Thu, Aug 18, 2022
partly cloudy

TWNIC IPv6 promotion seminar discusses cloud transformation and network management using IPv6

Press release 0

The Internet has become an irreplaceable part of modern life, but our dependence on it has also exacerbated the problem of insufficient address spaces under the IPv4 protocol. To solve this problem, telecommunications providers in Taiwan started to transition businesses into using IPv6 in 2018. Recently, the Taiwan Network Information Center (TWNIC) also held a promotional seminar for the IPv6 protocol titled The Gateway to Global Access - IPv6 Promotional Seminar, inviting industry experts to share their experiences with IPv6 in cloud transformation and network management, thereby helping businesses better understand the new network protocol.

The seminar was not only well-received by the audience watching online, but also saw a number of VIP guests in attendance including the Secretary General of the Cloud Computing & IoT Association in Taiwan Chen Huai-Tuo, Executive Director of the Taiwan Internet Association Kuo Yu-Tai, Chairperson of the Taiwan XR innovation Association and Board of Supervisor of Digital Solutions Multimedia Asia Jennifer Pai, Secretary General of the Taiwan Association of Information and Communication Standards (TAICS) Chou Sheng-Lin, and TAICS Executive Secretary Xu Jian-Chang.

IPv6 has a bright future ahead

TWNIC Managing Director and CEO Kenny Huang started out by making clear that while past efforts to transition from IPv4 to IPv6 had been slow due to a lack of clear demand, changes in the past two years have led to the emergence of three factors that are now greatly accelerating the transition. Firstly, all end devices now support IPv6 by default. Secondly, with the use of IPv4 becoming more expensive to maintain, the current free-to-use model of IPv6 has presented a clear incentive for businesses to switch over. Thirdly, IPv6 has important IT safety implications in that the 64-bit address space of the new protocol makes it much more difficult for hackers to use traditional scanning methods to find the IP of a target subnet. Coupled with the removal of the pseudo-security offered by NAT in the IPv4 system, businesses can now place a newfound focus on ensuring network safety via IPv6.

Chen Huai-Tuo also said that the Internet is more important than ever in the new normal we find ourselves in after the pandemic. With demands for remote service on the rise, he is confident that IPv6 will have a bright future in Taiwan. Kuo Yu-Tai pointed out that Taiwan currently ranks 12th globally in terms of IPv6 adoption. While this is indicative of considerable progress, analysis reveals that these numbers are bloated due to most of them being from mobile users, meaning that Taiwan still has a long way to go. Jenifer Pai agreed that IPv6 is without a doubt the trend of the future and that further advancements in the digital economy and Internet technology will be able to help businesses better utilize the protocol to develop innovative services that will better cater to the demands of the times.

IPv6 enhances transfer efficiency for cloud migration

CKmates Senior Technology Advisor Yang Chang-Ta and AWS Joint Innovation Center Manager Cheng Kai-Fu both acknowledged the importance of IPv6 in cloud services.

Yang Chang-Ta said that the new age of digital technology is an opportunity for corporate change and that the quality and bandwidth of network transfers behinds these changes will be pivotal to their success. For example, the Artificial Intelligence of Things (AIoT) is heavily reliant on low-latency transfers to ensure that the data picked up by sensors can be transmitted in a timely fashion to the relevant edge devices or cloud platforms, which ensures that subsequent applications or analyses are not delayed. Another example is high performance computing (HPC), which runs on a large set of computation nodes connected to a network. These nodes all depend on the network having excellent network transfer efficiency to effectively export outputs and communicate with each other. And as 5G becomes mainstream, its high bandwidth, wide connectivity, and low latency will also create higher demands for data transfer. Once again, lackluster transfer efficiency would be a hindrance that could severely impact the development of 5G applications.

However, efficient data transfer is no easy feat to achieve as devices desperately need a better addressing model. Thankfully, IPv6 is the solution for companies that are facing this challenge, meaning that in the future IPv6 will be needed for the transfer of both unicast and multicast traffic.

Whatever changes a company decides to undergo, a shift to the cloud may eventually lie somewhere down the path. Yang Chang-Ta suggests that companies should look into incorporating AWS services to make cloud migration less costly and more accessible. He explained that most cloud service providers currently utilize dynamic IP assignment, which is difficult to use and implement. In contrast, AWS supports a bring your own IP (BYOIP) scheme that allows companies to smoothly transfer existing IP addresses to the cloud. For companies that have already transitioned over to using full IPv6 locally, they can retain all their existing settings when they make the change to cloud services using AWS.

"Besides implementing support for IPv6, Amazon is also working to help startups come up with more innovative ways to make use of the Internet," said Cheng Kai-Fu, explaining that projects such as AWS Activate and AWS Startup Migration are all aimed towards helping startups grow.

For example, AWS Activate provides a certain quota of free data transfers to startups since many of them have limited funds during their early days. This mechanism has already helped more than 30,000 startups, including Airbnb and Stripe, and has accumulated a staggering US$1 billion in free data transfers offered during 2020.

Cheng Kai-Fu pointed out that startups can simply apply for their free AWS Activate quota within 5 years of starting their company and get anywhere between 1 to 5 thousand USD in free data transfers, while startups with a capital of over US$50,000 are further eligible for US$10,000 in free data transfers. As for AWS Startup Migration, the plan targets established startup teams that have not yet been publicly listed. The plan helps startup teams migrate their services to the cloud by offering free resources and technical support. A good example of this would be the global live social entertainment platform 17LIVE, which utilized the service to move its streaming service to the cloud.

Keys to IPv6 network administration

Siraya Networks Technical Lead Zheng Jun-Wen and Onward Security Assistant Manager Yang Cheng-Ying next provided a list of key factors to consider when dealing with IPv6 in maintenance and scheduling from a management and IT safety perspective.

Zheng Jun-Wen drew from his 7 years of experience as a network admin to say that the most important thing for IT staff in dealing with IPv6 is to keep track of each end device at each level of the network model so they can quickly pin down problems when they occur. For example, monitoring software may be able to quickly report the problematic IP when a breach is detected, but that immediately presents more questions: what device does that IP correspond to? What switch is that device connected to? This is why IT staff must make sure that they have lookup tables ready so that the appropriate actions can be taken without delay.

Currently, there are two main ways to match an IP address with the device's MAC address: SNMP pooling and LAN listening. SNMP pooling starts by polling the forwarding database (FDB) table of a switch, which lists the MAC addresses of all the devices connected to it. Next, it polls the neighbor discovery (ND) table, the equivalent of the Address Resolution Protocol (ARP) Table in IPv4, to match each IP to a corresponding device by their MAC address. By cross-referencing the FDB with the ND (or ARP) table, management will get a complete picture of the IP/MAC pairing and the switches they are connected to. However, since these tables are constantly updated, IT must also regularly update their table. The other method is LAN listening, which makes use of four packets under the NDP protocol in an IPv6 environment to create a lookup table: RS, RA, NS, and NA.

Zheng Jun-Wen further stressed the importance for IT staff to keep a lookup table matching IP, MAC, and switches. He says that many worms will try to circumvent firewalls by spoofing their MAC addresses, so a lookup table allows identification of abnormal IP/MAC pairings before they can do damage. As long as the IT staff have a good grasp of the network's low-level information, the better they can react by taking the appropriate measures.

Besides keeping tabs on the low-level network, Yang Cheng-Ying also shared a few common cyber threats and defense mechanisms in an IPv6 environment. Yang pointed out that many devices and servers now come with IPv6 enabled by default, but IT security often overlooks this fact when designing their security and firewall, resulting in the protocol becoming a threat vector for traffic hijack despite the company not yet implementing IPv6 in their network structure. Other attacks like DDOS attacks and ND attacks have also popped up on the IPv6 threat landscape.

He therefore recommended that network admins and IT security staff should take note of the three following points to secure their company's IPv6 network.

Firstly, existing weaknesses and attacks in IPv4 will likely remain conceptually the same in IPv6, differing only in the way the attacks are carried out on a technical level. Therefore, existing IPv4 security mechanisms should still be preserved for an IPv6 environment. Secondly, network admins and IT security should still be aware of the differences between the two protocols, and should also pay close attention to new weaknesses in IPv6 as they build up their technical competence in IPv6 security.

Thirdly, while IPv6 isn't less secure when compared to IPv4, most devices and products in the current landscape lack safety features targeting IPv6. Since IPv6 may never fully replace IPv4, companies should always keep a close eye on the safety of their network environment in a dual-protocol setting.

In the future, TWNIC will continue to hold similar promotional activities to encourage companies to upgrade to IPv6, thereby helping raise Taiwan's overall IPv6 adoption rate in becoming a leader in network applications globally.

The TWNIC IPv6 promotional seminar held by TWNIC in collaboration with five of Taiwan's leading network associations

Kuo Yu-Tai, Jennifer Pai, Kenny Huang, Chen Huai-Tuo, and Chou Sheng-Lin (left to right)