In the late nineties, there was Y2K. Governments, businesses and individuals got scared big time. As a consequence, massive amounts of money were invested to prevent doomsday before it was too late. And it paid off. More than 10 years later, we can say the transition from the second to the third millennium was pretty smooth.
Again, the world is faced with a new threat: IPv4 has run out of addresses. Class A blocks are all gone. APNIC (Asiapac) will be out of stock within a couple of months, RIPE NCC (Europe) by mid-2012, and ARIN (North America) will follow shortly in early 2013. IP reclamation projects may help a little, but not for long. Meanwhile, IP address prices have sky-rocketed in Asiapac as organizations try to capitalize on the gold rush phenomenon (ref: 666.624 IPv4 addresses sold for $7.5M to Microsoft).
What it means for Service Providers
Certainly a lot of hardware and software upgrades to support IPv6. This will also mean a slightly different routing model and philosophy. Using IPv4 with extensive use of NAT (Network Address Translation), you basically have a ‘natural’ firewall (nobody can reach hosts through NAT unless specifically allowed via port forwarding). With IPv6, every single device has a unique address and therefore will be on the public internetunless a properly configured IPv6 firewall is installed. This scenario could create a lot of new security concerns. Service Providers would need to get stateful firewalls if they don’t want to overexpose their end users.
What it means for SMB (Small & Medium Businesses)
As most businesses (SMBs included) still run old OS or NIC with non-upgradable network stacks, they will need to upgrade their existing software (both OS and applications) and hardware (desktop, laptops, servers) infrastructure. An alternative will be the use of 6v4 NAT routers. Tons of applications which work only on IPv4 may be rendered less useful all of a sudden. Internal custom applications should continue to work but connectivity to the outside will not be guaranteed. There will be massive numbers of legacy applications that will need to be upgraded (if possible) or replaced (for products that reached end of life or companies that went out of business).
What it means for Technology Providers
Software vendors and technology providers will need to make their applications support IPv6 in the future and any in-between measures that could emerge from the potential chaos. Some vendors rely on third party source code or libraries, and will have dependencies they do not or cannot control. All software products will require extensive Quality Assurance testing and verification with existing IPv4, 6v4 NATed, native IPv6 networks, and any combination of these. Some existing algorithms will no longer be valid and new R&D will need to be performed. Think about DNSBL or Sender Reputation Systems for example, the systems were made for the IPv4 address space and they cannot be adapted to the enormous IPv6 address space without major rework, if at all.
It will be a mess
Overall, it will be a big mess, maybe worse than Y2K. Y2K was held up as a big bugaboo that fizzled when it happened. But the reason it fizzled was because companies got scared and spent hundreds of billions of dollars to prevent the harm. Most companies discussed above do not feel a real urgency about IPv6 and are waiting to see what will happen. Instead, they should be proactive and start planning now.
The ‘wait and see’ attitude does have a foundation as IPv6 could be somewhat held off by IP reclamation projects (getting back IPs that were allocated generously at earlier times to organisations that really didn’t need them). As a consequence, some reserved blocks could be released for allocation and thus temporarily increase the availability of IPs. Mass carrier-grade NAT deployment could also slow it down [and break the internet even more in the process], but the world will need to move to IPv6 sooner or later. The question that everyone seems to be having trouble answering is: when?