"This is a well-publicized event," says John Brzozowski, distinguished engineer and chief architect for IPv6 at Comcast, which is participating in World IPv6 Day both as a provider of IPv6-based cable modem services and as an operator of seven IPv6-enabled websites. "Anything can happen. IPv6 is no different than any other new technology. The potential [for attacks] is there. Protecting the network is key to us."
Brzozowski says Comcast is monitoring its network for signs of attack throughout the trial. "We're taking the necessary steps so that the Comcast infrastructure is protected," he adds.
Juniper says that if its website comes under DDoS or other attack on World IPv6 Day, it will simply switch back to IPv4. "We can revert back to IPv4 in about five minutes," says Alain Durand, director of software engineering at Juniper, which is using its own translator-in-a-cloud service to IPv6 enable its main website for the day.
Akamai, a content delivery network with 30 customers that are participating in World IPv6 Day, says it isn't too concerned about hacking or DDoS attacks during the IPv6 trial.
"All of our command and control systems are going to stay on IPv4," says Andy Champagne, vice president of engineering with Akamai, which is developing a commercial IPv6 service. "Absent some underlying exposure in the protocol that we don't know about ... we think we're OK. We've got enough IPv6 capacity ... I don't expect any trouble.''
Radware's Meyran says hackers may be so clever that they won't attack websites on World IPv6 Day but will instead wait until these sites turn IPv6 on permanently. "The hackers will be very happy to see this day go successfully and that sites are starting to deploy IPv6 because it opens up new areas of attack," he predicts.
That's why Meyran recommends network administrators who participate in World IPv6 Day follow up with an event focused on IPv6 security testing. "The next stage will be to ... run attack tools that simulate IPv6 attacks to make sure your firewalls are really seeing the network and that your intrusion protection systems can really do the deep packet inspection of IPv6 traffic," he says.
World IPv6 Day is a large-scale experiment sponsored by the Internet Society that is designed to discover problems with IPv6 before the new protocol is widely deployed.
The Internet needs IPv6 because it is running out of addresses using IPv4. The free pool of unassigned IPv4 addresses expired in February, and in April the Asia Pacific region ran out of all but a few IPv4 addresses being held in reserve for startups. The American Registry for Internet Numbers, which doles out IP addresses to network operators in North America, says it will deplete its supply of IPv4 addresses this fall.
IPv4 uses 32-bit addresses and can support 4.3 billion devices connected directly to the Internet, but IPv6 uses 128-bit addresses and can connect up a virtually unlimited number of devices: 2 to the 128th power. IPv6 offers the promise of faster, less-costly Internet services than the alternative, which is to extend the life of IPv4 using network address translation devices.
One major stumbling block for IPv6 deployment is that it's not backward compatible with IPv4. That means website operators have to upgrade their network equipment and software to support IPv6 traffic.
Read more about lans & wans in Network World's LANs & WANs section