Part 3: A focus on security

Migrating to an IPv6 environment takes planning and strategy to pull off smoothly--meaning doing it in a way so that end customers don't notice a transition has taken place; they simply have good Internet connectivity. But providers should know exactly what benefit they're providing to those users. The exponentially higher number of addresses IPv6 provides offers not just a better surfing experience but additional benefits, particularly in the realm of security.

"On IPv4 everything is static, but (the number of addresses are) very limited," says Li. "So even though you are a company you may just get one or two (addresses). So they have to figure out other tricks to get around that problem, and those tricks and hacks are what's making a lot of services impossible to offer. By deploying IPv6 they get rid of those workarounds and make the services really deployable. And the services can actually be workable now, and those services are really secure."

Li uses video conferencing as an example of the limits of IPv4. "I can actually give you a presentation today over WebX ...the problem is, if that server goes down, we can have only a conference call without any kind of a presentation," he explains. "In addition, because everything is digitized, the voice, the presentation, that means it has to be stored somewhere, cached somewhere. That information may contain intellectual property, proprietary knowledge. If that server does not provide some protection, consciously or unconsciously, you may be at risk of an intellectual property leakage problem, confidentiality issues. If you're a doctor presenting to a patient about that patient's medical condition and what a procedure will be, that's confidentiality, a compliance problem."

"Service providers are looking for ways to deliver video content effectively and efficiently without consuming a huge amount of bandwidth in their backbone network. ...You can do this on an IPv6 network." - Qing Li

The higher number of IPv6 addresses means, in this scenario, that a single address can be assigned to a video conference call. An IT manager "can create a custom service specifically for videoconferencing between (the company) and its customer and have the ability to write very sophisticated policy to guard, to protect that particular service. You can go end to end with it, without the person in the middle. And that's a very powerful model to deploy, because it's secure and it's end to end."

Li points out another example of IPv6 benefits: improved video caching. "Service providers are looking for ways to deliver video content effectively and efficiently without consuming a huge amount of bandwidth in their backbone network. The reduction of backbone traffic for video content means you can push more video content across. How do you do that? By caching, by video acceleration. You can do this on an IPv6 network."

DeLong points out another security aspect of IPv6. "There's a widespread misbelief that NAT (network address translation) is a security tool. It actually is harmful to security more than it helps in that it removes accountability and it destroys the audit trail in a lot of cases," he says. "IPv6, since there's no network address translation, will actually help restore that capability where you can still have the same security through faithful inspection and packet filters and the other usual intrusion detection tools."

The trick is getting to that IPv6-only environment, and that's going to take some time.

Part 3: A focus on security
Read more on