Hello IPv6, Goodbye CGNs – Recent Discussions at a EU/Europol Meeting Thumbnail
Deploy360 24 October 2017

Hello IPv6, Goodbye CGNs – Recent Discussions at a EU/Europol Meeting

By Megan KruseFormer Director, Advocacy and Communications

Jan Zorz was recently invited to speak at a workshop held by the Estonian Presidency of the Council of the EU and Europol. Jan gave a well-received talk about how Slovenia widely deployed IPv6 and encouraged EU policymakers and law enforcement officials to do the same across Europe.

Per the press release, the workshop was “to address the increasing problem of non-crime attribution associated with the widespread use of Carrier Grade Network Address Translation (CGN) technologies by companies that provide access to the internet.”

With IPv4 address space depleting, CGNs have been widely implemented to conserve public IPv4 address space. In other words, many customers are sharing a single public IPv4 address that often also changes over time. Problems with sharing IP addresses (and therefore CGNs) are well outlined in RFC 6269: “Such issues include application failures, additional service monitoring complexity, new security vulnerabilities, and so on.”

CGNs also present a problem for law enforcement agencies looking to investigate and prosecute crimes online, as it’s much more difficult to narrow down the culprit. This workshop had several IPv6 experts speak of their experiences, partially on the assertion that IPv6 deployment would eliminate CGNs and once again allow law enforcement to track individual users via their IP addresses.

The Internet Society strongly believes in enabling private communications over the Internet, though we understand this can be a divisive issue as law enforcement has legitimate concerns relating to public safety and security and the ability to prosecute criminals. This is a policy discussion we won’t delve into here, but you can read about our upcoming Chatham House Roundtable on Encryption and Lawful Access to learn more about our work.

Back to the topic of IPv6, we are encouraged to see Europol and the EU discussing the need for full IPv6 deployment in public meetings. CGNs are not a sustainable path forward for a variety of reasons, and the faster we fully deploy IPv6, the better off the Internet will be.

If you’d like to get started with your own IPv6 deployment, check out our Deploy360 Start Here page where we have created a series of pages pointing to specific resources that are relevant to different audiences.

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Improving Technical Security 15 March 2019

DNS Privacy Frequently Asked Questions (FAQ)

We previously posted about how the DNS does not inherently employ any mechanisms to provide confidentiality for DNS transactions,...

Improving Technical Security 14 March 2019

Introduction to DNS Privacy

Almost every time we use an Internet application, it starts with a DNS (Domain Name System) transaction to map...

Improving Technical Security 13 March 2019

IPv6 Security for IPv4 Engineers

It is often argued that IPv4 practices should be forgotten when deploying IPv6, as after all IPv6 is a...