Microsoft admits running out of IP addresses for Azure

Microsoft has admitted it runs out of Internet Protocol version 4 (IPv4) addresses in the US occasionally, but has assured Azure US customers that their data will remain in the US.

Some US customers of Microsoft’s Azure cloud platform service were concerned when they noticed that some virtual machines being used for their workloads had been assigned non-US IP addresses.

But IPv4 address space has been fully assigned in the US, Ganesh Srinivasan, Microsoft’s senior program manager, said in a blog post.

“This requires Microsoft to use the IPv4 address space available to us globally,” he said.

IPv4 provided a 32-bit addressing system, but that meant there was a relatively limited number of IP addresses of roughly 4.3 billion to be shared around the world.

Srinivasan said it was not possible to transfer registration because the IP space is allocated to the registration authorities by the Internet Assigned Numbers Authority.

This means that although a service may appear as though it is coming from a non-US location, the servers providing services to US customers remain in the US.

“Thus when you deploy to a US region, your service is still hosted in US and your customer data will remain in the US,” said Srinivasan.

Large companies like Microsoft bought up large blocks of IPv4 addresses, but as the number of internet-connected devices and services increase, all the available IPv4 addresses will eventually be exhausted.

For this reason, companies around the world will have to start moving over to the next-generation IP addressing system, IPv6.

IPv6 is based on 128 bits, which means it provides more than four billion times more IP addresses than IPv4.

In its Azure website, Microsoft says it has built IPv6 support into many of its products and solutions like Windows 8 and Windows Server 2012 R2.

The foundational work to enable IPv6 in the Azure environment, it claims, is well underway.

“However, we are unable to share a date when IPv6 support will be generally available at this time,” the company said.

While IPv6 solves the problem of running out of addresses, organisations will have to change the way they do networking as the world moves from IPv4 to IPv6.

One important area of concern is data security.

The move to IPv6 has several security implications. First, most operating systems include some sort of IPv6 support by default.

This means networks have at least partial deployment of IPv6, often without IT realising. This in turn means IPv6 support could be used by attackers for a number of malicious purposes such as evading network security controls or triggering VPN leakages.

Second, IPv4 and IPv6 will co-exist for some time, so it will become common for allegedly “IPv4-only” nodes to communicate with IPv6 nodes through the aid of transition or co-existence technologies.

This means attackers can more easily obfuscate attacks using IPv4 and IPv6.

Finally, many organisations will need to deploy IPv6 sooner or later, and quickly learn the details of IPv6 security so that an informed deployment and transition plan can be implemented.

 

Via: computerweekly


Save pagePDF pageEmail pagePrint page

Leave a Reply

Your email address will not be published. Required fields are marked *