Broadband optimize

10+ answers to your questions about IPv6

Michael Kassner recently asked TechRepublic members to share their questions about IPv6, promising to submit them to the experts at ARIN and Command Information. Both groups graciously responded, providing the following in-depth answers.

Michael Kassner recently asked TechRepublic members to share their questions about IPv6, promising to submit them to the experts at ARIN and Command Information. Both groups graciously responded, providing the following in-depth answers.


Note: This information is also available as a PDF download.

#1: Can you provide a simple overview of IPv6 and the differences between it and IPv4?

(Answer by ARIN)

Internet Protocol is a set of technical rules that define how computers communicate over a network. There are currently two versions: IP version 4 (IPv4) and IP version 6 (IPv6).

IPv4 was the first version of Internet Protocol to be widely used and still accounts for most of today's Internet traffic. There are just over 4 billion IPv4 addresses. While that is a lot of IP addresses, it is not enough to last forever.

IPv6 is a newer numbering system to replace IPv4. It was deployed in 1999 and provides far more IP addresses, which should meet the need well into the future.

The major difference between IPv4 and IPv6 is the number of IP addresses. Although there are slightly more than 4 billion IPv4 addresses, there are more than 16 billion-billion IPv6 addresses.

Internet Protocol version 4 (IPv4) Internet Protocol version 6 (IPv6)
Deployed 1981 1999
Address size 32-bit number 128-bit number
Address format Dotted aecimal notation:192.168.0.202 Hexadecimal notation:3FFE:0400:2807:8AC9::/64
Number of addresses 2^32 2^128

#2: IPv4 and IPv6 coexistence -- what does that mean?

(Answer by ARIN)

The technical functioning of the Internet remains the same in both versions and it is likely that both versions will continue to operate simultaneously on networks well into the future. To date, most networks that use IPv6 support both IPv4 and IPv6 addresses in their networks.

It is important for all organizations to consider the adoption of IPv6 for their Internet services over the next couple of years, but it is also important to know that IPv4 is not going away. IPv4 and IPv6 will coexist on the Internet for many years. Although it is necessary to make certain services like Web sites and e-mail available over the IPv6 network, it is not necessary to replace the already deployed IPv4 infrastructure. The transition from IPv4 to IPv6 will happen over the course of many years, with both protocols working together on the Internet. Much of the IPv4 deployed infrastructure may continue to work on the Internet for years to come.

#3: What will happen with older machines? What devices support IPv6? What Microsoft operating systems support IPv6?

(Answer by Command Information)

It is very difficult to generalize answers for questions like this. By older machines, I would assume we are talking about desktop machines. Some level of IPv6 support can be found (not necessarily through Microsoft) for all Windows systems from 95 through Vista, including Windows NT. However, the level of support will vary greatly. It should be noted that Windows XP, Vista, and Mobile all ship capable of running IPv6. Vista and Windows Mobile default to having IPv6 turned on, but the user has to turn it on in XP. As for what devices support IPv6 -- the device world is large; check with your device vendor for details.

#4: What about having IPv6 perimeter IP addresses and IPv4 IP addresses on the internal network?

(Answer by ARIN)

ARIN asks organizations to consider "dual-stacking" IPv4 and IPv6 so they can continue to communicate with IPv4 portions of the Internet, yet be able to communicate with the new and soon-to-expand IPv6 portions. ARIN advises organizations to begin by deciding what makes their routers, DNS, Web servers, and mail servers compatible with IPv6.

The level of effort to make Web site, e-mail, and other communication services available via IPv6 will be different for each organization. It will depend greatly on how the network is set up and what services are deployed. Here are some examples.

  • Some business entities host and manage their own Web sites and e-mail services at their own facilities. These companies will need to update the public-facing portion of their networks and servers so they are dual-stacked. This involves work at their own facility and coordinating with their service provider(s) to ensure some form of IPv6 connectivity is available.
  • Some business entities use a service provider or contractor to host and manage their Web sites and e-mail services. These companies will need to contact their service provider(s) or contractor(s) and state their requirement that their services be available over both IPv4 and IPv6.
  • Some business entities are Internet service providers themselves. These companies will need to update their infrastructure so that it includes connectivity to the Internet using IPv6.
  • Individual users may not have Web sites of their own, but they do visit other sites and communicate via e-mail over the Internet. Individual users will rely on their ISPs to ensure proper updates have been made so they can still see and communicate with the entire Internet, including both IPv4 and IPv6.

Organizations may also establish protocol translation services for their network, allowing clients using one version of the protocol to interact with content on the Internet using the other version.

#5: How does IPv6 addressing work? Explain IPv6 IP address shorthand.

(Answer by Command Information)

In general, an IPv6 address is made up of eight 4-character hexadecimal chunks, each separated by a colon. For example, 2001:0db8:0049:0000:ab00:0000:0000:0102 is a full IPv6 address. The first four chunks (64 bits) of the address identify the network portion of the address, referred to as the "network prefix." Because IPv6 addresses are hierarchical, the network prefix identifies the organization, service provider, and other elements of distribution. The last four chunks (64 bits) compose the interface ID, a unique identifier that is often created using a device's MAC address.

Because a full address as shown above can be cumbersome, addresses can be compressed via two easy steps. First, all leading zeros within a given chunk can be eliminated. For the above address this would reduce the address to 2001:db8:49:0:ab00:0:0:102. Additionally, once per address (and only once; otherwise, you'd risk ambiguous addresses), any number of consecutive, all-zero chunks can be replaced by a double colon, making the most compressed form of the above address 2001:db8:49:0:ab00::102.

#6: Do IPv6-ready firewalls actually work?

(Answer by Command Information)

Yes, there are IPv6-capable firewalls, and they work just like any other firewall. The key when evaluating a firewall for compatibility is to make note of who is saying the device is capable. The vendor can say its device is IPv6 compatible, but what "compatible" means is up to the vendor to say. "IPv6 Ready" is a standard set forth by the IPv6 Forum and offers vendors a chance for their devices (of all kinds, not just firewalls) to be tested and certified to either silver or gold standards.

The Joint Interoperability Test Command (JITC) offers a more stringent testing and certification. NIST will offer a certification in the future, but does not actually have testing laboratories available at this point. Whenever we talk about firewalls, though, it goes without saying that whatever the performance of the device, unless the rules it operates under are sound, the device is not sound.

#7: Will common networking tools such as Ping work with IPv6?

(Answer by Command Information)

Yes. Depending on your platform, some might be slightly renamed (and/or protocol specific), such as "ping6," but the essential, everyday, screwdriver/hammer-type tools like ping, traceroute, and telnet are present for IPv6.

#8: How does DHCPv6 work? How is it different from DHCPv4?

(Answer by Command Information)

Stateless Auto Configuration was originally designed to eliminate the need for DHCP in IPv6, and is in fact the default address assignment method in almost all host operating systems. However, some enterprises will feel the need to control their address allotments more tightly, and DHCPv6 was developed for this reason. Stateful DHCPv6 works, from a functional standpoint, very similarly to its v4 counterpart. The function of the protocol is to provide addressing and other useful information, such as the address of a DNS server. From an operation point of view, DHCP does have some differences, such as the use of multicast instead of broadcast and the ability to assign multiple addresses to a client. DHCPv6 also has two other modes of operation in addition to Stateful - Stateless and Prefix Delegation.

#9: How does DNSv6 work? How is it different from DNSv4?

(Answer by Command Information)

DNS (there is no "DNSv6" protocol) continues to operate as the default, Internet-wide name resolution service -- simply with a new record type and a new transport option. The new record type is AAAA (referred to a "quad A"), and the new transport -- of course -- is IPv6. From a logistics standpoint, DNS works just like it always has. If a host supports only IPv4, it works as it always has -- asking for A records. If a host supports IPv6 only, it asks for AAAA records only. If a host supports both (and believes it has both transports available), it asks for both.

#10: How are packets fragmented in IPv6 and how does that compare to IPv4?

(Answer by Command Information)

Fragmentation has been completely rethought in IPv6. When different networks were joined together in the dawning of the Internet, the job of fragmentation was given to the entry points (routers) that connected different networks or segments. Since some had smaller maximum transmission units (MTUs) than others, it made sense that they be able to break the packets down when they reached the entry points, because network reliability and throughput were at a premium. In IPv6, it is the role of the sending node to handle fragmentation. Because fragmentation is done by the sending node and not in transit, load on routers is reduced and they can return to the job they were built for -- passing packets to the next hop.

#11: What really happens to my company Internet access if it or my ISP network doesn't transition in time?

(Answer by ARIN)

Without a dual-stacked network or deployed protocol translation services, an individual user gaining Internet access for the first time from an IPv6-only ISP may not be able to access the Web sites or mail servers for organizations that operate IPv4-only networks.

There are implications to not adopting IPv6. These implications become evident as wide-scale deployment of IPv6 accelerates. Not adopting IPv6 may cause the following types of issues for the various types of Internet users.

  • Individual Users: Individual users may not be able to view Web sites and communicate with certain destinations. Many individuals use the Internet to communicate with distant friends and family, research medical issues, and participate in group discussions among other things.
  • Enterprise Organizations: Enterprise organizations and corporations may not be able to communicate with certain critical government resources, clients, and potential customers. E-mail is a critical form of communication for most enterprise organizations today and their Web sites are vitally important resources for them to communicate with the public.
  • Governments: Governments may lose their ability to see and communicate with the "whole Internet." Access to information is critical for governments. There also may be an inability for citizens and other Internet users to access information about the government and communicate over the Internet with government agencies.
  • Service Providers: Organizations that provide services over the Internet may experience customer and/or revenue losses if they do not update their offerings to include IPv6. Customers will expect to be able to communicate with everyone else on the Internet and may seek out other ways to do that if their current service provider is not capable.

#12: Is there some kind of a timeline for ISPs and backbone networks to implement IPv6 if it's not already in place? When do I need to start the change over process?

(Answer by ARIN)

Within the next few years, once the regional Internet registries (RIRs) run out of large blocks of IPv4 address space, organizations that require larger contiguous blocks of address space will be able to receive them only in IPv6. Contiguous blocks of IP address space are necessary for activities like building out new large networks and adding new customers to existing Internet service providers' networks.

Even organizations that have enough IPv4 address space and continue to operate their IPv4 networks will still need to implement IPv6 on their networks. Today, some people are voluntarily attempting to reach mail and Web servers via IPv6 connections to the Internet. Once the RIRs have no large blocks of IPv4 address space remaining and start allocating IPv6-only blocks to ISPs and other large networks, some people will have to use IPv6 to reach the Internet.

Therefore, any organization that has a Web site and communicates via e-mail will need to take steps to ensure those services are visible over both the IPv4 and IPv6 networks. The IPv4 network will allow continued communications with the legacy Internet, and the IPv6 network will allow Web site and e-mail communications to be visible for individuals connecting to the Internet using IPv6 only. When services are available over both IPv4 and IPv6, it's referred to as "dual-stacked."

The decision of when to make a network IPv6 capable is up to each organization, but every effort should be employed to begin planning and preparing for the transition as soon as possible.

As the free pool of available IPv4 addresses diminishes over the next couple of years, Internet service providers will begin to deploy services to customers using IPv6 only. When this occurs, there will be an IPv6-only portion of the Internet that begins to grow. For mutual communications to occur between an organization's Web site, e-mail, and other communication services and individuals who are part of this IPv6- only portion of the Internet, the organization will need to first make services IPv6 capable.

It is not possible to accurately predict the exact rate at which the Internet will continue to grow, and even less possible to predict what portion of that growth will be IPv6 only. It is possible to imagine, though, that Internet growth will continue at a rapid rate. And with that rapid growth will come many individuals who are connected to the Internet using IPv6. Within one year past the point of IPv4 free pool depletion and wide-scale IPv6 deployment, perhaps 2% of users will be on the IPv6-only portion of the Internet. After two years, maybe 4%. After five years, a much larger percentage. Each organization will have to decide when it is time to adopt IPv6. If it decides it must be ready to communicate with the IPv6-only portion of the Internet before it begins to grow, the time to act is now.

Online resources for IPv6 from the experts

  • ARIN hosts an IPv6 Wiki. This site is intended to facilitate discussion and information-sharing on IPv6 topics and issues. More information about IPv6, including general educational materials, specific registration services information, and contact information, is available at this ARIN v6 link.
  • Command Information has a wealth of online information at Inside IPv6. It also offers classroom training at Command Labs and Education Center.

Final thoughts

I would like to thank everyone at ARIN and Command Information for providing answers to TechRepublic members' questions. I especially want to thank Megan Kruse of ARIN and Patrick Bowman of Command Information for pulling the information together and making this article possible.


Michael Kassner has been involved with communications for 40-plus years, starting with amateur radio (K0PBX). He now works as a network field engineer for Orange Business Services and as a consultant with MKassner Net. Current certifications include Cisco ESTQ Field Engineer, CWNA, and CWSP.

About

Information is my field...Writing is my passion...Coupling the two is my mission.

84 comments
doramius
doramius

The numbers for how many addresses are available for IPv6 is a little misinforming. While it is over 16 Billion available, the number is much closer to 80 Octillion. Thus, purchasing a unique private address for your network toaster or you IP coffee maker might be possible. You see, 80 Octillion addresses would provide around billion viable addresses 'per person' and still leave available addresses in the spectrum.

occultrush
occultrush

Question: Given that I hold the data to build the technologies to grow PC' worn on the for-arm as a skin-graft, "synthetic-organ PC's" which grow their own hardwares and softwares on-demand from inerts added to the blood.. How can I wake the world to more reality, without them forever clawing and biting and growling at me.. to get the human race to supply me with a small-lab so I can give them what they need.. Namely: lab-grown PC's, Synthetic replacement organs, Plazma engines for flying cars, disintegration trash-pails, 4-D consumer interactive TV, 200-million new chemicals, obsolete pain disease and hospitals, and a beam that could write a poem on a lunar cliff face from here as well as drill a hole into the planet's magma to enable the planting of platinum-carbon magma batteries which crystallize into red diamond hardness-28, which will revolutionize every industry... How can I wake a deaf and blind numbed-out humanity to a little new-reality, without them wanting-to piss in my face for mentioning something they aren't aware of..? How can I wake people up to the more, without them fearing new and change, without the mindless babies, bullies, and apes, insulting me and flaming me to save-face in defending their growing mindless-ignorance, fears, stupidity, insanities, deficiencies, and misgivings..?

skywalker80
skywalker80

Dear Mr. Kassner, But you didn't answer to my question, that is very interested: I read that IPv6 header will have fields "flow label", and "DS byte" (differentiated services byte) - technologies that need to provide QoS. Does it means that in future,technicaly, company can build VPN with QoS for business critical aplications (like QoS MPLS provide today)but only using public Internet as backbone, not service provider's backbone (like MPLS use). So, is IPv6 also effort to provide QoS over public Internet? Thanks

arjanh
arjanh

Nice article. I have my doubts about item #10, though. MTU path discovery is also available for ipv4 (and pretty much works in the same way), but it is rendered fairly useless thyese days by providers either rate-limiting, or downright dropping icmp traffic in their core. This can lead to some peculiar behavior, where one system is able to communicate with some remote host, while another system can't. To give an example, SUN Solaris8 systems set the DF-bit by default (meaning that the ip packet may not be fragmented). Now, when a router somewhere down the line needs to fragment that packet, it may not, and drops the packet after sending an icmp message back. When that icmp packet is being dropped, all communications stop, and the session appears to hang. With en-route fragmentation out of the protocol for ipv6, that may become a real issue.

Michael Kassner
Michael Kassner

The graph shows 16 billion billion. Now where I get confused, is why they use that number. I'm not exactly sure what that means. I also wonder why they didn't just use the correct term.

Michael Jay
Michael Jay

the ability to transform technology and change the world, I just have to ask, is it IPv6 ready?

Michael Kassner
Michael Kassner

And have regretted that. I suspect that Santee and BoxFiddler understand what I'm talking about. So never again.

boxfiddler
boxfiddler

have a good grasp of what has happened to previous saviors of humanity.

santeewelding
santeewelding

Time could be a problem. The set-pieces are not confined to the technical.

Michael Kassner
Michael Kassner

I'd like to hear more details, if you have the time and inclination.

Michael Kassner
Michael Kassner

Perchance did you check out the other IPv6 articles that I've have written? I'd appreciate any comments or questions that you may have.

trejrco_z
trejrco_z

The short answer is that for the time being, QoS for IPv6 will be very similar to QoS for IPv4 - especially if we are talking about DiffServ. The reasons for that is two-fold: 1) The same DSCP (Diff Serv Code Points) bits from the Type of Service field in IPv4 are present in the Traffic Class field of the IPv6 header, and mean the same things. 2) The Flow Label field, someday may provide valuable QoS related functions but today that is not true. The ability to actually deploy Flow Label based QoS is not defined well enough and not supported by vendors currently. As for QoS across the (public) Internet, remember - "There is no SLA on the Internet" ... in this case, what that means is that you cannot dictate packet handling to providers that you have no contractual relationship with (and sometimes even those you do!). /TJ (Full Disclosure - I work at the aforementioned Command Information)

Patrick Bowman
Patrick Bowman

is that ICMPv6 (yes, ICMPv6 is a different protocol than ICMPv4 - the current specs for ICMPv6 are in RFC 4443) is pretty vital...critical, really...to IPv6 and blocking it the way you do ICMP in v4 is really not an option. ICMPv6 carries all the same functions that ICMPv4 carried...echo request/reply (ping), packet too big, destination unreachable, etc...but adds three new functions: 1) Neighbor Discover (ND) replaces ARP and determines the link-layer address of neighbors on the same local link 2) Router Discovery - finds routers and gets information from them through Router Advertisements and Router Solicitations 3) Neighbor Unreachability Detection (NUD) actively tracks bi-directional reachability between active neighbors. In fact, because ICMPv6 is so critical, the implicit "deny all" at the end of Cisco ACLs is now preceded by an implicit "permit all" for neighbor solicitation and neighbor advertisement. Regarding Path MTU discovery, this is the expected default behavior. Note that the minimum MTU in IPv6 has been increased to 1280 bytes. Some systems that experience unexplained packet failures may attempt to gracefully fix the problem by dropping their MTU to 1280B. Also, while some systems could choose to use 1280B as the default MTU, it is not the recommended behavior.

JCitizen
JCitizen

would understand the concept of quintillion? Isn't that what a billion x a billion is? My math has surely become fuzzy since engineering school! :(

santeewelding
santeewelding

One or n more orders of magnitude until we reach infinite density. Did I just say, "density"?

Michael Kassner
Michael Kassner

That's the scary part and once again I suspect we will have to play catch up and do that poorly.

Michael Kassner
Michael Kassner

Just commenting and asking is significant. Now how can we help you?

santeewelding
santeewelding

Michael: you are in my book a good, honest, and open man. Of course, you may have reservations about that.

JCitizen
JCitizen

at least in that I think writers should not talk down to their readership too much. Why not trust them to understand? Besides, if they don't care anyway, they will still be impressed by a new term in their vocabulary; and of course assume, that it is a very large number indeed. I think that is the point.

seanferd
seanferd

Add the exponents. If it is an American-style billion, 10^18 is correct. http://en.wikipedia.org/wiki/Names_of_large_numbers I had some better reference charts for this, but they are similar. Why would they say "billion billion"? Probably because any nomenclature between billion and googol has no meaning for most people. (Not that those numbers do, either.) ;)

JCitizen
JCitizen

16 billion billion would be like adding exponents. A billion is 10x^9 - in English that would be "ten to the ninth power(exponent)" So a billion times a billion is like 10x^9 times 10x^9 or 10x^(9+9) or 10x^18 so it would be 16 quintillion or 16(10x^18) :)

Michael Kassner
Michael Kassner

I've been trying to verify that for several days now. I need a math major.

boxfiddler
boxfiddler

that which isn't hilarious to ever be cool.

boxfiddler
boxfiddler

just large. And unknown. And way cool.

Michael Kassner
Michael Kassner

The ignorance is bliss theory? I subscribe to that quite often.

OnTheRopes
OnTheRopes

Ever since I gave up hope I've felt much better. ;) One more thing, thanks for the offer.

Michael Kassner
Michael Kassner

Trying to step outside the box put me into another box. Far out.

santeewelding
santeewelding

Psychology is a box. It is, I agree, a wondrous box made of itself and full of interesting things, including itself; but a box, nevertheless.

santeewelding
santeewelding

You leak into improbable places with your salutary effect.

Michael Kassner
Michael Kassner

I find this subject totally fascinating. If I could do it all over I'd think long and hard about psychology as it's infinitely interesting. The comment about just ignoring the box is huge. Now I just have to figure out how to do that innately.

boxfiddler
boxfiddler

that was my point. I like to mess with the box others build.

Michael Kassner
Michael Kassner

I hope you took that as I meant it. I re-read my comment and it could be misread. Which is absolutely not what I wanted to do.

Michael Kassner
Michael Kassner

I thought about that as I was writing the post and couldn't think of a better lead-in for you. Still, it's one of the things I truly respect about you.

boxfiddler
boxfiddler

but the one we build. I'd know. I like to fiddle with it.

Michael Kassner
Michael Kassner

Thanks to you, I have learned yet again what it means to think outside the box, way outside actually.