When it comes to network management software that supports IPv6, buyers should be wary.
An increasing number of network monitoring and management tools support IPv6, but these products often don’t include the full set of features available in IPv4. And few commercial offerings provide the extra capabilities needed for IPv6, an upgrade to the internet’s primary protocol that has a new addressing scheme, built-in autoconfiguration and end-to-end security, among other features.
“We deployed IPv6 many years ago and, from a network-centric point of view, there are still some basic things that aren’t there yet,” says Rick Summerhill, director of network research, architecture and technologies for Internet2, a next-generation network run by a consortium of US universities.
“We rely on Cisco NetFlow to analyse what goes on in our network, and that isn’t there yet for IPv6. It’s little things, like being able to do usage on our interface,” Summerhill says, pointing out that both routers and network management software are missing key features. “The ability to analyse your network in some way — that’s what’s still missing.”
Summerhill says this gap in the ability of network management software to handle IPv6 leaves networks that are moving to the new standard vulnerable to attack.
With new technology like IPv6, “you’re much more vulnerable to attacks or to malicious attempts to disrupt your network, and the ability to analyse those attacks when they happen is really important,” Summerhill says.
Experts say the need for network monitoring and management tools for IPv6 is even greater than tools for today’s IPv4 networks for several reasons:
• Networks of the future will be more complicated than today’s because they will run IPv4 and IPv6 side by side for years during the transition from one standard to the other.
• IPv6 lets network managers directly address more network devices than ever before, which will lead to larger networks.
• IPv6 addresses are longer and more cumbersome to display and store in network management applications.
• IPv6 packet headers are larger, and there are more of them, and that’s a challenge for network management and monitoring tools.
• New IPv6 features, such as end-to-end security, will make it harder to monitor packets for network traffic analysis.That’s why it’s critical that network managers have tools to monitor and manage IPv6 devices and traffic, to analyse both network protocols, and to help with troubleshooting.
“We believe that both security and management have to be top-of-mind in any customer transition to IPv6,” says Dave West, director of field operations for Cisco’s Federal Centre of Excellence.
“You have to be able to manage devices and visualise the flows.”
The tools to do this aren’t available today, and it’s unclear whether enough IPv6-ready network-management functions will be available by June 2008, when US federal agencies are required to turn on IPv6 support in their backbone networks.
Network-management applications for IPv6 are “still in the development phase,” says Yanick Pouffary, technology director for the North American IPv6 Task Force and an IPv6 Forum fellow. “Everybody is targeting the federal agencies and the timeline that is in the Office of Management and Budget mandate.”
If these tools don’t become available soon, network managers run the risk of having to do twice the work to support IPv4 and IPv6 in dual-stack networks.
“It’ll be harder in the sense that you have two protocols to look over,” Summerhill says. “But if management systems come along that are capable of doing dual-stack, it won’t be that much harder.”