One year left

We have just passed a milestone, there is only one year left of IPv4 allocations from IANA to the Regional Internet Registries: APNIC, ARIN, RIPE, LACNIC, AfriNIC. The Regional Internet Registries RIR will need a few more months to allocate their available resources to ISPs, and some more months from the ISPs to the end users. What is left in the IPv4 pool is a bit dirty as these are addresses that have been in use, against recommendations, on internal networks. There has been some studies to see how dirty this space is. It will not mean the end of the Internet in one year, but certainly users will select their ISPs/Collocation Centre in function of which one can provide them with address space. There could be address space trading and any kind of other oddities.

What has to be done?

Migrate to IPv6 is the solution. Adding NATs (using private IP space behind one public IP address), is like wasting money in an old car. There is a lot of misconception out there about the difficulty of implementing IPv6, but it is damn easy, on the client side that is. Enabling your client to surf the Internet on the IPv6 takes about 5mn. You configure your router internal interface with an IPv6 address and let the router advertise the new network. No need of DHCP, static IP, etc... The internal computers will pick it up, self configure and start to go IPv6. Add a filtering rule on the router to avoid the Internet to connect to your internal computers and you are as safe as with a NAT.

Where is the difficulty?

The difficulty is in configuring your servers to serve to IPv6 clients. I recommend to disable IPv6 on your servers, have a bit of fun with your IPv6 clients on your internal network, and then enable one by one your servers to work over IPv6. You need to make sure your software will listen on IPv6 addresses and you don't have any special code/script/database that won't understand the new IPv6 format. If your engineers are using IPv6 on their desktop they will become more familiar with it, and think about the implementation of it in code, all naturally.
So yes it is moving in two steps: clients first, servers later.!

Why IPv6 did not pick up early

IPv6 has been here for the last 10 years, but I think the trigger on the adoption of IPv6 was IETF 71, March 9-14, 2008; Philadelphia, PA, USA. At this meeting it was decided to do a one hour long IPv4 outage. Participants will have no other choice than to use IPv6 strictly to surf the Internet. They would be able to see what works, what does not work, what can be fixed with workarounds, and what's left to do... It was at that time that ICANN put the IPv6 glue in the root servers, so it was now possible to query the DNS with IPv6 only. You can retrieve an IPv6 address using the IPv4 DNS stack, it is not an issue, and as machines are dual stack (IPv4 and IPv6) they can use either stack to do their DNS queries but IPv6 has to be able to stand on its own ground. The other event was Google provided http://ipv6.google.com for people to have a site to go to and test their configuration. Since then Google has migrated all their services to IPv6 (including YouTube!). Netflix has done the same and many others are following. It means once you enable IPv6 on your network, you see a lot of IPv6 traffic. First all your clients will self configure to IPv6 (see above) second there are many popular IPv6 sites out there. It does not grow slowly.

Where are we in Fiji and the rest of the world.

We went around and asked the various stakeholders what were their plans for IPv6. So far the response have been interesting but not surprising, everyone says they have to, but no one has a definitive, well thought, plan. It is a bit of let's see attitude. We are still waiting for answers from FINTEL, Vodafone and Digicel. I think in the coming year we will see an exponential IPv6 uptake as the word spreads that it is easy to enable your client network to IPv6. Europe and Asia are quite in advance on IPv6 deployment, but the USA lags behind, and as the USA and the Silicon Valley leads in IT innovation, until they move to IPv6 there will be still this wait and see attitude. Once the Silicon valley goes IPv6, expect a snow ball effect. There is a lot of noise on IPv6 there already like the IPv6 panel by the San Francisco bay Area Chapter of the Internet Society or the Google IPv6 implementators conference

The coming year will be very quite interesting...

This week we migrated our Zimbra mailsever to send and receive email over IPv6.

While Zimbra does not officialy supports IPv6, the underlying component to send and receive email, postfix, supports IPv6 for a long time. The process is therefore to modify the postfix config to enable IPv6. However Zimbra rewrites the various components configuration files, therefore you cannot edit them directly. You edit /opt/zimbra/conf/zmmta.cf and add the line in the mta section

POSTCONF inet_protocols all

like in the example below:

...
  POSTCONF virtual_transport LOCAL postfix_virtual_transport
  POSTCONF inet_protocols all
RESTART mta
...

As s zimbra user, restart the mta:

zmmtactl restart

Additionally, we modified the MTA mynetworks parameter. This cannot be edited directly from the GUI. The GUI checks that you enter a valid IP address, but checks only for IPv4.

You can do that directly as the zimbra user:

zmprov modifyserver seine.avonsys.com zimbraMtaMyNetworks '127.0.0.0/8 x.x.x.x/x [::1]/128 [xxxx:xxxx:xxxx::x]/48'

Where [xxxx:xxxx:xxxx::x]/48 is your IPv6 network.

All is explained on Zimbra forum and on Zimbra Bugzilla

We then modified our MX record to point to our machine which will have both a A (IPv4) and AAAA (IPv6) record. Dual stack clients usually prefers IPv6 over IPv4.

The last part was to get the rDNS set up. Mail servers are using the reverse DNS to check there are linkage between the IP that sends email, the machine it claims to be and the domains used in the email itself. Basically, when a server receive a connection, the sender will identify itself via the EHLO or HELO command: 'HELO seine.avonsys.com'. The sender would be connecting from a specific IP: 2001:df0:67::129, the receiver check via the rDNS what hostname is associated with this IP.

dig -x 2001:df0:67::129
;; QUESTION SECTION:
;9.2.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.7.6.0.0.0.f.d.0.1.0.0.2.ip6.arpa. IN PTR

;; ANSWER SECTION:
9.2.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.7.6.0.0.0.f.d.0.1.0.0.2.ip6.arpa. 604800 IN PTR	seine.avonsys.com.

You can see the format of the rDNS for IPv6. You reverse the full IPv6 address (add the 0 where they should be):

2001:0df0:0067:0000:0000:0000:0000:0129

Now the issue, is that there are very little IPv6 enabled DNSBL. A DNS Blocking List, is a DNS which answers in codes in the range 127.0.0.x for any IP which is deemed unsafe to receive email from. First few DNSBL operators have IPv6, second, bind the popular DNS software is rarely used for such task as it is not optimized for this specific problem, instead people use rbldnsd which till recently was not IPv6 compatible, finally the sheer size of the database to store all these invalid IPs may be too much to handle (There are techniques to not consider all IPv6 addresses possible).

One such IPv6 DNSBL (and may be the first one) is VIRBL, at the moment we have no information on how to make it work with Zimbra for IPv6, but stay tuned.

A study by RIPE shows the level of SPAM on IPv6, but human sighting of SPAM on IPv6 tends to show that the SPAM does not originate from an IPv6 host, but from an IPv4 machine, and then relayed by a dual stack IPv4/IPv6 email server. Surely, things will change.

Overall, it is easy to configure a mail server on IPv6, relatively safe as the level of SPAM is not at the levels of SPAM on IPv4, and the second line of defense which are content based filters are not affected by the connected IP.

Now, we will gain experience on the practice of having SMTP over IPv6.

In May this year Avonsys was amongst other Information Technology companies that attended the Web 2.0 Expo which was held in San Francisco.

The Web 2.0 Expo is an annual event which gathers web developers, innovators, companies and individuals who are the next generation on the web under one roof to showcase their products.

The Web 2.0 Expo provides a platform that enables developers or IT specialists to connect with other individuals who are also focusing on Software as a Service and web-based technologies.

Two senior executives from Avonsys attended the Web 2.0 Expo bringing back many exciting stories of the events that unfolded during the three busy days of the expo.

An executive said this year’s Web 2.0 Expo emphasized on the lack of specialized services that are being offered in the Pacific.

He said most IT-oriented companies in the Pacific are offering standard and not specialized services compared to Avonsys.

Attending the Web 2.0 Expo annually allows Avonsys to interact with their target market and also gives the company a chance to profile itself and its services on the West Coast of the United States of America.

The executive said one of their main activities during the Web 2.0 Expo was to explain to audiences the key services carried out by Avonsys.

This meant interacting with people who visited the Avonsys booth as well as other exhibitors and attendees in general, this year's Web 2.0 Expo saw a large amount of interest from providers of cloud computing infrastructure.

This indicated the growing popularity of cloud computing as a platform to offer services, replacing traditional on-premises software installation.

The Web 2.0 Expo 2010 was a success for all and Avonsys remains positive in attending the next event in 2011.

While the deployment of IPv6 is relatively easy it is still limited in the enterprise to the capability of the hardware. For instance lot of enterprise needs system with redundancy and failover mode. For instance Cisco ASA provides a firewall solution with hot standby capability. You place two boxes next to each others. the configuration of one will be sync to the other box. One box will be declared a Primary and the other Secondary. Once the primary is not any more detected by the secondary, the secondary picks up the IPs of the interfaces of the primary and act exactly like the primary. This is all well done using IPv4 addresses but the capability is not available in IPv6 until now with version 8.2 of the ASA OS.

There are still a lot of IPv4 functionalities that do not exist in IPv6 for lack of implementation. It means for many organisations, they have to move cautiously, or be aware they cannot offer the same level of reliability till they are able to upgrade their software. Until we can do in IPv6 what we do in IPv4 there will be still challenges to move to IPv6, and corporations don't like to find these issues the hard way.

Books that are targeted at managers, usually falls in the category of "self help" or airport readings. In my last travel I picked up the book by Susan Cramm "8 things we hate about IT - How to move beyond the frustrations to form a new partnership with I.T."

Susan Cramm has been the Chief Financial Officer (CFO) of Chevy's chain of Mexican Restaurants and Chief Information Officer (CIO) at Taco Bell. She now runs her consulting company specializing in leadership in Information Technology. The book draws on her experience on integrating IT at all levels in corporations.

Which manager has not been frustrated by IT people that consists of condescending techies who don't listen, and which IT specialist has not been frustrated by managers that treat IT professionals like untrustworthy servant genies?

The book is explaining why companies end up in this totally non-productive system, and on how to fix relations to best harness the technology for the benefit of the company strategy.

I highly recommend this read as well as Susan's blog at the Harvard Business Review. I only wish she would explore in her next book the relations that politics have with IT.

A decision made by the Commerce Commission earlier this month to offer interested parties access to the Southern Cross Cable directly is also a push start for the public to migrate to IPv6.
 
The sole bandwidth provider (FINTEL) must now accept applications from parties interested to access the cable directly and must connect them within six weeks.

In return, these parties will pay certain core maintenance fees to FINTEL.

Commission Chairman Doctor Mahendra Reddy said this move will not only ease access to the Internet but this would also see Information and Communication Technologies (ICT) penetrate through Fiji.

With increased ICT penetration, there are several benefits to the nation.

It will increase literacy levels, improve ease of education delivery, reduce the cost of doing business and contribute towards firms efficiency gains.
 
“Fiji is lagging behind in terms of the rapidly changing global technology and people are encouraged by this move to participate in a rapid changing world in which work and other activities are increasingly transformed by the access to developing technologies.”
 
Mr Reddy believes that the transition from IPv4 to IPv6, which has a vastly larger address space than IPv4 in Fiji will move slow due to two key reasons.

Firstly, the infrastructure for such transfer of technology is not readily available.

Secondly, education on the benefits of such transfer are also lacking amongst the users.

However, the new move by the commission will see more people in the country accessing the net at a cheaper rate within the next two years.
 
This will result in an increase in ICT penetration in the country which will increase economic activity and productivity in the country.
 
This move will also see more competition between Internet Service Providers and end users will benefit from this since prices will continue to decrease.
 
The decision marks the complete deregulation of the telecommunications market with Internet Service Providers by giving a chance to access the Southern Cross Cable network with immediate effect.

Was it Google Android that gave the pace? Today the iPhone with iOS4 has IPv6 (provided you have an IPv6 Wifi network to connect to). It also seems that Apple is now encouraging all the app developers to ensure their applications work on IPv6. These are great news. Suddenly about 30 millions customer equipment devices are IPv6 capable, adding to the Mac, Pc, Linux, Android devices. That's a lot of devices waiting for an IPv6 network in range, and some says there is no demand for IPv6...

The transition from IPv4 to IPv6 in the country needs to begin at the operation level such as Tier 1 Service Providers and the Internet Service Providers says Unwired Chief Technology Officer Reinhard Sanjeet Lal.

Mr Lal is positive that within the next 6 to 12 months a large number of companies in the country will be transiting from IPv4 to IPv6 including Unwired Fiji.

If people in Fiji and the rest of the Pacific Islands do not upgrade to IPv6 they will be missing out on connectivity and peering to the rest of the world.

To list one of the many benefits, IPv6 provides interoperability and mobility capabilities which are already widely embedded in network devices.

IPv6 and IPv4 are separate protocols, IPv6 is an Internet Layer protocol for packet switched internet works, a large address space which contains 128 bit addresses comparing to 32 for IPv4.

The new address space thus supports 2128(about 3.4×1038) addresses.

Businesses and organizations in Fiji and the rest of the Pacific will need equipment support and software’s that support the IPv6 stacks if they are to migrate to IPv6.

Mr Lal stressed that in major transitional cases there will be a need for IT specialists and experts but this depends on the skills of the organization internally.

Many businesses are aware of IPv6 while some others are still left in the dark.

The transition from IPv4 to IPv6 in the Pacific Islands is moving slow says Kidanet Senior Information Technology Officer.

Kidanet thinks there isn't enough awareness made in the country on the serious effects it may have if the public and private networks world wide do not migrate to IPv6 soon.

“Because there is a lack of awareness of IPv6 in the Pacific, the transition will be very slow in the next 6 to 12 months.”

“Members of the Asia Pacific Network Information Centre (APNIC) are fully aware of this migration and members of the public need to understand what IPv6 is.”

Many countries are quickly approaching IP addresses exhaustion as expanding industry and new network applications were contributing to address depletion.

As a result of the slow transition, tourism in the Pacific will be highly affected since possible tourists overseas would not be able to view websites on the web etc.

IPv6 protocol has great potential to not only relieve IPv4 address space shortage but to build larger, more efficient networks and support greater international interoperability.

Kidanet said in a manufacturing environment IPv6 can provide greater inventory control, with real-time information that allows production planning to meet customer demand more accurately and reduces the need to continue paying for redundant production capacity.

Once the private and public sector in Fiji commence transition from IPv4 to IPv6, new equipment supporting IPv6 would have to be purchased in order to implement it.

New intelligent network devices requires an internet addressing scheme that expands far beyond the capacity of IPv4. Mobile IP, IP television distribution, VOIP and wireless LAN are examples of new applications.

Kidanet IT officer said configuring IPv6 into a system is not a difficult task at all, however more awareness is needed in the country since time is now running out.

Kidanet is ready to migrate to IPv6 however, this will be determined by their Internet Access Provider (IAP), Fintel.

Information Technology personnel in the Pacific region do not have enough skills to configure IPv6 onto routers says Connect Network Team leader, Rhythum Kumar.

Mr Kumar added that awareness on the importance of IPv6 in the country was also needed since many people remained in the dark on this important issue.

“We still need awareness on the importance and benefits of transiting from IPv4 to IPv6 in the Pacific Region,” he said.

“At the moment many people are still unaware of IPv6 and they are comfortable with IPv4.

"For those who are unaware they will continue to rely heavily on this version."

Many people do not feel comfortable at all with this transition since they do not have knowledge on the benefits and effects of not migrating to IPV6.

Connect CTO says there are less IT personnel in Fiji who have taken the IT course Cisco 35, (Cisco Certified Network Professional) which educates individuals on how to carry out the transition.

He added that this was one of the main reasons why IT specialists were needed from overseas since they are highly skilled and more experienced and have also implemented IPv6 networks on Telco level.

However, Mr Kumar remains positive that in the coming months, more and more people will migrate to IPv6 in Fiji since IPv4 now fails to accommodate the next wave of network growth.

Connect will soon be trialing IPv6 in the next two months and has also advised people in the Pacific Region to do the same.

As IPv6 progresses through early adoption, it is deployed more and more in large public and private networks worldwide.

There is a need for infrastructure to be put in place now and people are to start planning since IPv4 addresses would run out by mid next year.