The Inevitable Switch to IPv6 or: How I Learned to Procrastinate, Because if the World Ends Tomorrow I Won’t Have to Do It

Despite being created as a replacement for IPv4 back in December of 1995, an official world launch of IPv6 did not come about until June 6th, 2012. Maybe somewhere in the back of our minds we really did think that 2012 would be the year the world ended, so everyone just decided to procrastinate? Whatever the reason for the delay, IPv6 appears to be slowly but surely picking up steam.

Roughly 10% of all users who access Google are doing so over IPv6

Check out Google’s adoption statistics page to see how IPv6 adoption has grown over time. There is also a map of IPv6 adoption per country. While overall IPv6 adoption may only be at 10%, countries such as the United States, Portugal, and Greece are ahead of the curve with a little over 20% adoption. Belgium, however, is leading the way with approximately 40% IPv6 adoption. According to an article by Iljitsch van Beijnum at ArsTechnica, if the current adoption trend continues then we should see 100% worldwide adoption by the summer of 2020, which at the time of this writing is only 4 years away. If you are interested in learning more about IPv6 and IPv4, then I highly recommend reading the article.

Slow business adoption and security concerns

If we take a closer look at Google’s IPv6 adoption graph we see a distinct trend where IPv6 usage spikes on the weekends. This would suggest that more people are using IPv6 at home than they are at work. Many of the world’s major Internet Service Providers (ISPs) pledged to start switching to IPv6 back in 2012, and so far it appears that they have for the most part stayed committed to their promise. Most businesses, on the other hand, made no such promises, and for good reason.

IPv6 is not backwards compatible, so you can only communicate with other IPv6 adopters on a 100% IPv6 network connection. If any part of the connection between the source and the destination does not support IPv6 then it will fail, in which case a failover connection via IPv4 should be made. So immediately we see two reasons for why businesses may not be jumping on to IPv6:

1) The IPv6 infrastructure and user base is still in its infancy.
2) IPv6 adopters will also support IPv4, so why bother setting up IPv6 on your end if you can still use IPv4?

How we currently combat spam and malicious activity

There is also a myriad of concerns associated with switching to IPv6, but let’s look past the initial concerns of migration cost and complexity. Let’s say that we have already made the migration and opened the doors to IPv6 traffic.

We are now in the growing pains stage. The internet can be a scary place, filled with malicious bots and users. Have you ever seen a Distributed Denial of Service (DDoS) attack? The visualization can be quite memorizing (not a DDoS attack visualization, still cool nonetheless), but the reality can be very damaging. How do you feel about spam, of the email variety and not the canned food? If you are like most people then you probably hate spam, and if you are responsible for managing a mail server or firewall then you probably REALLY hate it.

To admins and hackers alike, IPv6 is just another vulnerability waiting to be exploited. So why take the chance? Not everyone is so worried, though.
Currently, our popular choices for fighting spam and other malicious activity is to use statistical and reputation based methods as well as blacklists. These methods are IP version agnostic and they can be used by businesses that have adopted IPv6. However, new and existing business who try to switch to IPv6 may find that they have been locked out of some standard and crucial features that they depend on, such as SMTP, FTP and/or UDP. IPv6 was built from the ground up to be inherently more secure than IPv4, but some ISPs are blocking critical features for everyone rather than risk letting a single malicious user run amok.

Switching entirely to IPv6 is not worth the extra work

Even with IPv6 and its almost limitless number IP addresses, ISP will group many users together under the same small address space instead of segregate them into their own small pool. Some ISPs have learned the hard way for why this was not a good idea as the whole address block will get blacklisted. ISPs now know that grouping IP addresses together under the same small blocks is dangerous, but instead of changing their deployment model many have opted to simply just lock it all down until more businesses complain or a better solution arises. Since IPv6 is still relatively new, ISPs and businesses haven’t quite figured out all of the best practices yet. The overall community consensus, for now, appears to be that IPv6 is just not worth the extra effort.

Eventually, the IPv4 address market space will saturate

There is almost little to no incentive for businesses to switch to IPv6 until the IPv4 address space reaches near detrimental saturation. This is not to say that IPv6 adoption will not continue to grow, because it will. As more mobile devices hit the consumer market and the ‘Internet of Things’ continues to expand, the adoption of IPv6 will not only grow, but become necessary. However, protocols such as SMTP for sending mail will likely remain on IPv4 because of the community reluctance to support them on IPv6. Many ISPs are already recommending that their IPv6 clients make use of third party mail provider services instead of configuring their own mail servers as they normally would.

IPv6 adoption will likely grow first and foremost for device support and domain hosting, but for protocols outside of HTTP, it is likely that they will hold onto IPv4 for as long as they can. Most likely until either better support and security become available or until a better solution presents itself.