6Sense: Generating New Possibilities in the New Internet.
Produced by: IPv6 Summit, Inc.

Shooting for the Moon
by Marcus H. Sachs
Director, SANS Internet Storm Center

In November of 2002 I had the pleasure of accompanying Richard Clarke to the annual Next Generation Networks conference in Boston. Dick was the Special Advisor to the President for Cyberspace Security, and I was one of his staff members for the National Security Council at the White House. We met Latif Ladid and Jim Bound, and discussed where we stood with respect to deploying IPv6 across America.
We were astounded to learn that there was no significant public sector push for a nation-wide migration to IPv6 -- indeed there was only a small government effort to experiment with the new protocol. Following that meeting, we discussed whether the president could announce a "shoot for the Moon" project to get the nation IPv6 compliant by the end of the decade. This would be much like President Kennedy's famous speech in 1961, when he announced a national effort to put a man safely on the Moon by the end of that decade.

Although the idea did not lead to a presidential announcement, it ultimately led to a project called Moonv6 - an undertaking to build an experimental IPv6 network that forms a prototype for future IPv6 networks. The Moonv6 project is a collaborative effort between the University of New Hampshire's InterOperability Laboratory, the Defense Department's Joint Interoperability Testing Command (and various other DoD agencies), Internet2, and the North American IPv6 Task Force. Moonv6 is the most aggressive collaborative IPv6 interoperability and application demonstration in North America to date, and has proven to be an excellent testing and evaluation network for both the Defense Department and the private sector.
Another outcome of those discussions in late 2002 was the creation of a White House sponsored IPv6 steering committee, which developed recommendations that became part of the National Strategy to Secure Cyberspace, published in February 2003. One of the document's recommendations called for the Commerce Department to determine the economic impact of two scenarios: one that avoided a nation-wide IPv6 conversion as long as possible, and a second one that rapidly moved the entire nation to IPv6 by the end of the decade. The Commerce Department recently released a white paper on their findings.

The steering committee also recognized that there are many technical and economic aspects of an IPv6 migration that need to be solved beyond just changing IP addresses. These include:

Payment for IP address space
IPv4 addresses are typically leased by end users from a pool of IP addresses controlled by an Internet Service Provider (ISP). In turn, the ISP pays an annual fee to maintain control of its IP address block(s). For IPv6 to succeed, a new model for "ownership" of IP addresses must be developed that does not involve a fee structure like IPv4's. End users should be able to obtain as many IPv6 addresses as are needed without incurring additional costs from their ISP. Otherwise, they will continue to pay for as few addresses as possible and use technologies like Network Address Translation (NAT) to hide multiple devices behind a single public IP address.

Scaling issues for device names
The Domain Name System (DNS) was designed and placed into operation over 20 years ago. The DNS will not scale to the enormous addressable space of an IPv6 Internet. In the IPv4 world there are already problems with limitations in the DNS -- imagine what scaling issues will arise as we move to v6. A new method of device naming should be developed quickly and phased in over the next several years. This method should allow for two key items - scalability and preservation of native language names - while providing for the protection of the intellectual property value contained in current domain names.

Routing and Autonomous Systems
The Border Gateway Protocol (BGP) also has significant scaling issues that will be stressed in an IPv6 Internet. BGP is limited to a fixed number of Autonomous Systems and a fixed number of prefixes, or address blocks, which can be advertised in a BGP update message. The concept of numbered Autonomous Systems may also need to be re-examined in light of the growth of Personal Area Networks and other ad-hoc networks that will be enabled with IPv6.

Privacy
The overwhelming desire of most IPv6 advocates is to be able to connect trillions of devices to a common communication network, all with globally unique addresses. Juxtaposed against that desire is a growing swell of concern that personal privacy is being eroded by the rapid movement of private information to the global Internet. As IPv6 begins to catch on, and enables remarkable new applications such as a digital version of a patient's chart in a hospital being linked to her/his health records stored somewhere on the Internet, we have to be very concerned about engineering the new networks to protect privacy at all costs.

Some day we will be an all-IPv6 planet, and IPv4 will be a footnote in the history books. Perhaps we'll even get IPv6-addressed devices permanently installed on the Moon, on Mars, and beyond. But before we shoot for the Moon, we need to start here at home by also ensuring that the mechanisms of the Internet support a nearly infinite address space and that they properly scale to the proportions that IPv6 will bring. We also need to permanently etch the word "security" into all new network designs and applications in order to ensure that the privacy of both individuals and intellectual property is preserved.