IPv6 Adoption Slowed by Lack of Tools, Poor Firewall, Router Support

By Wayne Rash  |  Posted 2011-06-09 Print this article Print

News Analysis: IPv6 Day on June 8 showed there is a lot of IPv6 out there, but the level of adoption is still disappointing. That situation won't change until ISPs and network hardware manufacturers get up to speed.

If I learned one thing from IPv6 Day, the effort by the Internet Engineering Task Force to really test the IPv6 infrastructure of the Internet, it was that the enterprise is in for some tough sledding. In short, the ability of critical infrastructure components to support IPv6 is lacking.

In fact, it's not just lacking, it's pathetic. Worse, the tools to manage IPv6 are equally primitive. And, of course, there's the problem of the access providers, who apparently haven't heard about IPv6, despite the fact that it's been around for more than a decade.

Over the course of the last six months, I've been testing firewalls and routers for state and local IT departments. Part of the goal was to see if they could be configured and managed by organizations with limited staffs. Another part was to see if they would work with IPv6. The sad truth is that while some devices will at least pass IPv6 packets and accept IPv6 address assignments, the management tools are limited. On some devices, IPv6 is given lip service, if that.

In fact, to date, I have yet to test an enterprise firewall that really supports IPv6. In some cases, IPv6 is obviously an afterthought, added because there's a place on an RFP somewhere that requires it. In others it's not even that. If you look at the management interface, you'll see no evidence of IPv6 anywhere. In fact, the only firewall/router that I found that actually passes IPv6 packets both ways and filters the packets properly comes from Linksys, and it's designed for small businesses, not large enterprises. But I won't go into the details because it's out of production.

So what I found on IPv6 day is that it's apparently not possible to get the enterprise firewalls that I've got on hand to pass IPv6 packets in any useful manner. In other words, you can't just enable IPv6 and then make the Internet available to your users using IPv6 as you can with IPv4. In some cases, you may be able to set up a point-to-point IPv6 connection, but even that's dicey. You can forget about using a tunnel broker-the devices can't use the IPv6 tunnels even if the tunnel can be created.

I called Martin Levy, the director of IPv6 strategy for Hurricane Electric, the largest IPv6 backbone provider on the Internet. Levy faults both hardware vendors and ISPs for the problems that enterprises are having adopting IPv6. He suggests asking your Internet provider if they support IPv6. If not, "Get another provider," he advises. As Levy points out, ISPs have had a dozen years to get used to the fact that IPv6 would be necessary, and that there's really no excuse for not supporting it.

Wayne Rash Wayne Rash is a Senior Analyst for eWEEK Labs and runs the magazine's Washington Bureau. Prior to joining eWEEK as a Senior Writer on wireless technology, he was a Senior Contributing Editor and previously a Senior Analyst in the InfoWorld Test Center. He was also a reviewer for Federal Computer Week and Information Security Magazine. Previously, he ran the reviews and events departments at CMP's InternetWeek.

He is a retired naval officer, a former principal at American Management Systems and a long-time columnist for Byte Magazine. He is a regular contributor to Plane & Pilot Magazine and The Washington Post.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel