"The firewalls don't look closely enough at encapsulated packets because the typical firewall today has nothing capable of opening up the capsule," he said. "Some vendors are starting to work together on this problem but they aren't there yet."
Hogg also said that creating dual-stack transition networks that run both IPv4 and IPv6 can create vulnerabilities for networks because they can become vulnerable to attacks with either IPv4 or IPv6 traffic. He said that any enterprise building a dual-stack network should make sure that it is secure before switching on any IPv6 capabilities. This means securing the network perimeter first, hardening network devices and building the IPv6 network first from the core and then out to the edges.
"In a lot of ways it's very similar to what you do to secure an IPv4 network," he said. "The migration strategy should be going from the core on out."
IPv6 only solves part of the problem
Even if every business and ISP were to successfully deploy IPv6 over their network tomorrow, it still wouldn't solve certain fundamental problems with the scalability of Internet routing. The IETF acknowledged these problems earlier this year when it formed a working group designed to address the scalability problems caused by multihoming, the practice whereby customers look to increase the reliability of their Internet connection by splitting their traffic over multiple carriers. Multihoming can become a problem because it can increase the size of routing tables to such a point that it will overwhelm router hardware.
Tom Nadeau, a senior network architect for BT, estimated that "we have 15 years to fix the routing problem or we're going to need IPv12." Doug Junkins, the vice president of IP Engineering for NTT America, said that while the problem with routing scalability is very real, it is still vital to at least start deploying IPv6 now in order fix the more immediate addressing problem.
"IPv6 adoption is solving one part of the overall problem, but there's going to need to be follow-up developments," he said. "My hope is that by deploying IPv6 we will help ease the transition to fixing the routing architecture in the future without having to fix the address side of the equation again."