Future Evolutions
Over the past 10 years, the evolution and growth of the commercial Internet tied to other technological developments makes it difficult to forecast what will be the scope of the IPv6 deployment in the next 10 years. By integrating IPv6 services on its intranet, AC is well positioned to take advantage of the potential offered by these developments. It can quickly evolve in step with them, and it can therefore maintain leadership in its market. Nevertheless, the AC Corporation acknowledges that IPv6as a live protocolstill requires further developments from standardization, product, application, and deployment experience perspectives. As a result of the initial deployment, several topics of interest have been identified to be monitored and evaluated for their impact on AC's network:
Definitions of new IPv6 prefix assignment policies and multihoming rules Evolution of security architecture to cope with centralized and distributed models Expansion of market and new applications converging to IP
Prefix Selection, Assignment Policies and Multihoming
The addition of IPv6 services on AC's worldwide network is done with the collaboration of the service provider T-World, which has global presence and support. The IPv6 addressing scheme applied on the AC network is built from the 2001:0DB8::/32 prefix registered by T-World to its Registry, and it in turn assigned the 2001:0DB8:ACAC::/48 prefix to the AC Corporation. It follows the current allocation policies defined by the Registries with the goal of enabling the service provider to aggregate its routing table when peering with other providers.
Nevertheless, competitiveness and business drivers may require the AC Corporation to require regional connectivity from several ISPs. At the time of this writing, Registry policies do not permit an IPv6 multihoming solution. A model similar to IPv4 where a customer may ask an ISP to announce a prefix belonging to another ISP is not allowed, neither is there an IPv6 address space assigned for provider-independent prefix to enable enterprises to get their own address space independently from an ISP. Potential solutions developed by the IETF Multi6 and Shim6 working groups as well as new policies from the Registries to create a provider-independent address space are still under discussion, but are unavailable now for practical implementations. This factor is currently slowing down enterprise adoption of IPv6 in general. The AC team recognizes the need for an IPv6 multihoming solution and will welcome any effort by the Registries to deliver a solution to the market.
The IETF IPv6 working groupdefined unique local unicast IPv6 addresses were also evaluated for use in the AC intranet for local resources, such as printers and storage servers (which do not need to be accessible from the Internet). Because the draft defining this type of addresses is still evolving and no real deployment experience could be leveraged, this option was not selected as a solution.
It is expected that prefix-selection and -assignment policies will evolve in the coming years to offer greater flexibility. Experiments involving new addressing schemes, including renumbering on a large scale and security rules, will be welcomed by AC, as will guidelines on network management when several sets of addresses (global and unique local) are overlapped in an intranet. Recommendations to roll out a large number of mobile devices that reach the Intranet through external connections are another area of expertise that still has to be mastered.
Security
Security is a must for an enterprise when it connects to the Internet, regardless the version of the IP protocol used. AC wants to connect to the IPv6 Internet and get some of its public servers reachable via IPv6. This is important for the business in regions where IPv6 promotion is active and to allow the IP mobility experimentation. After the initial security rules are in place, AC plans to continuously monitor the evolution of security processes and potential security alerts that may impact a dual-stack type of network. Hopefully, organizations such as CERT, and vendors, such as Cisco, are concerned about IPv6 and are publishing alerts relevant to these environments when issues are identified.
IPv6 security is an area where the AC team expects to see an increase in market activities. IPv4 security was mostly built around a centralized model, with firewalls as the key player. IPv6 specifications mandate the implementation of IPsec. Although not widely available through the stack implementations, this would lead to a distributed model where security is done on each host. This may be acceptable in some contexts, but the AC team believes the evolution should lean toward an integration of both the centralized and distributed model with policy servers to exchange information between hosts and security devices, keeping management centralized. The IT department will monitor closely this area.
Market Expansion
The primary deployment of IPv6 over the AC infrastructure covers the same topology as IPv4. Existing applications such as e-mail, FTP, and web servers will be enhanced over time to run on IPv6. This enhancement will enable those public servers to be reachable via this protocol in regions where IPv6 becomes a must have for e-Business. This upgrade can realistically be done without risks and at a low cost. But, the real expectations from AC management, are as follows:
Complete the deployment ofpreviously run for experimentation onlyservice such as IP multicast for all locations. Expand of the IP service convergence to areas such as industrial sensors (for instance, RFID, ZigBee, and video surveillance). Enable mobile networking, which would offer opportunities for AC to increase its business capabilities and enhance its coverage.
Experimentation, planning, and deployment of IPv6 in an enterprise infrastructure will mostly be driven by business needs. The lessons learned from AC's experience with IPv6 are as follows:
The addition of IPv6 in a network must be driven by the deployment of new services and associated applications or by the potential cost reduction coming from simplification of the network operations. As a business entity, AC does not recognize a need to immediately transition applications that run fine over IPv4 today. When applicable, it is always better to run native IPv6 together with IPv4 in a dual-stack approach. This guarantees the best performance and full IPv6 feature set availability for services such as multicast. The IPv6 deployment can also leverage IPv4 for certain functions (for example, network management). If not possible, review the IETF transition mechanisms to select the most appropriate ones. All recent operating system releases are dual stack and support the libraries to make an application transparent to the IP version. As an investment protection, it is recommended to only consider the acquisition or development of applications that are protocol agnostic. Some aspects of the IPv6 deployment are still in their infancy and mandate additional developmenteither from the standardization standpoint or product, application, and experience perspectives. It will also imply a learning period to gain familiarity with their evolution.
As it happened in the past with phasing out DECnet and IPX protocols from the AC network, there may be a day when IPv4 will be deprecated and all applications will run over IPv6. This may be a long-term objective, but it is not something that is crucial to the deployment of IPv6. At this stage, it is acknowledged that the actual protocol implementations do not allow planning for a full transition. The focus is to leverage the protocol for new applications and services, and to prepare for the possibilities.
|