The Technical Case for IPv6 1

John Spence
IPv6 Security Consultant
Native6, Inc.

Yurie Rich
President, Native6, Inc.



The “Technical Case for IPv6” was written almost three years ago (2000/2001), when it was thought that IPv6 adoption by the world was “just around the corner”. With the collapse of the “dot.com” bubble, and a globally depressed economy, IT growth faltered, and is just now recovering. Despite the fact that the volume of the drum beat towards IPv6 integration may have diminished these past few years, it never discontinued its steady rhythm. As you read this whitepaper, keep in mind that many countries in Asia and Europe have made significant advances in IPv6 deployment. IPv6 is now supported in almost every major operating system and by most hardware manufacturers. Applications IPv6 are starting to emerge. The race towards adoption is back on!

The paper remains largely unchanged since its initial release. Some of the inaccuracies have been fixed, but by-and-large the information contained herein is still as true (perhaps more so) than it was several years ago.

This whitepaper will provide a high-level overview of the IETF Draft “The Case for IPv6” [CASEv6] (53pages!). As the referenced document does, this paper examines the technical reasons that IPv6 provides superior capabilities over IPv4, and why those features are important to the further development of the global network.

Our abstract focuses on the concepts covered in the IETF document – explaining what the key issues are rather than providing information on how they are implemented. We encourage you to read the IETF document as your knowledge and interest in IPv6 grows.



Today’s Internet – including the vast majority of computer networks within enterprises and institutions (“Enterprises” in this paper to include all forms of organizations) as well –is based on IPv4 (Internet Protocol Version 4), a networking protocol developed primarily by DARPA (Defense Advanced Research Projects Agency), a quasi-government (US) organization cooperating with academia. The initial work to define the network protocol was done during the late 1960’s and 1970’s [HISTORY]. Over time the Internet (we’ll call this the “global network”) has emerged from its defense-and research upbringing to become a global network platform on which institutions of all kinds rely to conduct their day-to-day operations. Many would argue that the Internet has become THE technology of our time.

IPv4 has been – by any measure – the most successful network protocol ever deployed, and it has worked remarkably for 30 years. Considering it was one of the first network protocols, and the designers had no experience with fielded large-scope networks, the durability of IPv4 has been nothing short of amazing.

Today, however, with the growth of the Internet, the development of a global business environment built upon the Internet, advances in technology, and the liberalization of global markets, IPv4 threatens to hold back the innovative possibilities of tomorrow’s Internet..

Enter IPv6. IPv6 is a completely new and redesigned network-layer protocol engineered to take the Internet into the future – whatever that may be. IPv6 is, in effect, the foundation upon which the future Internet can be built. IPv6 is not the Internet – the Internet is the collection of services and capabilities built by skilled technologists and used throughout the world. IPv6 is the platform on which those people can deploy applications as-yet unimagined –applications that can not be delivered (whether for technical or economic reasons) on today’s IPv4-based networks – regardless of the quality or quantity of clever “patches” or “workarounds” that skilled engineers can devise.

The IETF is the prime mover in the development and deployment of IPv6 [IETF]. Their engineering talent has designed the protocol, and the transition mechanisms that ensure a smooth, non-disruptive move to the new fabric of the Internet. There is no question that the new Internet will be built on IPv6.

To better understand how IPv6 will help us develop the future Internet, let’s explore the the major functional areas of IPv6, and why the new Internet platform will be better, faster, and more extensible than today’s paradigm.


Large Address Space

This is the feature of IPv6 that has generated the most attention – and it is critical to Internet growth. IPv4 uses a 32-bit address space – a total of about 4.2 billion addresses, where one address typically supports one device. In a world where all computers are connected to the Internet (every computer in every home, business, or institution), that’s how many uniquely identifiable devices there could be at any given time. Take into account that much of that space has been inefficiently allocated or is no longer available, and that the future world looks chock-full of new devices that will be connected to the global network (portable phones, PDA’s, Internet appliances, vehicles, etc.), and there are simply not enough addresses to go around.

IPv4’s usable life has been extended via a technology called Network Address Translation (NAT) – a clever mechanism that conserves scarce v4 addresses. Essentially, NAT allows enterprises to deploy potentially large networks using shared IP-addressing space (a commonly used network block reserved for this purpose is 10.0.0.0 (255.0.0.0)), and translating their Internet-bound traffic at their network edge to unique addresses assigned to their enterprise. In this way, an enterprise can deploy a thousand computer systems and only “consume” a handful of unique IP-addresses – perhaps 16-32. This benefit has a downside - giving up some heretofore lightly used capabilities of the Internet (like the ability to keep data private or to allow end-to-end communications between computers).

So, NAT is effective in the way it allows more nodes to join the network than would be possible if all nodes required routable addresses. That capability comes at a cost – that cost is the loss of key functionality. As the Internet develops, more advanced applications will require end-to-end connectivity throughout the network – just the capability that is not provided to NAT-enabled nodes. Additionally, many of these advance applications will require extensive “work arounds” to facilitate operations through/with NAT, creating technically complicated architectures.

IPv6 uses a 128-bit address space – a total of about 3.4 x 10³⁸ addresses [V6ADDR]. There have been enough clever ways to try to convey how many addresses that is – let’s just say it provides plenty for the foreseeable future, with plenty leftover to cover the unforeseeable future. This large address space means that each and every device can be a peer on the Internet, and potentially have complete and unfettered access to any other device (security and privacy issues not withstanding).

That’s good news for many reasons. IP addresses will not be scarce, meaning they should be inexpensive. Connectivity is already becoming very inexpensive, and the combination of the two means that many, many new devices can connect to the Internet. Given that the value of today’s Internet is largely the result of its increasing “ubiquity”, the value of the Internet will increase greatly – and we’ll look back on today’s Internet and understand that we were missing a great many things in today’s Internet.

One result of the large address space that deserves special mention is the enabling of true end-to-end connectivity – where a device can exchange packets with another device with no intermediary manipulation of those packets enroute. This provides the capability for stations on the Internet to exchange data in absolute privacy, and with certain knowledge about the information’s origin and accuracy.


Addressing Hierarchy

IPv6 provides an addressing hierarchy, whereas v4 was designed to provide a flat addressing environment. Under v6, addresses are “collected” and deployed in logical groups – greatly simplifying the process of getting a packet to the right place.

Under v4, any network – however small – could be anywhere on the Internet. That means that each and every router running an exterior routing protocol (these are the routers that connect enterprises together and all the routers in the core of the Internet) has to know exactly how to “find” each of those networks. The result is a very complicated network with many routers tracking a great deal of not-often-used information (i.e. the result is large routing tables and inefficient route processing).

Classless Inter-Domain Routing (CIDR) is being used on the Internet today to alleviate some of the IPv4 “address space depletion” and “large routing table” problems with some success. CIDR essentially allows a more efficient allocation of existing, un-allocated v4 addresses, and provides some route aggregation [CIDR]. While CIDR has played an important function in the growth of the Internet, the aggregation and efficiency of the IPv6 address model is the only way to effectively sustain that growth

The common analogy is the International phone system – with its use of country and area codes. When an individual dials a number in another country, the local call-routing system just needs to know how to route the call to the right country, where another call-routing function knows how to route it to the right area, where yet another function knows how to route the call to a specific phone. V6 works in a similar fashion. In a v4 phone analogy, the call-routing function at the caller’s location would have to know exactly how to route the call to phone at the far end of the world – and would have to maintain that information for each calling destination in the world.

So, IPv4-style network routing, a flat address space that allows a device to be anywhere in the logical topology of the Internet, yields poor routing performance, expensive routing devices, and added complexity resulting in poor reliability. IPv6-style network routing, using hierarchical route-aggregation, is much more effective, and will scale up well as the global network grows.


Streamlined Packet Format

IPv6 headers – the part of the IP packet that brackets the packet’s data (called the payload) and carries the packet to the destination address – are simplified and streamlined for performance as compared to IPv4 packets. An interesting note is that although IPv6 addresses are 4 times the size of IPv4 addresses (128-bits as opposed to 32-bits), and each packet carries both source and destination addresses, v6 headers are only twice the size of v4 headers. IPv4 packets are variable in size – the size of the headers change depending on what the packet carries, and what special features are used.

IPv6 packets are a fixed-size, and use “extension headers” to describe special features or packet handling. IPv6 headers are also reorganized so that intermediate routers do not necessarily need to examine extension headers –as is the case with IPv4 headers – only those extension headers that pertain to packet transit. This simple change makes processing and forwarding of packets through the global network more efficient. Since these efficiencies are gained at each intermediate “hop” along a packets path, the benefits will be cumulative and substantial.


Security

IPv4 and IPv6 share a powerful security mechanism called “IPsec”. IPsec provides strong encryption (for keeping packet content private), strong authentication (to ensure the packet really originated at the site specified), non-repudiation (which keeps the sender from later claiming they did not send the packet), and message integrity (to ensure the packets was not tampered with in transit).

IPsec is an optional component of an IPv4 implementation, and, as a result, has not been widely deployed or adopted by application providers. Much of the data – including some very private data –traverses the Internet today “in the clear” for wont of widely deployed IPsec. IPv6 makes IPsec a mandatory component. When IPsec is available on all networking platforms, and private data can be protected, the value of the network and the data that can be carried should go up substantially.


Lower-Cost Network Administration

IPv6 has a feature called “Address Autoconfiguration”. Essentially, this mechanism greatly lowers the amount of administration required to configure a new network device, move a device, or remove a device. The administration left is moved from the end-user device (i.e. a PC) to a network device (i.e. a router). So, rather than configure a collection of PC’s, a network administrator properly configures their local router, and each PC can configure itself based on information it already knows (a local device address) and information it learns through its startup process (from the router).

IPv4 uses either statically assigned addresses (where a specific machine is given a specific v4-address, and manually configured to use it) or a mechanism called DHCP (Dynamic Host Configuration Protocol). DHCP is a “stateful” autoconfiguration mechanism that provides some of the same features as the IPv6 solution. In fact, DHCP does some things that stateless autoconfiguration does not, so DHCP will also be available in v6 – but it will most likely be less utilized.

This autoconfiguration mechanism that IPv6 uses to manage address assignments and network environment information is far superior to those of IPv4, and will become a requirement as the network grows. Judging by current business trends, this ability to efficiently number networks – or re-number networks when an enterprise is acquired or merges with another enterprise (or changes service providers) – will be more and more important.

previous 1/2 next