Yesterday BlackBerry held a series of events announcing their new “Passport” smartphone as well as an application called “BlackBerry Blend” that lets you use your computer or tablet (including iOS and Android tablets) in conjunction with the Passport phone. There was a good bit of media coverage, almost all focusing on the Passport phone itself.
One interesting fact to emerge, though, is that the BlackBerry Blend application requires IPv6 networking in order to function.
NOTE – it does not seem to require IPv6 connectivity, i.e. your network doesn’t have to have actual IPv6 addressing and connectivity to the IPv6 Internet, but your network needs to allow IPv6 networking.
This is stated very clearly under “Step 1″ on Getting Started with BlackBerry Blend and even more clearly in a knowledge base article titled “Unable to connect to BlackBerry Blend due to ipv6 being blocked on the computer“. That support document states:
Overview
BlackBerry Blend is unable to connect to, or communicate with the BlackBerry 10 smartphone when IPv6 traffic is being blocked.
Cause
An item in the network environment such as a VPN connector, firewall, network adapter setting, or anti-virus software is blocking or preventing IPv6 traffic.
Resolution
IPv6 is a requirement for BlackBerry Blend to connect and communicate with the BlackBerry Smartphone. In order to complete the connection, IPv6 traffic will need to be enabled or allowed in the network environment.
So you apparently don’t necessarily have to have actual IPv6 connectivity… but you can’t be blocking IPv6 packets on the WiFi network that Blend is using to communicate with the Passport smartphone.
Similarity to Apple’s Back To My Mac
I can’t yet find any further information on exactly how BlackBerry is using IPv6 to make the connection between your computer or tablet. However, on a certain level it sounds similar to what Apple does with their Back To My Mac (BTMM) function that is now part of their iCloud service. BTMM allows you to connect from one Mac back to another Mac to share files or to “share the screen” and remotely operate that remote Mac. Apple has more info about BTMM in its iCloud support area.
Similarly, BlackBerry Blend lets you connect from your computer or tablet to your Passport smartphone to be able to send and receive messages, view your calendars, transfer files, access internal websites using the Passport’s connection, etc. Effectively you are “remotely” managing the Passport smartphone from the tablet or computer, although unlike Apple’s BTMM you aren’t manipulating the actual desktop of the device but rather using the services and applications on the Passport.
The IPv6 connection comes in through the work of a team from Apple, UCLA and Toyota who documented how Apple’s BTMM service works in RFC 6281 and showed how it essentially creates an IPv6 “tunnel” over IPv4 between the two Macs. It’s well worth a read to understand how Apple did this.
Now, differently from what BlackBerry Blend apparently does, Apple tunnels all their IPv6 packets over IPv4 and so they don’t care about what the local network does with IPv6. Apple’s BTMM is also designed to work anywhere across the entire Internet, while the BlackBerry Blend is designed to only work across the local WiFi network. (The device running the BlackBerry Blend app and the Passport smartphone must both be on the same WiFi network to communicate.)
Still, it sounds like BlackBerry is creating some kind of IPv6 “tunnel” between the Blend app and the Passport device.
BlackBerry Assumes IPv6 Will Be Allowed
However, it seems BlackBerry assumed that IPv6 packets would not be blocked on the local WiFi network or would not be blocked on the computer running the Blend app. That probably is a safe assumption for many or even most networks, but I’ve heard of some enterprise networks who have not yet moved from IPv4 restricting IPv6 to prevent any unknown communication. It is those networks where Blend may have challenges working.
The reality is that the world is moving to IPv6 and so network operators MUST understand IPv6 security so that they can create appropriate IPv6 security policies that securely allow IPv6 traffic, rather than just blindly blocking IPv6.
BlackBerry’s Blend is just one of the first apps we’ll see assuming IPv6 is allowed. I’m sure there will be many more in the years ahead. Network operators who don’t at least allow IPv6 will find themselves with people or customers who are unhappy that they can’t use these new applications and services. Time to make IPv6 happen! (Or at least not block it!)
P.S. If you want to get started with IPv6, please visit our “Start Here” page to find resources targeted at your role or type of organization. And please let us know if you need more information!
With all the attention today to the Shellshock vulnerability, I need a place to keep track of it for my own purposes. If this page or list helps anyone else, that’s great, but this is primarily a tool for me to capture what’s going on. I intend to be updating it regularly while this is all happening. Suggestions are of course welcome in comments.