv4-only services is a consideration.
In support of your IPv6 deployment, Jisc:
- Provides IPv6 connectivity to your organisation as part of your existing standard IP connectivity service; IPv6 is delivered “to your doorstep”, ready for you to enable and use
- Provides IPv6 address space for your organisation (which by default would be a /48 prefix taken from our Janet range 2001:630::/32)
- Supports IPv6 in the public-facing services we operate, such as the .ac.uk name servers, and our Janet NTP servers. For example, you can use our IPv6-enabled nameservers as your DNS secondaries
- Provides IPv6 training, potentially bespoke for your organisation
- IPv6 deployment at Imperial College, and IPv6 address planning (at UCL and Reading)
- IPv6 deployment at the University of Reading
- IPv6 Only hosting by Mythic Beasts Ltd
- IPv6 in the WLCG (pdf)
- The AIT experience with IPv6 only wifi (pdf) - Athlone Institute of Technology
- Sign up to the IPv6 users JiscMail list, where you can get help from the Janet community
- Sign up to the Networkshop community Slack channel