VeriSign: We will keep our lead in IPv6
- 12 October, 2010 07:02
VeriSign, the back-end operator of the Internet's.com and .net domains, says it has a head start on transition to the next-generation Internet Protocol known as IPv6 and that it intends to keep its lead over competitors.
"We're going to IPv6, and we're going to stay ahead of the curve," says Ken Silva, VeriSign's CTO. "We're going to be there before the carriers are there and even the manufacturers are there. Our software is ready to go. It's up, and it's running, and it's in production mode."
VeriSign is running IPv6 on two .com servers and two .net servers as well as two root servers that support the Internet's Domain Name System, which matches IP addresses with corresponding domain names. All of these servers are operating in dual-stack mode, which means IPv6 is running natively side-by-side with IPv4, the current version of the Internet Protocol.
"Our registration and our resolution systems have been IPv6 enabled for the last eight years or so. That means we've been able to accept a Quad-A record or an IPv6 address in the DNS for some time," Silva says.
VeriSign says it has complete feature parity between its IPv6 and IPv4 DNS services. "For DNS, it's not a lot of features," Silva admits. "It's just ask for a name and get a name."
VeriSign says the amount of IPv6 traffic it sees is miniscule: the company handles 1 million DNS queries per second using IPv4 and about 900 per second using IPv6.
"There's not a lot there," Silva admits, but he adds that VeriSign will add more IPv6-enabled servers to its DNS services ahead of the IPv6 traffic growth that it expects to begin in 2011.
VeriSign plans to release several more IPv6-enabled services in 2011. The company's public facing Web site -- www.verisign.com -- will support IPv6 next year. VeriSign also will add IPv6 support to its managed DNS and distributed denial-of-service (DDOS) mitigation services in 2011.
"Everything we do, and every plan that we make, and every strategy we have involves IPv6," Silva says. "Every new service that we are creating today has to be IPv6 compliant. Every software program we write has to be tested for IPv6."
VeriSign supports IPv6 on its internal corporate network but has found limits to what it can do with IPv6 because some routers, firewalls and load balancers don't support the emerging standard.
"Unfortunately, IPv6 is at the sort of nascent state where it's not quite there completely," Silva says. "We would like to see faster adoption, but in order for that to happen we have to see more carriers adopt it, more router and firewall and load balancer manufactures understand IPv6, and have more software applications that understand it."
VeriSign has been acquiring IPv6-enabled hardware as part of its tech-refresh process for many years, first through a $100 million upgrade called Project Titan that lasted from 2007 to 2010 and now through a similar ongoing upgrade dubbed Project Apollo.
Silva says VeriSign's IPv6 development effort involved more engineering time and effort than hardware or software investment. "We thought about IPv6 10 years ago, and so everything we could acquire at the time was IPv6 enabled as we built out our infrastructure," he adds.
One remaining challenge for VeriSign in its deployment of IPv6 is getting U.S. carriers to offer end-to-end IPv6 service. "NTT was one of the first out of the gate to offer IPv6 end-to-end. Most of the other carriers are tunneling IPv6 over IPv4, which we will get away with for awhile but that's not scalable," Silva says.
The U.S. government's new IPv6 mandate could prompt U.S.carriers to bring end-to-end IPv6 services to market sooner, Silva says. The mandate requires all federal agencies to support IPv6 on their public-facing Web sites by fall 2012 and on their public-interfacing internal applications by fall 2014.
"The government is finally taking a leadership role," Silva says. "They are the largest customer of some carriers and some equipment manufacturers. If they put out a $2 billion order that has to be IPv6 enabled, you'd be surprised how quickly the market will respond."
IPv6 is the biggest upgrade in the 40-year history of the Internet. Forward-looking carriers and enterprises are deploying IPv6 because the Internet is running out of IP addresses using the current standard, known as IPv4.
IPv4 uses 32-bit addresses and can support 4.3 billion devices connected directly to the Internet. IPv6, on the other hand, uses 128-bit addresses and supports a virtually unlimited number of devices -- 2 to the 128th power.
About 94.5% of IPv4 address space has been allocated as of Sept. 3, 2010, according to the American Registry for Internet Numbers www.arin.net . Experts say IPv4 addresses could run out as early as this December but will certainly be gone by the end of 2011.
Read more about lan and wan in Network World's LAN & WAN section.