Home | Background | Mapping | Enabling | Awareness | Infrastructure | Standards | Contact
Activity 1. Mapping (July 2006)Print-ready version of this document: IPv6mapping.pdf
This mapping process sought to estimate the level of support available for Australian businesses wanting to adopt IPv6 for e-Business. It compared existing IPv6 infrastructure and critical gaps in resources. It looked at core Internet services, infrastructure providers, service providers, transition utilities, security, hardware, software, applications, and educational resources.
There are several aspects to the Mapping activity:
- The Map itself: a visual representation of our research as of
July 2006, below.
- A discussion of the reasons for assigning these levels of IPv6
functionality to each of the sections in the Map, below.
- A more detailed examination of the underlying issues in a paper on IPv6 Infrastructure Developments, under Activity 4.
1. Map of Australian IPv6 Readiness, July 2006
|Large Enterprise||Small Business||Home Office|
2. Discussion of IPv6 Readiness MapThis map, as of July 2006, is necessarily an approximation of a rapidly changing situation. It aims to point out the areas that most require attention for IPv6 to achieve widespread utility for all kinds of business in Australia.
A more detailed examination of the issues - reasons for uptake or disinterest, implementation successes or difficulties at many levels - will appear under Activity 4, in a paper on IPv6 Infrastructure Developments.
The Internet in Australia naturally does not stand alone. It is highly dependent upon international services - hardware, software, and administrative - that are required at every level of the Internet, not just in Australia. What is particularly relevant to Australian IPv6 usage are the local services, such as Internet access providers, system and network administrators, trainers and educators. Any IPv6 functionality in Australia must encompass both of these international and national aspects.
For an Australian business to be able to use IPv6 productively, the capability to read, interpret, store and transmit packets with IPv6 addresses between Internet devices must be widely available at three levels:
- Core: Standards, IP Addresses, domain names, root servers
- Nets: Network hardware, service providers, transition technologies, security
- User: Systems, applications, devices and educational facilities
For purposes of this Map we considered the Internet facilities required by three different sizes of business, against what actually is IPv6-ready, from fundamental Internet services through to the Australian desktop.
(b) Types of Business Considered
Real organisations will naturally use a variety of the features below, but for comparison we defined three types of business according to the complexity of their Internet facilities.
|No. of users||Hundreds to tens||Tens to several||Several to one|
|Computers||Scale with users||Scale with users||Scale with users|
|Mobiles, PDAs||Scale with users||Scale with users||Scale with users|
|Phone, fax||Extensive, complex system||Large system||Small system|
|Printers, copiers||Extensive, networked||Multiple||One or two|
|Site locations||Multiple, national||One to several||One|
|Central servers||Many||Few||None or one|
|Networks||Intranets, VPNs, DMZ networks||Complex network, switches, routers||Small cable or wireless network|
|Gateways||Highest level, often multiple routers||Mid level routers||Modems or small routers|
|Databases||Professional, with administrators||Administrative, financial, customer||Small applications|
|Security||Very high - policies, hardware, administrators||High - policies, dedicated hardware||Low-medium - anti-viral, some firewalls|
|System and network staff||Dedicated IT group||One to a few system and network administrators||No dedicated administrator|
|System stability||Essential - downtime expensive, publically accountable impact||Very important - downtime has costly, disruptive impact||Important - downtime has negative business impact|
|Examples||Local government, large Internet service providers, universities, corporations, hospitals||Small IT service providers, retail, medical centres, manufacturing, financial and legal agencies||Consultants, web designers, accountants, writers, tradespeople, farmers|
(c) Core IPv6 Readiness
The Core is based upon the Internet standards developed by the Internet Engineering Task Force, and is comprised of the fundamental name and address services without which there would be no Internet connectivity. The Core functions as a hierarchy of global administrative systems.
ICANN (the Internet Corporation for Assigned Names and Numbers) is the body that allocates IP address ranges, both IPv4 and IPv6, to the Regional Internet Registries. It also specifies top-level domain names, both generic and country-specific, and allocates responsibility for country-specific domain names to national name registries. IANA, part of ICANN, coordinates the Root Servers that implement the global Domain Name System in practice.
Standards for Internet protocols are defined by the Internet Engineering Task Force through working groups such as the IPv6 Working Group. The IPv6 Working Group created the IPv6 Forum, which is the only body endorsed by the Internet Architecture Board and the Internet Society to promote IPv6 worldwide. The essential IPv6 standards were established some years ago, but further aspects are still under development - see a list of IETF IPv6 working groups.
- IP Addresses
(i) Availability: IPv4 addresses in the familiar format 123.456.789.255, and IPv6 the more exotic such as 12AB:0:0:CD30:123:4567:89AB:CDEF, are allocated by ICANN to the five Regional Internet Registries (RIRs), which distribute ranges of numbers to regional service providers and organisations, who then allocate them to their customers. The percentage of allocated IPv6 prefixes per RIR and spheres of activity are:
1% AfriNIC - Africa 28% APNIC - Asia Pacific 17% ARIN - North America 4% LACNIC - Latin America and the Caribbean 50% RIPE NCC - Europe
According to SixXS, which lists the visibility of IPv6 Default Free Prefixes (DFP's) as delegated by the RIRs, approximately 100 countries announce allocated IPv6 ranges (as of July 2006). There are approximately 230 recognised countries in the world, so roughly 43% have IPv6 allocations, indicating that IPv6 implementation is occurring in those countries.
However this view does not take into account relative populations. Taking the top 60 most populous countries (those with more than 16 million people, in total 91% of the world's population), 47 of those countries have IPv6 allocations, and their populations add up to 84% of the world total. Hence both Australia and a very large proportion of the world's population already have access to IPv6 IP address allocations: but this does not necessarily mean they are able to utilise them.
(ii) Useability: There is a restriction on this availability: IPv6 address space is allocated only to ISPs or large organisations that can provide plans to offer 'at least 200 /48 customer assignments within two years ... If you are an end user, you will need to request IPv6 addresses from a service provider.'
The RIRs offer only Provider Aggregatable (PA) address space, not Provider Independent (PI) space. This policy is based on the need to avoid future pressure on global routing tables with fragmented non-aggregatable addresses, as happened with IPv4.
This impacts on large businesses that wish to multi-home with different service providers for redundancy and reliability. This is easy to set up under IPv4, but currently multi-homing with IPv6 is a potentially more complex task, still under discussion in IETF working groups. A combination of restrictive PI space policies (affecting small businesses and home offices) and perceived lack of useful multihoming capabilities for PA space (affecting large enterprises) may be slowing the rate of adoption of IPv6.
- Domain Names
ICANN accredits the registrars for Top Level country-code (.au, .uk, etc) and generic (.com, .org, etc) domain names. (Some TLDs are 'restricted' - administered by other bodies, such as .gov by the US government.) auDA, the .au Domain Administration, is the Australian body that administers domain names for .au and its sub-domains.
(i) Country-code Registrars: There are approximately 250 country codes defined, but as mentioned above, only 230 of the country-codes are those of recognised countries. According to IPv6 to Standard, a site for organisations with IPv6 products or activities, only 76 of the world's 230 countries have IPv6-enabled country-code registries: a low 33 per cent. However, of the top 60 most populous countries, 27 of their country-code registrars are IPv6 enabled, and those 27 countries contain about 63% of the world's population.
Hence both Australia and roughly two-thirds of the world's population have access to a country-code domain name registrar that is IPv6-enabled. However, it is not a cheap process to upgrade registry hardware and software for IPv6, which may slow adoption for less prosperous country-code registries.
(ii) Generic name Registrars: Interestingly, fewer of the generic and sponsored top-level domain name registries are IPv6 enabled. Some serve small interest groups, others are are globally ubiquitous.
Of the 'classic' domains: - .com, .net, .org - only .com and .net are listed as IPv6-enabled on IPv6 to Standard.
Of the 'restricted' domains - .edu, .gov, .int, .mil, and .arpa - only .int and .arpa are listed as IPv6-enabled in IPv6 to Standard (although .mil is almost certainly IPv6-enabled given the US DoD's plans for 2008 implementation).
Of the more recently created TLDs - .aero, .biz, .cat, .coop, .info, .jobs, .mobi, .museum, .name, .pro, and .travel - only .aero, .biz, .cat, .info, .mobi, and .travel are listed as IPv6-enabled.
This indicates a certain restriction in IPv6-enabled generic TLD name registration, but it is difficult to quantify the impact: it could be argued that .com and .net satisfy a broad global constituency.
- Root Servers
There are thirteen top-level Root Servers (or distributed root server operations) worldwide, known as A, B, C ... to M. They return information about authoritative servers for the lower levels of the domain name hierarchy. According to root-servers.org, only five of the thirteen can handle IPv6 queries as well as IPv4. Those are:
- B - Information Sciences Institute
- F - Internet Systems Consortium
- H - US Army Research Lab
- K - Reseaux IP Europeens NCC
- M - the WIDE Project
Overall, the availability and useability of domain name services via IPv6 are at an acceptable level, with no major problems.
(d) Network IPv6 Readiness
The Core level services considered above are international, but the Nets and User levels apply mainly to Australian-based or locally accessible services and infrastructure - which are the functions that will most enhance or delay Australian uptake of IPv6. Many North Asian, European and American carriers and ISPs are IPv6 enabled - below we examine the Australian-based services.
The Nets level refers to the complex interrelated global system of networks and providers of services that permit access to those networks: the network hardware, the Internet service providers, the network exchanges, the transition technologies that permit IPv6 to run over IPv4, and the security aspects of IPv6 usage.
- Network Hardware
Probably all high-end router vendors ship IPv6-enabled hardware, but the cost is often substantially higher than the equivalent IPv4 hardware. Some vendors require expensive agreements be signed before such capability be used. This is expected to disappear as IPv6 becomes more widespread, but could be regarded as a disincentive for uptake.
Most additional network hardware is available with IPv6 capability, including: switches, firewalls, virtual private network servers and integrated access devices.
One major obstacle is that router vendors have positioned IPv6 as a large corporate feature, and have not addressed small business or home office requirements. Many ISP customer premises devices, such as DSL routers used by hundreds of thousands of customers, do not yet support IPv6. This is major disincentive for small businesses and technically-inclined users to experiment with IPv6 networking.
- Internet Service Providers and Exchanges
Large carriers usually have their own ISP businesses, or sell bandwidth to downstream ISPs. Availability of Australian IPv6 addresses depends upon whether the carrier or ISP has an allocation from APNIC. These allocations may be seen at SixXS.
Allocation NetName Service Provider Date Allocated Last seen (24 Jul 06) 2001:210::/35 CONNECT-AU-19990916 Connect 1999-09-16 2003-06-09 2001:360::/32 V6TELSTRAINTERNET-A Telstra Internet 2001-12-11 2006-07-24 * 2001:388::/32 AARNET-IPV6-2002011 AARNet 2002-01-17 2006-07-24 * 2001:c78::/32 NTTIP-AU-2002091 NTT Aust IP 2002-09-10 2005-06-20 2001:db0::/32 DATAFX-AU-2003111 IPv6 Data FX 2003-11-12 2005-07-10 2001:e28::/32 PI-AU-2004010 Pacific Internet 2004-01-02 never 2001:8000::/20 TELSTRAINTERNET41-A Telstra Internet 2004-12-02 2006-07-24 * 2001:4410::/32 CITYLINKV6-2005060 CityLink 2005-06-02 2006-07-24 * 2001:4418::/32 ANNEX-2005060 Australian Govt 2005-06-02 never 2001:4441::/32 UUNET-AU-NETBLOCK-2 UUNET 2005-07-08 2006-07-24 * 2001:4478::/32 IINET-SIXNET-200508 iiNet 2005-08-24 2006-05-30 2001:7fa:9::/48 PIPEV601-A PIPE QLD IX 2005-09-20 never 2001:7fa:a::/48 PIPECANBV PIPE ACT IX 2005-09-21 never 2001:7fa:d::/48 PIPEV603-A PIPE SA IX 2005-09-22 never 2001:7fa:e::/48 PIPEV605-A PIPE TAS IX 2005-09-22 never 2001:7fa:b::/48 PIPEV604-A PIPE VIC IX 2005-09-22 never 2001:7fa:c::/48 PIPEV602-A PIPE NSW IX 2005-09-22 never 2001:44b8::/32 INTERNODE1-NET6-AU Internode 2005-11-07 never 2001:dcd::/32 AUSREGISTRY-V6-2005 AusRegistry 2005-11-08 2006-07-24 *
This shows that 19 allocations of IPv6 address space have been made to local organisations, but only six are currently visible (* as of 24 July 2006), and nine have never been used. The active organisations are Telstra, AARNet, CityLink, UUNET and Ausregistry.
Telstra provides wholesale and retail Internet services; AARNet provides network services for Australian universities and research organisations; CityLink is a New Zealand network company (not the Victorian tollway), UUNET provides ISP services, and Ausregistry runs systems and services for auDA and other Australian domain name registrars.
However, none of these organisations offer native IPv6 transit services to the public. GrangeNet, the Grid and Next Generation Network, was the only organisation in Australia to do so over the last few years, but it is closing down in late 2006 due to the lack of continued funding. Apparently NTT Australia can provide native IPv6 services, but currently there is no IPv6 activity on that network.
Internet Exchange Points (IXPs) interconnect three or more Autonomous Systems (AS) for the purpose of cheap/free Internet traffic interchange. APNIC policy is that they are eligible to receive a portable assignment from APNIC for use on their IXP transit LAN, to be used exclusively to connect the IXP participant devices to the Exchange Point. IXPs may request IPv6 assignment of no longer than a /48. Australian IXPs include: PIPE, SAIX, WAIX, Equinix, VIX and AUSIX. Only PIPE has taken an IPv6 allocation, but has not yet implemented it.
The alternative to native IPv6 transit is the use of tunnelling, where IPv6 packets are encapsulated and sent over the IPv4 Internet as usual. Tunnel brokers (like SixXS) are public servers that transport encapsulated IPv6 packets.
Services such as 6to4 encapsulate the IPv6 data inside IPv4 packets, with the protocol number set to 41 to indicate IPv6 data. In this case traffic is able to be filtered, but in the case of the tunnelling utility Teredo, which encapsulate IPv6 inside UDP datagrams, traffic can to pass through filter devices such as firewalls and network address translators, directly to IPv6-enabled hosts.
Tunnelling was originally seen as a transition technology to full IPv6 deployment, but currently seems to be the most widely used means of IPv6 connectivity. AARNet in Australia and the NZ company Citylink both offer tunnelling services.
The drawback with IPv6 tunnelling is that although it is widely available it requires a good understanding of Internet terminology and ability to install appropriate software, so it is most suitable for companies with system administrators, or technically-oriented users.
Security is possibly the most important issue for IPv6. There are potential insecurities in the IPv6 protocol itself that will require more IETF examination (and probably more operational experience) to resolve: aspects of IPv6 that are benefits in some situations may also be vulnerabilities in others.
IPv6 mandates the provision of IPsec (secure transport), which offers many advantages, but may also prevent firewall checking of encrypted packets. IPsec also requires an independent Public Key Infrastructure, which does not yet exist, although Private Shared Secret key exchange is available.
Tunnelling mechanisms have the potential to help the deployment of IPv6 - but some, like Teredo, can also bypass existing site security mechanisms such as firewalls and NATs. During transitioning from IPv4 to IPv6 networks, separate IPv4 and IPv6 firewalls will be necessary for a number of reasons.
There are solutions to most IPv6 security issues, but all of them require people with substantial system, network, and security experience to be well implemented. There are not nearly as many trained IPv6 personnel available as there are those experienced in IPv4, hence lack of trained system and network staff will slow deployment of IPv6 in large and small business.
At the home office level the situation is even worse, as most depend upon simple firewalls and anti-virus software for security. Firewall needs are similar to those of larger sites, but small IPv6 firewalls are not yet available, and currently there are very few anti-viral packages that apply to IPv6.
(e) User IPv6 Readiness
The User level is the interface at which the Internet provides its true value, through creative communication and information. It covers operating systems and computers, system, network and user applications, digital devices (mobiles, PDAs, video, cameras, sensors, RFID tags etc), and people to educate IPv6 administrators and users. While operating systems, hardware and applications are often international in origin, educators and trainers are more usually Australia-based.
All of the major computer vendors supply operating systems and server and desktop hardware that can handle IPv6, including Microsoft, Apple, IBM, Sun, Hewlett Packard, Compaq, Novell, SCO, Silicon Graphics. Most of the various flavours of Linux operating system software also support it.
IPv6 to Standard lists IPv6-ready products or activities - as of July 2006 it has 306 system and network applications available for all sorts of administrative functions, such as address management, connectivity, DNS servers, log analysers, network monitors, debuggers, test suites, protocol analyzers, traffic generators, VPNs, DHCP, firewalls, web proxies and caches, News, NTP, ssh, etc., so this area is well supplied with appropriate application software.
IPv6 to Standard also lists 201 user applications as of July 2006, for audio and video, FTP, cameras, games, Groupware, browsers, IRC, email, printing, editing, videoconferencing, SIP, P2P networking and VoIP, so this area is reasonably well supplied with useful software too.
Mobile and small devices using IPv6 are being actively researched and developed. The issues arising for such devices once they are attached to Internet networks are the same as for systems on those networks, but they may also have additional vulnerabilities. Small embedded operating systems using IPv6 may not be updated (or updateable) to patch security problems, or they may become vulnerable because they are stripped down, or because of their own unique, non-standard features.
Most system and network administrators are aware of IPv6, but are usually swamped by the more pressing demands of their existing infrastructure. However, professional IT staff for large enterprises do have the option of obtaining IPv6 knowledge through the Internet, trade publications, conferences and employer-supported training. The possibilities for lone administrators at small businesses or people running home offices are far more limited.
A major aspect of IPv6 is that much of a site's network access capability is capable of moving from the perimeter - routers and firewalls - to hosts on the desktop. This puts an enormous (and probably unwanted) responsibility on everyday users, and adds to the complexity of the roles of system and network personnel.
Probably the most fundamental issue for IPv6 deployment in Australia is the lack of widespread IPv6 education and training, both for technical staff and more general users.
Dr Kate Lance
Internet Society of Australia
The IPv6 for e-Business Consortium would like to acknowledge the helpful input of Mark Newton, Adam King and Jeroen Massar, and documents from the IPv6 Forum, the Japanese IPv6 Promotion Council, the IETF and other Internet technical resources, in writing this document.
The IPv6 for e-Business project is supported by the Australian Government through the Information Technology Online (ITOL) Program of the Department of Communications, Information Technology and the Arts.