Software unprepared for IPv6
April 2, 2012
Research done by SIG shows that 1 in 7 information systems could stop working with the imminent deployment of version 6 of the Internet Protocol. In 2010 this ratio was 1 of 12 information systems. This means that the chance of failure has increased since 2010. The research looked at 145 systems currently operational in Western Europe. On average per system, €3.4 million has been invested to build or procure these systems.
Research done by SIG shows that 1 in 7 information systems could stop working with the imminent deployment of version 6 of the Internet Protocol. In 2010 this ratio was 1 of 12 information systems. This means that the chance of failure has increased since 2010. The research looked at 145 systems currently operational in Western Europe. On average per system, €3.4 million has been invested to build or procure these systems.
In 2010 the forecast for exhaustion of IPv4 addresses was that it would occur in January 2012. In the meantime the estimations for exhaustion have been adapted and they differ per regional registry [1] . In Asia addresses are already exhausted while in Europe the exhaustion is expected to occur somewhere in the middle of 2012. Further extension of internet implies that software, equipment and networks will increasingly rely on the new IPv6 protocol. Organizations should be prepared to work with both protocols (dual stack) within the software and IT infrastructure.
"In 2010 we expected that organizations would be working on projects to migrate to the next version of the Internet Protocol. However, contrary to common expectation, we now found that even more information systems could stop working after the migration to the new protocol," says Tobias Kuipers, CTO of SIG. “Systems need to be modified to work with both protocols. If the modification is done in a timely fashion, it is relatively minor. If organizations only find out that systems stop working when testing or deploying it, then they need to perform an unscheduled repair project. This can run up to € 1 million per system, depending on the necessary urgency".
"In general, information systems have no knowledge of the specific version of the Internet Protocol being used, just like electrical appliances do not care how the electricity they use is transported to the power socket," says Joost Visser, head of Research at SIG. "We now have learnt that 1 in 7 systems uses specific parts of the protocol that could cause them to stop working if they are faced to work with an environment that uses both protocols. Fortunately, these systems do not strictly need to use these parts. During development or regular maintenance, it is reasonably simple to rewrite the software in such a way that it no longer cares what version of the protocol is used".
SIG helps clients to identify software risks and take steps aimed at reducing the likelihood of unexpected events or their consequences occurring. This research shows the importance of assessing IPv4 dependencies in software before they turn into a problem.
For issues relating to the report please contact Joost Visser.
Download the SIG report:
SIG Trend Report on IPv4 Captivity 2011 (PDF - 286 Kb)
[1] See http://www.potaroo.net/tools/ipv4/ for the current estimation of Exhaustion Dates per region