Very soon, all of us will face one of the greatest changes in the global network in last 30 years: moving to the IPv6. So many system administrators will have to decide, how to handle this problem: which tools and techniques to use to connect their IPv4 networks to IPv6, how to protect the IPv6 networks and after all, just to know: when to start worrying about it?

There is already a bunch of questions about IPv6 problems here, on ServerFault, but I think there is should be a quick briefing information about all that stuff that we will face in the first days, on the very beginning of the "Ran Out Of The IPv4 Address Space" era. So everyone new to this topic, who haven't really thought that this could be that soon, could briefly get enough information to not stay out of a board, but to be able to learn that one Need to know.

So, that is the question:

  • What is this IPv6 thing is all about?
  • What to read, where to look for a brief info?
  • How to protect network after getting rid of all this NAT stuff?
  • Do I have to buy a new hardware?
  • What do I have to know, that necessary to not be lost in the IPv6-world?
  • Do I have to get rid of my IPv4-world and forget everything I've learned of it, or shall I carry it with me to the next generation networking?

For example:

  1. System administrator of a small corporative network reads the news on his favorite tech site and fells uncomfortable that he don't know nothing about this stuff. Not good, we got to help him set up his network and prepare his knowledge base to work in a new era.
  2. ISP's administrator just woke up this morning and realized that a Big-Bada-Boom is comming very soon and he knows nothing of the problem neither he know what to start with. He must find his way out of troubles here, and become a happy IPv6 guru.
  3. A girl reads a Cosmopolitan magazine and finds out that she could be closer to the cutting edge of technology if she would be able to ping ipv6.google.com, but she doesn't know, if her ISP ever support this feature, how to check this and what to do to make her proprietary router or her Awesome Edition work with the new protocol. At the end, she marries the one who posts the best answer here.
  4. Web-server administrator wan't to be sure that his server could be reached using both protocols. Let's help him!

And so on. Links, general info, best practices, different scenarios for a different environments are very appreciative. Thank you very much.

Alexey Shatygin
  • 736
  • 4
  • 11
  • 4
    This isn't a question as such as it's a rumination. – joeqwerty Oct 24 '10 at 14:01
  • Why isn't a question? I think it's could be useful to have here a consolidated source for such a things. Consider this as some kind of competition for the best IPv6 briefing, though multiply answers could amplify each other. – Alexey Shatygin Oct 24 '10 at 14:12
  • 6
    A topic like this is broad enough for books to be written about it. Such books exist. I'm not a router person, but even I could make a multi-page answer to this and only be a summary. – sysadmin1138 Oct 24 '10 at 15:16
  • sysadmin1138 multi-page is good, but half=screen or one-screen summary is also could be written and would be helpful – Alexey Shatygin Oct 24 '10 at 15:23
  • This is the type of thing that would go well in the tag-wiki: http://serverfault.com/tags/ipv6/info – sysadmin1138 Oct 24 '10 at 15:26

3 Answers3



Good enough as a link?

To answer:

•What is this IPv6 thing is all about?

Read newspapers. You think we will run out of oil at one point? here is the bad news: we will run out of IPv4 addresses VERY SOON. This means all in use. Good enough a reason? We are down to pretty pathetic levels of not in use Ipv4 addresses at the moment.

•What to read, where to look for a brief info?

Google. Ipv6. Wikipedia. Ipv6 (http://en.wikipedia.org/wiki/IPv6). Good links there. Espeically Wikipedia is a very good stat.

•How to protect network after getting rid of all this NAT stuff?

Proper firewall configuration. I must say I personally hope to have an IPv6 NAT available soonish - for most home networks and companies "no access to me" is good enough for most cases. NAT is usefull fo a great many scenarios.

Basically I stop here. Use hthe Wikipedia link. Read it. Ipv6 has a lot of nice features tat are not properly identified in Ipv4, like real local addresses (similar to Ipv4 privat,e just the computer is supposed to KNOW these are private, and will thus prefer them for internal communication etc.) and the ability to add / remove ip addresses while the computer is running automatically (no more "ok, i started the computer before the dhcp server became available").

  • 51,649
  • 7
  • 54
  • 136
  • 1
    Ok, RTFM guy, this is a good approach, too, sure it is better to say "google it" instead of creating something that people will be happy to find through the same google. Thank you. – Alexey Shatygin Oct 24 '10 at 12:01
  • 1
    @Alexey, first IPv6 is not the biggest challenge of our day; honestly IPv6 has this unjustified cloud of FUD surrounding it, and anyone who has actually looked in IPv6 knows it's not a big deal. Second, There are *so many other references* and TomTom already pointed a few out. Why should we reinvent the wheel when so many others already have? 90% of being a good System Admin is knowing how to find information, *not knowing of one site where you can ask and get people to do your work for you*. – Chris S Oct 24 '10 at 15:54
  • 2
    @TomTom, NAT is really only useful in the IPv4 world where IPs are limited. There's no reason to use NAT in IPv6, there's plenty enough IPs, and even a home network should be assigned a thousand in IPv6. – Chris S Oct 24 '10 at 15:58
  • 1
    And this is where I do not agree. Open IP's mean a LOT more firewalling which small business / home networks will NOT do properly. As such, the lack of easy NAT (implemented by the provided DSL router) IS something that has direct security implications. And for larger companies it makes things a little harder. – TomTom Oct 24 '10 at 18:17
  • 3
    You can use firewalls instead of NATs - much more flexible, as you can have two computers on a network using the same port incoming. – Fahad Sadah Oct 24 '10 at 18:24
  • Also, NATs often mangle outbound traffic (src ports and stuff). – Fahad Sadah Oct 24 '10 at 18:25
  • 1
    Flexibility comes with a price, and seriously - that price is too high for end users. many dont even KNOW that they use NAT... because this is how DSL routers are preconfigured. And this keeps them a little safer. Assuming they suddenly will manage managing a firewall is - sorry - delusional. And incoming ports? Here is one - my company (!) has NO (!) incoming ports on our office network. We only do outgoing traffic. And many companies do. NAT is a nice last resort to allow outgoing TCP connections for limited computers and home network scenarios. I am afraid of home networks without NAT. – TomTom Oct 24 '10 at 18:43
  • 1
    NAT is an ugly kluge that needs to end with IPv4. There is absolutely no need for NAT to be implemented in IPv6, and those who pine for NAT in IPv6 have drawn an unwarranted connection between NAT and network security. Consumer-grade networking gear for IPv6 could very easily implement a default "block-all-inbound-connections" firewall without NAT. – Steven Monday Oct 24 '10 at 18:59
  • 1
    Well, proove me those connections are "unwarranted" for end users without a clue about what IPv6 is... and thus without the knowledge to configure a firewall, and I will not assume you are an idiot in an ivory tower. Seriously, NAT protects the home network VERY well compared to open access with users which dont evne know how an IP address looks like and dont want to be bothered with stuff like configuring a firewall. – TomTom Oct 24 '10 at 20:21
  • 1
    @TomTom, while NAT may produce some security as a byproduct, it's just as easy to produce that will a default to deny firewall, then allow consumers to forward IP:Port combination as they please (which is what they do now anyhow). Just because NAT has useful side effects does not explicitly mean we'll lose anything when we remove it. One of NATs side-effects is added complexity for inbound connections, and losing that extra complexity is well worth the extraordinarily minor requirements of removing it. – Chris S Oct 24 '10 at 20:49
  • ah. no. sorry. because this would assume the firewall to know about the ip addresses assigned to it. While the NAT devices has intrinsic defined knowledge of internal and external network. The side effect has worked VERY well so far and a grea many devices rely on it. – TomTom Oct 24 '10 at 20:56
  • @TomTom Consumer devices are usually also the DHCP server and default gateway on the network. As such, it should have no problem knowing which IP's it provides to hosts or which hosts route traffic through it. It can easily provide this list of hosts in an easy GUI to setup allow rules. I really don't see why you're so set on NAT. NAT has worked very well for situations with very limited public addresses, but none of your arguments have convinced me it has any place with IPv6. – Martijn Heemels Dec 03 '10 at 18:00

The IPv6 deployment guide (in PDF) by the www.6net.org project is a good start. Next are the publications of the 6DISS project.

  • 6,925
  • 3
  • 30
  • 58

Well, personally there's no real additional burden for IPV6, as long as your applications support it. IPV4 will work for the forseeable time being, especially if you have a proper non-natted ip address, which you should if you want to run a proper server anyway

In the short term, if your applications support ipv6 (most do, it would be a matter of mainly in-house apps or legacy ones), its a simple issue of getting an ipv6 address from your ISP, or setting up a tunnel with hurricane electric, gogo6, or some other tunnel broker.

It would be useful if your router supported IPV6 or dual stack, but its entirely possible to have ipv6 running over even consumer grade IPV4.

Other than that, you'll hardly notice other than the longer ip addresses.

Journeyman Geek
  • 6,977
  • 3
  • 32
  • 50
  • Sadly it is not to easy. A lot of higher end equipment does not support IPV6 and it is not a matter of reprogramming as high end routers work ith ASICS these days. And then there are legacy applications from Microsoft THAT JUST COME OUT IN NEW VERSIONS STILL NOT SUPPORTING IPV6. – TomTom Oct 24 '10 at 12:32
  • 1
    yup, but running IPv6 over IPv4 means you need an IPv4 address :( so that doesn't solve anything about the scarcity of IPv4 addresses. :) – gbjbaanb Oct 24 '10 at 13:04
  • well, you can have ipv6 tunnels in a natted network, or behind the router - this gives a chance to *test* apps before ipv6 migration is needed. It also lowers the barrier of adoption. I'd note i suggested tunnels as a *short* term solution, and ipv6 support on the router as a longer term one. In addition, MS has been supporting IPV6 since vista. its a coming thing. – Journeyman Geek Oct 24 '10 at 22:55