Much of the focus around IoT has been on Internet of Things security, but there’s another issue administrators must tackle when deploying connected devices: addressing. In verticals such as manufacturing, recent predictions put IoT market growth at a staggering 18.6% compound annual growth rate over five years. How is the addressing and identification of all those things that are scheduled to come online—hundreds or thousands of them, in many cases—going to happen?
There’s little settled science when it comes to where and how enterprises should begin tackling the addressing issue. With today’s IoT environment and tomorrow’s predictions in mind, we gathered a handful of expert perspectives on how the addressing schema may look in the long term.
IP device addressing landscape overview
Unlike with many other IT issues, administrators don’t have clear standards or an industry-recommended approach laid out for them where device addressing is concerned. “When it comes to registering a thing, it differs across every different vendor right now. It’s kind of the wild West,” said Daniel Raskin, vice president of strategy at ForgeRock. To break the task into manageable pieces, it can be helpful to first remember that the Internet of Things is largely about relationships. “You’re going to have hundreds of millions of things with different relationships that are constantly changing, and that need to be linked together and delinked, and authorizing data and deauthorizing data, and all that kind of stuff,” Raskin explained.
He does believe that “every unique thing will need its own address,” whether that’s accomplished via IPv4 or IPv6, but he said that doesn’t mean it’s an unmanageable issue. “It means we have to come up with ways of extending infrastructure to make it manageable, whether it be through assigning it in groups or roles, or using common infrastructure techniques that, honestly, we’ve used around user identities.” Now, instead of just applying those techniques to people, enterprises may also need to apply them to things.
Another viewpoint is that some devices will require a unique network address while others may not. Uriel Kluk, CTO at Mesh Systems, said that identifiers in IoT “are a combination of both logical and physical,” and that the final schema will likely be a mix of both. “For security for the company, for being able to design systems and for BYOD, each device needs a physical address,” he explained. That address can be unique, or it can be unique to a particular space, “but the moment you have a particular physical address, that also needs some kind of lookup to some logical address.” The combination of physical and logical locations is what will comprise the real device identity. Another approach, which Kluk doesn’t suggest, is to provision devices with a logical address. “That creates a lot of extra steps in order to make the devices work,” he warned.
“We need to look at IPv6, absolutely, because even without the devices and the Internet of Things, already we are running out of IPv4 addresses for laptops, smartphones, tablets and any other mobile devices,” said Christian Légaré, executive vice president and CTO of Micrium Inc. That, however, doesn’t necessarily mean that IoT predicates the need to assign one global IP address to every device. It’s something Légaré said administrators shouldn’t worry about “because it will not happen.” His reason? He sees gateways or other aggregators doing some of the heavy lifting. “The gateway itself is the one that needs a public global address, and then we can address the other devices.” As a result, the requirements and the stresses on the address structure would be reduced.
Alternate Internet of Things addressing frameworks may affect future architecture choices
In some networks, particularly those that are large or sprawling, there are likely to be many dependent devices. Those could be designed to talk to a master device, such as a controller or gateway of some sort. “If there’s some kind of reference addressing in the LAN space and a combination on LAN to WAN, all of that can be pushed back to the server and at the end makes unique IDs,” Kluk said. The need to address each device individually is largely superseded by the use of a higher-level brain in this type of scenario. “I think it’s a combination of intelligence at the edge and some authentication method that understands the physical addresses,” Kluk said. However, there isn’t currently any one framework or proposed standard for this architecture that he recommends.
The potential architectures that could be built around master controllers will depend heavily on how administrators choose to move forward. In the past, production networks and administration networks were entirely separate—and separately protected. “We’ll need to find ways to take data from the production side and bring it to the general business side because this is where the benefits will be,” Légaré said. Because many IoT devices don’t have the same kind of common understanding that already exists in web technologies, it would take more than a controller to facilitate identification and information flow. “The data is being pumped out of the devices and the gateways in the field and it’s being brought to the enterprise servers,” Légaré said. Future adoption of protocols that either facilitate direct communication channels between devices and the rest of the network, or that leverage gateways, controllers or similar devices, may influence which types of structures survive.
IoT and IPv6
For some administrators, the move to IPv6 is seen as a must-do, something that will enable the addressing of IoT devices. However, Kluk raised some concerns. “This may sound strange, but I do not recommend going IPv6,” he said. He argues that “a lot of these devices don’t have the horsepower to go to IPv6.” Between the anticipated need for Internet of Things devices that are very basic and the inherently price-sensitive nature of hardware, he believes the necessity to be addressable may not fit scenarios where organizations “are trying to make a system as efficient and cost-conscious as possible.”
Each organization’s goals will color the role IPv6 is likely to play. “If IoT is important to where you’re going and it’s a key enabler of your business, then you can’t put off moving to IPv6 any longer,” Raskin said. If an administrator tackles the addressing issue in an IPv4 environment and then waits too long to make the transition, they may not be ready to take advantage of everything IoT and IPv6 have to offer when the time comes. This could leave a business at a competitive disadvantage. “I don’t think you have to be supporting IPv6 in the next month, but I think over the next year, administrators should know how they’re going to be getting there,” Raskin said.