IPv6 general info
Uit EDPnet Wiki
Inhoud |
What is IPv6?
IP, the Internet Protocol, is one of the pillars which supports the Internet. Almost 20 years old, first specified in a remarkably concise 45 pages in RFC 791, IP is the network-layer protocol for the Internet.
In 1991, the IETF decided that the current version of IP, called IPv4, had outlived its design. The new version of IP, called either IPng (Next Generation) or IPv6 (version 6), was the result of a long and tumultuous process which came to a head in 1994, when the IETF gave a clear direction for IPv6.
IPv6 is designed to solve the problems of IPv4. It does so by creating a new version of the protocol which serves the function of IPv4, but without the same limitations of IPv4. IPv6 is not totally different from IPv4: what you have learned in IPv4 will be valuable when you deploy IPv6. The differences between IPv6 and IPv4 are in five major areas: addressing and routing, security, network address translation, administrative workload, and support for mobile devices. IPv6 also includes an important feature: a set of possible migration and transition plans from IPv4.
Since 1994, over 30 IPv6 RFCs have been published. Changing IP means changing dozens of Internet protocols and conventions, ranging from how IP addresses are stored in DNS (domain name system) and applications, to how datagrams are sent and routed over Ethernet, PPP, Token Ring, FDDI, and every other medium, to how programmers call network functions.
The IETF, though, is not so insane as to assume that everyone is going to change everything overnight. So there are also standards and protocols and procedures for the coexistence of IPv4 and IPv6: tunneling IPv6 in IPv4, tunneling IPv4 in IPv6, running IPv4 and IPv6 on the same system (dual stack) for an extended period of time, and mixing and matching the two protocols in a variety of environments.
IPv4 vs. IPv6
The Internet Protocol version 4, or IPv4, is the defined standard in the world today, but it is being replaced by the more advanced IPv6, to help solve the IP address exhaustion problem that is looming on the horizon. IPv4 uses 32 bits to define each address, which, in total, is roughly four billion addresses. This was a huge number during its inception, but with the internet boom, this address pool is expected to run-out in 2010 or 2011. IPv6 uses 128 bits for each address. To put this in perspective, if you take the number of known stars in the universe, and square that number, the result will only be slightly larger than the number of addresses in IPv6.
The problem of IP exhaustion forced people to come up with complex ways to conserve addresses. The complex algorithms can be taxing for routers that need to decipher each packet, and determine its destination. IPv4 is also impaired when working with mobile networks, where the device can move from one network to another. IPv6 solves these problems, as the huge number of addresses makes the complex algorithms unnecessary.
The difference between the two, that most people would likely notice, is the appearance of the IP address. IPv4 uses four 1 byte decimal numbers, separated by a dot (i.e. 256.256.256.256), while IPv6 uses hexadecimal numbers that are separated by colons. Due to the incompatibility of IPv4 and IPv6, translations have been made to enable their interoperation, that leads to addresses that look like ::ffff:256.256.256.256.
Another key advantage of IPv6, is the ability to carry larger payloads than the fixed amount allowed in IPv4. This is an optional feature, and IPv6 networks can still remain compliant to IPv4′s payload size. Despite of the numerous advantages of IPv6, the incompatibility still blocks its adoption. Only a meager 1% of the world’s networks have converted to IPv6, while the remaining 99% still use IPv4. This will change once IPv4 addresses are totally exhausted, and communication companies are forced to use IPv6 addresses.
Summary:
1. An IPv6 address consists of 128 bits, while an IPv4 address consists of only 32.
2. IPv6 has a lot more usable addresses compared to IPv4.
3. IPv6 makes the router’s task more simple compared to IPv4.
4. IPv6 is better suited to mobile networks than IPv4.
5. IPv6 addresses are represented in a hexadecimal, colon-separated notation, while IPv4 address use the dot-decimal notation.
6. IPv6 allows for bigger payloads than what is allowed in IPv4.
7. IPv6 is used by less than 1% of the networks, while IPv4 is still in use by the remaining 99%.
Why switch to IPv6?
Estimates vary, but most suggest that the Internet Assisted Numbers Authority’s (IANA) unallocated addresses will be exhausted sometime between 2011 and mid-2012. RIPE’s site estimates that 88 per cent of IP addresses are already used up.
IPv4 addresses are likely to continue working long after all the available addresses run out, so the problem itself is only likely to affect new businesses or current businesses looking to expand their web presence.
That said, a change to IPv6 seems inevitable. Cisco’s view is that “every customer in the market will face the inevitable transition from IPv4 to IPv6.”
Can I start already with IPv6?
With edpnet you can register on SixXs and start using an IPv6 tunnel via our Point Of Presence (PoP) today!
In a later phase we will offer a native IPv6 connection via dual stack (IPv4 + IPv6) from edpnet.
Do I still need a router with NAT?
With IPv6 the purpose is to give all your devices a public IP address.
If you use our solution in combination with a Fritz!Box 7340 then you will notice that all your devices in your local network will automatically receive a public IP address from the subnet that was given to you.
In this case you do not long receive a single IPv4 address, but a whole /64 subnet with IPv6 address to give to your local devices.
The amount of IP address you will receive with a /64 subnet will be more than you will ever need.
More info: http://linux-sxs.org/networking/ipv6_for_beginners.html
Regarding security the firewall will take care of the necessary security measures. Via the tunnelling solution you already receive a dedicated subnet.
What are the costs of changing?
IPv6 addresses themselves do not cost any money. Of course you'll have to check your own infrastructure to see if any changes have to be made to make it IPv6-ready.
Do I have to change right now?
The transition does not have to take place today or tomorrow so there is no reason to panic. It is important though that you take the appropriate measures to get ready for IPv6 as it demands the necessary knowledge, expertise and budget.
What about network security?
IPv6 was built from the ground up to be capable of end-to-end encryption. While this technology was retrofitted into IPv4, it remains an optional extra and isn’t universally used. The encryption and integrity-checking used in current VPNs is a standard component in IPv6, available for all connections and supported by all compatible devices and systems. Widespread adoption of IPv6, when properly implemented, could therefore make man-in-the-middle (MITM) attacks significantly more difficult.
IPv6 also supports more-secure name resolution. The Secure Neighbor Discovery (SEND) protocol is capable of enabling cryptographic confirmation that a host is who it claims to be at connection time. This renders Address Resolution Protocol (ARP) poisoning and other naming-based attacks much more difficult. And while not a replacement for application- or service-layer verification, it still offers a greatly improved level of trust in connections. In an IPv4 network it’s fairly easy for an attacker to redirect traffic between two legitimate hosts, allowing him to manipulate the conversation or at least observe it. IPv6 makes this very hard. (Not all device and OS implementations of IPv6 have applied this feature yet.)
This added security depends entirely on proper design and implementation, and the more complex and flexible infrastructure of IPv6 makes for more work ensuring every “t” is crossed and every “i” dotted. Nevertheless, properly configured IPv6 networking will be significantly more secure than its predecessor.
Are there any performance benefits?
Data packets transferred under IPv4 are severely size-restricted, and those that are too big must be fragmented and reassembled. Routers and other intermediary devices along the transport path handle this fragmentation, but the work involved can be inefficient, time-consuming and ultimately costly. Under IPv6, the protocol design incorporates end-to-end fragmentation, simplifying and lightening the load of handling fragmented packets. With less work required to identify and properly split data, speed goes up and the workload along the transport path goes down.
IPv6 also does away with the need for integrity-checking of packets during transit, leaving this to higher-level protocols such as Transmission Control Protocol (TCP) and User Datagram Protocol (UDP), freeing up valuable router time that can be better spent pushing data around as fast as possible.
There are also notable benefits in IPv6 for mobile devices, which will be able to maintain the same address when moving from one connection to another — going from a 3G network to Wi-Fi provided by your local coffee shop, for example. Rather than picking up a new address from the new connection service, the mobile device can keep the same “home” address at all times. This removes the need for “triangular routing,” in which data sent to the mobile device must first go through the network of the mobile provider. These changes not only provide greater speed, simplicity and usability, but also make connections more resilient and secure. Given the prevalence of mobile devices today, this enhancement should be most welcome.
Thanks to improved identity checking, IPv6 avoids many of the performance and security issues surrounding Multicast and Anycast broadcasting, and offers better autoconfiguration, with ICMP6 messages used to determine an appropriate address and configuration. Upgraded DCHP6 is also available for those who require more stateful control of network connections, and of course conventional static address assignment is possible if needed. The combination of a wider address pool and a more sophisticated address structure solves a lot of address conflict issues, which arise most commonly when company mergers or takeovers lead to integration and readdressing of networks. Organization-specific prefixes are a core part of the IPv6 infrastructure, and ensure no collisions even when lower portions of address overlap. Changing addressing structures is also simpler and more efficient.
Useful links
Preparing an IPv6 addressing plan
Cisco IPv6 Security presentation
www.ipv6council.be
www.ipv6actnow.org
www.ipv6tf.org
www.ripe.net/internet-coordination/ipv6
www.ripe.net/lir-services/resource-management/ipv6/ipv6-address-types
