Security expert Paul Vixie said that, for now, IPv6 offers no benefits to early adopters but he did suggest that updating to IPv6 is a matter of good Internet citizenship in almost the same way a person should look for a trash bin rather than throwing litter on the street.
With the pool of IPv4 addresses dwindling, the question remains: As the limited IPv4 address space stops being an issue, will IPv6 NAT still be a problem? Network Address Translation has made it possible to extend the lifetime for the IPv4 network address space, but it has also complicated matters for those who need to make sure that IPv6 security is not impaired as they upgrade.
Vixie, CEO at Farsight Security, architect of Domain Name System (DNS) protocol extensions and applications and Internet Hall of Fame inductee, sat down with SearchSecurity at RSA 2016 in March to talk about the slow but inevitable migration of the Internet to IPv6, the IPv6 NAT issue, IPv6 security and the Internet of Things. This is the second part of the conversation.
What's going on with IPv6?
Paul Vixie: We knew back in the '90s that once we commercialized and privatized the Internet and took it out of its humble academic and research and government origins, we would run out of [IPv4's] four billion addresses. That seemed like a lot back in the '70s when [IPv4] was developed, but it was not going to be enough once the whole world actually started using it. And so, you can tell a couple of things from this: First, in the '70s when this system was crafted, they didn't really think about using it to build a global digital economy in the way that we've done. The Internet was designed by academics for other academics. It was a high-trust environment. If anyone misused their Internet connection in the 1970's they would lose it. So there was no spam and thus there was no reason to build any natural defense into the Internet about spam.
The second thing you can tell is that in the '90s a bunch of smart people said: "Okay, we're going to run out [of IPv4 addresses]. What are we going to do when we run out? Well, we need something bigger." And then they had a multi-year argument, hundreds of propeller heads talking about which way we ought to grow things. And they settled on something, so by '95, '96, we had chosen IPv6, but the economic conditions were radically different. For IPv4, the motive to deploy it to connect yourself to the IP network and to speak the IPv4 protocol ... the motive was that, if you did so, you could make money or you could exchange data with people, and maybe you would have some kind of improvement to your life, some new feature. You make money, you save money, there'd be some reason to do it. With IPv6, this is not so.
No benefit accrues to anyone who installs IPv6 today, because everyone else is connected with IPv4, and some of the rest of the world is also connected with IPv6, but no one else is connected with only IPv6. That means that if you don't deploy IPv6, you will not be less reachable, and the rest of the world will not be less reachable to you. You will not make money, you will not save money, you will not have new features, you won't have any capability that you wouldn't have had without it. So there's no natural motivation to install IPv6.
Paul VixieCEO, Farsight Security
[I]t's inevitable that someday, somebody is going to be desperate enough that they are forced to deploy IPv6-only services on the network. And anyone else ... who has not previously installed IPv6 will not be able to reach those new resources -- and yet we don't know when that time is coming, we don't know what that's going to look like.
I sometimes characterize this as a "last mover" advantage. In economics they sometimes talk about a first mover advantage. Here, the time when it is best to install IPv6 on your network and all your devices, teach your applications how to use it, is literally after everyone else has done so. And if you do it before that moment, then you're getting some of the costs without some of the benefits. But logic dictates that we can't all be last, so some of us are just doing it because we want to get it over with.
Having IPv6-only at this point is like having a monorail before they built the monorail tracks. Back then they were saying, "Okay, now we can do away with NAT." And that gives you something, right? Because NAT has always been a hurdle, what about IPv6 NAT?
Vixie: Well, NAT was often seen as a problem, there's no question, but perversely it was seen as a security feature as well, because you wouldn't be able to be directly connected to by somebody outside your network unless the gateway both permitted it and facilitated it -- and importantly, logged it -- so that you knew that it happened. And so ... within the first couple of years of IPv6 being standardized, somebody said, "This by the way, is the RFC that describes how to do NAT over IPv6." [This is] because they wanted the security benefit, even though they no longer needed the address shortage benefit.
[M]y own view is, you should install IPv6, the same way that you should, I don't know, find a garbage can rather than dropping your trash on the street. It might not change your life, but you have to exemplify the behavior that you want everybody else to do. And if you don't want to live in a city where there's garbage swirling around the streets, then you've got your small part to do, which is to take care of your own trash.
So, all of my companies have got IPv6 running. I myself was the first native dual-stack Comcast business customer, at my house in Woodside [Calif.]. And so I'm really trying to be an early adopter as much as possible, but I have to admit that it's taken a fair bit of old-school technology skills to make that work. It's not consumer ready by any stretch, and we're going to have to fix that if we want everybody else to just sort of turn it on to get it over with.
So I know that you said there's no way of knowing, but do you have any ... are we going to be stuck with this tiny IPv4 address space? How will the Internet of Things factor in?
Vixie: [T]he Internet of Things is going to drive a large population of connected devices, but most of those devices should never connect outside of their own local network.
We are already seeing a fair amount of personal information leakage through everything, from a Nest thermostat to a wireless enabled light bulb, where these things are phoning home, they're talking to their makers, they're reaching out to their factories or their distributors and saying, "By the way, this is the temperature that it is here today," and so forth, and that the monetization of that personal information is part of the business plan of the people who make the devices. But it's not really an advantage to the consumer who buys them. They would much rather, probably, much rather turn their lights on and off without Big Brother watching them.
So my sense of the Internet of Things is that because the makers are going to put in so much "phone home" technology, and because they all want to be big data companies, home gateways, set-top boxes and the various ways that the Internet of Things home network gets connected to the Internet are going to firewall all of that stuff out, because that's what the consumer's going to want. And once you're saying, "Look, I want to be able to turn that light switch on and off with my phone, but I'm going to do it through the local network, and I do not want to have to send a command out into Skynet somewhere and have it come back and turn my light bulb on for me," that means there's no reason for the light bulb to have a unique global address, because it's never going to talk to anybody outside the home.
But what if you got on the plane and you're in Boston now, and your stove is on, how do you turn it off, for example?
Vixie: People who are doing that now all are doing that through their home PC. They're using a virtual PC or something like that to reach back and do something from within the house. And I think that makes sense, because if you have something like a desktop PC or even a set-top box, or maybe a Raspberry Pi, or something like that, it's probably running a hardened operating system that is able to withstand attack from the outside, and it's probably getting software updates fairly often. And so it's something where you sort of put that gateway in there and say, "If I want to reach into my house or I want my house to be able to reach the rest of the world, it's got to stop here and follow rules that are fairly complex in order to harden the policies by which things inside talk to things outside." People are going to want that anyway, rather than saying, "Yes, every light bulb has to be DDoS-proof." It's just not going to happen.
Find out what Verisign CSO Danny McPherson had to say about the security issues involved in migrating from IPv4 to IPv6.
Learn more about misconceptions about IPv6 security features.
Read why IPv6 will not eliminate Network Address Translation (NAT).