Many Chicken Littles out there will tell you that the Internet is eventually going to run out of addresses and grind to a halt. To some, IPv6 is seen as the solution to the feared shortage of network addresses.
IPv6, Internet Protocol Version 6, is also known as IPng or IP Next Generation. Some have claimed that various fixes to IPv4 have eliminated the need for v6. While it is true that improvements to IPv4 have postponed the day of reckoning, most experts believe we will run out of addresses sometime in the next five to 10 years.
Yet there are other, more compelling reasons to move to IPv6. For instance, IPv6 will:
- Improve network autoconfiguration.
- Create hierarchical addressing to improve Internet-wide router performance.
- Allow for end-to-end security capability.
The current version of the protocol, IPv4, is roughly 20 years old. When it was originally designed, nobody anticipated the explosion in the Internet.
In the early 90s, the Internet Engineering Task Force (IETF) began developing a new IP protocol, IPv6. The new address space will probably be the feature that drives widespread adoption of IPv6. IPv4 uses a 32-bit address space. IPv6 will use a 128-bit address space.
How many unique IP addresses is that? 128-bit addresses translate to 340,282,366,920,938,463,463,374,607,431,768,211,456 unique addresses.
Both v4 and v6 begin each packet with a header containing important information, such as:
- The destination address
- the source address
- A time-to-live value
Here’s an important distinction, v4 uses variable-length headers, but all v6 headers are 40 bytes in length. This allows router software to be more efficient in parsing the headers. In addition, the number of fields in the header has been cut from 14 to 8.
The v6 header also has more flexibility. It allows for optional Extension Headers to be added after the regular header. These include:
- Hop-By-Hop Options
- Destination Options
- Authentication and Encryption Headers
You are already familiar with aggregation in the telephone system. Each phone number (in the U.S.) consists of an area code, a prefix, and a number. The various switches only consider their part of the number. This system of call routing greatly increases efficiency.
Internet routing also has a hierarchical mechanism of sorts in place—classless interdomain routing or CIDR. CIDR allows variable-length network prefixes, which means that backbone routers can store a single table entry to represent a number of lower-level networks. Unfortunately, the current CIDR system is an amalgam of pre-CIDR addresses and non-uniform routing. So it’s not efficient or scalable.
The large address space of IPv6 allows the establishment of a global hierarchical structure, aligned to geographic areas, with exceptions for pan-geographic backbone router topologies. This will streamline the routing system and eliminate the need for private address spaces.
Many servers use Dynamic Host Configuration Protocol (DHCP) to assign addresses to nodes dynamically. DHCP is a “stateful” address tool because it maintains tables showing which addresses are assigned to which stations and which addresses are available from its predefined pools of addresses. A new version of DHCP is being developed for v6 that will continue providing this “stateful” service.
IPv6 will also support “stateless” autoconfiguration without the use of DHCP. Basically, a v6 node would request a network prefix from a local IPv6 router, and then it would concatenate that address with an internal number, such as its Ethernet MAC address. This type of autoconfiguration will be especially useful for mobile computing applications, including handhelds.
Flow labeling and priority
Two new fields in the IPv6 packet design are the flow label and the priority setting. The flow label tells the router the flow of data to which a particular packet belongs. The priority indicates whether the packet needs special handling above the usual best-effort treatment. Both of these features affect Quality of Service (QoS).
For example, a desktop video stream could be given a priority that indicated it required a maximum transmission latency value. The router would then ensure that that value was never exceeded. A flow label could also be applied to the video stream, enabling routers to try to maintain the flow order, thus optimizing the transmission and improving efficiencies. As we move toward higher-bandwidth applications, these two fields will become more and more important.
IPv6 improves the security of the network by adding two new extension headers: the Authentication header and the Encryption header.
The Authentication header can be used to prevent some network attacks. It prevents IP spoofing by ensuring that a packet actually originates at the address indicated in the source address field. IP spoofing is one of the most common types of security breaches. With v4 there is no native way to prevent it. IPv6 will provide a standards-based way to authenticate packets at the Network Layer.
The Encryption header provides a means for nodes to exchange encryption information at the packet level. It allows for the encryption of each packet’s payload. Depending on the type of encryption used, it is possible to create a “steel pipe” level of security between two firewalls. This prevents any sort of packet sniffing during the public transmission of the data stream. It’s particularly important to organizations using the Internet to set up virtual private networks (VPNs).
Most IP traffic is “unicast” traffic—traffic between two single nodes. Some, though, is “broadcast”—traffic from a single node to as many nodes as care to listen. A variation of broadcast is “multicast,” where a specific list of receiving nodes is used.
Multicast is already in use with IPv4 but v6 improves the multicast capabilities of IP. It has a new multicast address format that accommodates many more group identifier codes as well as a new scope identifier. Using the scope identifiers, a group multicast can be limited to a single network or a single site, or allowed to broadcast worldwide.
IPv6 also provides for a new “anycast” address. This is a single IP address assigned to multiple interfaces, often on different computers or routers. A packet sent to the anycast address would be forwarded to the nearest one of the registered interfaces, thus enabling a form of load balancing and redundancy.
To begin with, the IPv6 stack is designed to be run alongside v4 stacks. You can “dual-stack” a machine without a problem. This means that an end-node or a router can communicate with both kinds of networks. It also means that you can upgrade hosts first, routers first, or any combination that meets your needs. You can configure the IPv6 stack with an IPv4-compatible address, if you want.
The designers of IPv6 knew it would not be practical to have the entire IP world move to v6 in one massive upgrade. They ensured that IPv6 would be backward compatible with v4.
As a start, IPv6 equipment recognizes all v4 packets. It is also possible to purchase equipment that encapsulates v6 packets in v4 packets (“tunneling”). This can be done at a gateway or router level. So an organization can roll out IPv6 in two or more locations and have those locations communicate via standard v4 networks and backbones.
Various operating systems
If you are ready to begin experimenting with IPv6, you will need to get a v6 stack that works with your operating system(s). There are a number of them out there, with more on the way. I found two lists of currently available stacks: one at the IPv6.org site, and one at the Sun site .
As you would expect, there are a number of UNIX/Linux stacks available. There is also a stack for the Macintosh and various options for routers. And then there is one available for Windows.
No version of Windows ships with an IPv6 implementation. If you run Windows, there are two possible paths: Trumpet has a v6 Winsock implementation available that works with Win 9x, and Microsoft Research has an experimental implementation that works only with NT and Windows 2000.
A look into the future
As more businesses look to the Internet for both internal connectivity and external sales growth, security will become a high priority. And as bandwidth needs increase and end-user bandwidth capacity improves (with cable modems and DSL), the need for improved efficiency in the Internet backbone will drive the market to embrace IPv6.
At this point, manufacturers are already producing compatible equipment. Many organizations and ISPs are moving or have already moved to IPv6.
With the transition toward IPv6, you need to learn about it, experiment with it, and be sure any new equipment you buy supports it.
Bruce Maples is an author, trainer, speaker, and consultant living in Louisville, KY.
Post a comment below about your predictions about the move to v6. Or send us an idea for a future article.