IPv6

Internet Protocol Version 6 (IPv6) is a version of the Internet Protocol that is designed to succeed Internet Protocol version 4 (IPv4), the first publicly used Internet Protocol in operation since 1981. IPv6 is an Internet Layer protocol for packet-switched internetworking. The main driving force for the redesign of Internet Protocol was the foreseeable IPv4 address exhaustion. IPv6 was developed by the Internet Engineering Task Force (IETF), and is described in Internet standard document RFC 2460, published in December 1998.

What is IPv6?

IPv6 has a vastly larger address space than IPv4. This results from the use of a 128-bit address, whereas IPv4 uses only 32 bits. The new address space thus supports 2128 (about 3.4×1038) addresses. This expansion provides flexibility in allocating addresses and routing traffic and eliminates the primary need for network address translation (NAT), which gained widespread deployment as an effort to alleviate IPv4 address exhaustion.

IPv6 also implements many other new features. It simplifies aspects of address assignment (stateless address autoconfiguration) and network renumbering (prefix and router announcements) when changing Internet connectivity providers. The IPv6 subnet size has been standardized by fixing the size of the host identifier portion of an address to 64 bits to facilitate an automatic mechanism for forming the host identifier from Link Layer media addressing information (MAC address). Network security is also integrated into the design of the IPv6 architecture, and the IPv6 specification mandates support for IPsec as a fundamental interoperability requirement.

Benefits of IPv6

For deployment, IPv6 is largely incompatible with IPv4 at the packet level, and translation services have practical issues that make them controversial. IPv6 and IPv4 are therefore treated as almost entirely separate networks with devices having two separate protocol stacks if they need to access both networks, with tunneling of IPv6 on IPv4 and vice versa. In December 2008, despite marking its 10th anniversary as a Standards Track protocol, IPv6 was only in its infancy in terms of general worldwide deployment. A 2008 study by Google Inc. indicated that penetration was still less than one percent of Internet-enabled hosts in any country. IPv6 has been implemented on all major operating systems in use in commercial, business, and home consumer environments.

Deployment of IPv6

The first publicly used version of the Internet Protocol, Version 4 (IPv4), provides an addressing capability of about 4 billion addresses (232). This was deemed sufficient in the early design stages of the Internet when the explosive growth and worldwide proliferation of networks was not anticipated.

During the first decade of operation of the Internet, by the late 1980s, it became apparent that methods had to be developed to conserve address space. In the early 1990s, even after the redesign of the addressing system using a classless network model, it became clear that this would not suffice to prevent IPv4 address exhaustion, and that further changes to the Internet infrastructure were needed.

By the beginning of 1992, several proposals appeared and by the end of 1992, the IETF announced a call for white papers and the creation of the IP Next Generation (IPng) area of working groups.

The Internet Engineering Task Force adopted the IPng model on July 25, 1994, with the formation of several IPng working groups. By 1996, a series of RFCs was released defining Internet Protocol version 6 (IPv6), starting with RFC 1883.

The IETF assigned version 6 for the new protocol as a successor to version 4, because version 5 had previously been assigned to an experimental protocol, the Internet Stream Protocol, similar to IPv4, intended to support video and audio.

It is widely expected that IPv4 will be supported alongside IPv6 for the foreseeable future. IPv4-only nodes are not able to communicate directly with IPv6 nodes and need assistance from an intermediary gateway or must use other transition mechanisms.

Why IPv6?

Estimates of the time of complete IPv4 address exhaustion varied widely in the early 2000s, but all converge now on the time frame from 2011 to 2012. In 2003, Paul Wilson (director of APNIC) stated that, based on then-current rates of deployment, the available space would last for one or two decades. In September 2005, a report by Cisco Systems suggested that the pool of available addresses would dry up in as little as 4 to 5 years. As of September 2010, a daily updated report projected that the IANA pool would be exhausted in mid-2011, with the various regional Internet registries using up their allocations from IANA in early 2012. As of 2008, a policy process has started for the end-game and post-exhaustion era.

IPv4 Exhaustion

In most regards, IPv6 is a conservative extension of IPv4. Most transport and application-layer protocols need little or no change to operate over IPv6; exceptions are application protocols that embed internet-layer addresses, such as FTP and NTPv3.

IPv6 specifies a new packet format, designed to minimize packet header processing by routers. Because the headers of IPv4 packets and IPv6 packets are significantly different, the two protocols are not interoperable.

Differences Between IPv4 and IPv6

The most important feature of IPv6 is a much larger address space than in IPv4: addresses for IPv6 are 128 bits long, compared to 32 bits in IPv4.

Decomposition of an IPv6 address into its binary form

The very large IPv6 address space supports a total of 2128 (about 3.4×1038) addresses—or approximately 5×1028 (roughly 295) addresses for each of the roughly 6.8 billion (6.8×109) people alive in 2010. In another perspective, this is the same number of IP addresses per person as the number of atoms in a metric ton of carbon.

While these numbers are impressive, it was not the intent of the designers of the IPv6 address space to assure geographical saturation with usable addresses. Rather, the longer addresses allow a better, systematic, hierarchical allocation of addresses and efficient route aggregation. With IPv4, complex Classless Inter-Domain Routing (CIDR) techniques were developed to make the best use of the small address space. Renumbering an existing network for a new connectivity provider with different routing prefixes is a major effort with IPv4. With IPv6, however, changing the prefix announced by a few routers can in principle renumber an entire network since the host identifiers (the least-significant 64 bits of an address) can be independently self-configured by a host.

The size of a subnet in IPv6 is always 264 addresses, the square of the size of the entire IPv4 address space, which is 232. Thus, actual address space utilization rates will be small in IPv6, but network management and routing is expected to be more efficient because of the inherent design decisions of large subnet space and hierarchical route aggregation.

Larger Address Space

IPv6 hosts can configure themselves automatically when connected to a routed IPv6 network using Internet Control Message Protocol version 6 (ICMPv6) router discovery messages. When first connected to a network, a host sends a link-local router solicitation multicast request for its configuration parameters; if configured suitably, routers respond to such a request with a router advertisement packet that contains network-layer configuration parameters.

If IPv6 stateless address autoconfiguration is unsuitable for an application, a network may use stateful configuration with the Dynamic Host Configuration Protocol version 6 (DHCPv6) or hosts may be configured statically.

Routers present a special case of requirements for address configuration, as they often are sources for autoconfiguration information, such as router and prefix advertisements. Stateless configuration for routers can be achieved with a special router renumbering protocol.

Stateless Address Autoconfiguration (SLAAC)

Multicast, the transmission of a packet to multiple destinations in a single send operation, is part of the base specification in IPv6. In IPv4 this is an optional although commonly implemented feature.

IPv6 does not implement traditional IP broadcast, i.e. the transmission of a packet to all hosts on the attached link using a special broadcast address, and therefore does not define broadcast addresses. In IPv6, the same result can be achieved by sending a packet to the link-local all nodes multicast group at address ff02::1, which is analogous to IPv4 multicast to address 224.0.0.1.

IPv6 multicast addressing shares common features and protocols with IPv4 multicast, but also provides changes and improvements by eliminating the need for certain protocols.

Unicast address assignments by a local Internet registry for IPv6 have at least a 64-bit routing prefix, yielding the smallest subnet size available in IPv6 (also 64 bits). With such an assignment it is possible to embed the unicast address prefix into the IPv6 multicast address format, while still providing a 32-bit block, the least significant bits of the address, or approximately 4.2 billion multicast group identifiers. Thus each user of an IPv6 subnet automatically has available a set of globally routable source-specific multicast groups for multicast applications (RFC 3306).

In IPv4 it was very difficult for an organization to get even one globally routable multicast group assignment and implementation of inter-domain solutions was very arcane.

IPv6 also supports new multicast solutions, including embedding Rendezvous Point addresses in an IPv6 multicast group address which simplifies the deployment of inter-domain solutions.

Multicast

Internet Protocol Security (IPsec) was originally developed for IPv6, but found widespread deployment first in IPv4, into which it was back-engineered. IPsec is an integral part of the base protocol suite in IPv6. IPsec support is mandatory in IPv6; this is unlike IPv4, where it is optional.

Mandatory Support for Network Layer Security

In IPv6, the packet header and the process of packet forwarding have been simplified to make packet processing by routers more efficient, and thereby extending the end-to-end principle of Internet design. Specifically:

The packet header in IPv6 is simpler than that used in IPv4, with many rarely used fields moved to separate options; as a result, although the addresses in IPv6 are four times as large, the option-less IPv6 header is only twice the size of the option-less IPv4 header.

IPv6 routers do not perform fragmentation. IPv6 hosts are required to either perform PMTU discovery, perform end-to-end fragmentation, or to send packets no larger than the IPv6 default minimum MTU size of 1280 octets.

The IPv6 header is not protected by a checksum; integrity protection is assumed to be assured by both link layer and higher layer (TCP, UDP, etc.) error detection. Therefore, IPv6 routers do not need to recompute a checksum when header fields (such as the time to live (TTL) or hop count) change.

The TTL field of IPv4 has been renamed to Hop Limit, reflecting the fact that routers are no longer expected to compute the time a packet has spent in a queue.

Simplified Processing by Routers

Mobility

Unlike mobile IPv4, mobile IPv6 avoids triangular routing and is therefore as efficient as native IPv6. IPv6 routers may also support network mobility which allows entire subnets to move to a new router connection point without renumbering.

Options extensibility

The IPv4 protocol header has a fixed size (40 octets) for option parameters. In IPv6, options are implemented as additional extension headers after the IPv6 header, which limits their size only by the size of an entire packet. The extension header mechanism provides extensibility to support future services for quality of service, security, mobility, and others, without redesign of the basic protocol.

Jumbograms

IPv4 limits packets to 65535 (216 - 1) octets of payload. IPv6 has optional support for packets over this limit, referred to as jumbograms, which can be as large as 4294967295 (232 - 1) octets. The use of jumbograms may improve performance over high-MTU links. The use of jumbograms is indicated by the Jumbo Payload Option header.

The IPv6 packet is composed of two parts: the packet header and the payload. The header consists of a fixed portion with minimal functionality required for all packets and may contain optional extension to implement special features.

The fixed header occupies the first 40 octets (320 bits) of the IPv6 packet. It contains the source and destination addresses, traffic classification options, a hop counter, and a pointer for extension headers if any. The Next Header field, present in each extension as well, points to the next element in the chain of extensions. The last field points to the upper-layer protocol that is carried in the packet's payload.

Extension headers carry options that are used for special treatment of a packet in the network, e.g., for routing, fragmentation, and for security using the IPsec framework.

The payload can have a size of up to 64KiB without special options, or larger with a jumbo payload option in a Hop-By-Hop Options extension header.

Fragmentation is handled only in the end points of a communication session; routers never fragment a packet, and hosts are expected to use Path MTU Discovery to select a packet size that can traverse the entire communications path.

Packet Format

The most important feature of IPv6 is a much larger address space than in IPv4. IPv6 addresses are 128 bits long, compared to only 32 bits previously. While the IPv4 address space contains only about 4.3×109 (4.3 billion) addresses, IPv6 supports approximately 3.4×1038 (340 undecillion) unique addresses, deemed enough for the foreseeable future.

IPv6 addresses are written groups of four hexadecimal digits separated by colons, for example, 2001:db8:1f70::999:de8:7648:6e8. IPv6 addresses are logically divided into two parts: a 64-bit (sub-)network prefix, and a 64-bit interface identifier.

IPv6 addresses are classified by three types of networking methodologies: unicast addresses identify each network interface, anycast addresses identify a group of interfaces, usually at different locations of which the nearest one is automatically selected, and multicast addresses which are used to deliver one packet to many interfaces. The broadcast method is not implemented in IPv6. Each IPv6 address has a scope, which specifies in which part of the network it is valid and unique. Some addresses are unique only on the local (sub-)network; Others are globally unique.

Some IPv6 addresses are used for special purposes, such as the address for loopback. Also, some address ranges are considered special, such as link-local addresses for use in the local network only, and solicited-node multicast addresses used in the Neighbour Discovery Protocol.

Addressing

In the Domain Name System, hostnames are mapped to IPv6 addresses by AAAA resource records, so-called quad-A records. For reverse resolution, the IETF reserved the domain ip6.arpa, where the name space is hierarchically divided by the 1-digit hexadecimal representation of nibble units (4 bits) of the IPv6 address. This scheme is defined in RFC 3596.

IPv6 in the Domain Name System

Until IPv6 completely supplants IPv4, a number of transition mechanisms are needed to enable IPv6-only hosts to reach IPv4 services and to allow isolated IPv6 hosts and networks to reach the IPv6 Internet over the IPv4 infrastructure.

Dual IP stack implementation

The dual-stack protocol implementation in an operating system is a fundamental IPv4-to-IPv6 transition technology. It implements IPv4 and IPv6 protocol stacks either independently or in a hybrid form. The hybrid form is commonly implemented in modern operating systems supporting IPv6. Dual-stack hosts are described in RFC 4213.

Modern hybrid dual-stack implementations of IPv4 and IPv6 allow programmers to write networking code that works transparently on IPv4 or IPv6. The software may use hybrid sockets designed to accept both IPv4 and IPv6 packets. When used in IPv4 communications, hybrid stacks use an IPv6 application programming interface and represent IPv4 addresses in a special address format, the IPv4-mapped IPv6 address.

Transition Mechanism

IPv4-mapped IPv6 addresses

Hybrid dual-stack IPv6/IPv4 implementations support a special class of addresses, the IPv4-mapped IPv6 addresses. This address type has its first 80 bits set to zero and the next 16 set to one, while its last 32 bits are filled with the IPv4 address. These addresses are commonly represented in the standard IPv6 format, but having the last 32 bits written in the customary dot-decimal notation of IPv4; for example, ::ffff:192.0.2.128 represents the IPv4 address 192.0.2.128.

Because of the significant internal differences between IPv4 and IPv6, some of the lower level functionality available to programmers in the IPv6 stack do not work identically with IPv4 mapped addresses. Some common IPv6 stacks do not support the IPv4-mapped address feature, either because the IPv6 and IPv4 stacks are separate implementations (e.g., Microsoft Windows 2000, XP, and Server 2003), or because of security concerns (OpenBSD). On these operating systems, it is necessary to open a separate socket for each IP protocol that is to be supported. On some systems, e.g., the Linux Kernel, NetBSD, and FreeBSD, this feature is controlled by the socket option IPV6_V6ONLY as specified in RFC 3493.

Transition Mechanism Cont.

Tunneling

In order to reach the IPv6 Internet, an isolated host or network must use the existing IPv4 infrastructure to carry IPv6 packets. This is done using a technique known as tunneling which consists of encapsulating IPv6 packets within IPv4, in effect using IPv4 as a link layer for IPv6.

The direct encapsulation of IPv6 datagrams within IPv4 packets is indicated by IP protocol number 41. IPv6 can also be encapsulated within UDP packets e.g. in order to cross a router or NAT device that blocks protocol 41 traffic. Other encapsulation schemes, such as used in AYIYA or GRE, are also popular.

Transition Mechanism Cont.

Automatic tunneling

Automatic tunneling refers to a technique where the routing infrastructureautomatically determines the tunnel endpoints. RFC3056 recommends 6to4 tunneling for automatic tunneling, which uses protocol 41 encapsulation. Tunnel endpoints are determined by using a well-known IPv4 anycast address on the remote side, and embedding IPv4 address information within IPv6 addresses on the local side. 6to4 is widely deployed today.

Teredo is an automatic tunneling technique that uses UDP encapsulation and can allegedly cross multiple NAT boxes. IPv6, including 6to4 and Teredo tunneling, are enabled by default in Windows Vista. Most Unix systems only implement native support for 6to4, but Teredo can be provided by third-party software such as Miredo.

ISATAP treats the IPv4 network as a virtual IPv6 local link, with mappings from each IPv4 address to a link-local IPv6 address. Unlike 6to4 and Teredo, which are inter-site tunnelling mechanisms, ISATAP is an intra-site mechanism, meaning that it is designed to provide IPv6 connectivity between nodes within a single organisation.

Transition Mechanism Cont.

Configured and automated tunneling (6in4)

In configured tunneling, the tunnel endpoints are explicitly configured, either by an administrator manually or the operating system's configuration mechanisms, or by an automatic service known as a tunnel broker; this is also referred to as automated tunneling. Configured tunneling is usually more deterministic and easier to debug than automatic tunneling, and is therefore recommended for large, well-administered networks. Automated tunneling provides a compromise between the ease of use of automatic tunneling and the deterministic behaviour of configured tunneling.

Raw encapsulation of IPv6 packets using IPv4 protocol number 41 is recommended for configured tunneling; this is sometimes known as 6in4 tunneling. As with automatic tunneling, encapsulation within UDP may be used in order to cross NAT boxes and firewalls.

Transition Mechanism Cont.

Proxying and translation for IPv6-only hosts

After the regional Internet registries have exhausted their pools of available IPv4 addresses, it is likely that hosts newly added to the Internet might only have IPv6 connectivity. For these clients to have backward-compatible connectivity to existing IPv4-only resources, suitable IPv6 transition mechanisms must be deployed.

One form of address translation is the use of a dual-stack application layer proxy server, for example a web proxy.

NAT-like techniques for application-agnostic translation at the lower layers have been proposed. Most have been found to be unreliable in practice because of the wide range of functionality required by common application-layer protocols, and are considered by many to be obsolete.

Transition Mechanism Cont.

IPv6 compatibility is mainly a software/firmware issue like the year-2000. Unlike the year-2000 issue, there is little interest in ensuring compatibility of older equipment and software by manufacturers. The realization that IPv4 exhaustion is imminent is recent and manufacturers haven't shown much initiative in updating equipment. There is hope that a combined IPv4/IPv6 internet will streamline the transition. The internet community is divided on the issue of whether the transition should be a quick switch or a longer process. The American Registry for Internet Numbers suggests that all internet servers be prepared to serve IPv6-only clients by January 2012. Universal access to IPv6-only servers will be even more of a challenge.

IPv6 Readiness

Software

Most personal computers should also be IPv6-ready; the network stack resides in the operating system, and modern operating systems come with IPv6 support even if most consumers do not use it. Most applications with network capabilities are not ready but could be upgraded with support from the developers. Since Java 1.4 (February 2002) all applications that are 100% Java compatible have support for IPv6 addresses.

IPv6 Readiness Cont.

Hardware and embedded systems

Low-level equipment like cables, network adapters, and network switches may not be affected by the change, since they simply transmit data packets without inspecting the contents. Networking devices that obtain IP addresses or do "smart" routing based on IP address do need IPv6 support.

Most equipment would be fully IPv6 capable with a software or firmware update if the device has sufficient storage and memory space for the new IPv6 stack. However, as with 64-bit Windows, UEFI and Wi-Fi Protected Access support, manufacturers may be reluctant to spend on software development costs for hardware they have already sold when they are poised to make more sales from "IPv6-ready" equipment.

In some cases, non-compliant equipment will need to be replaced because the manufacturer no longer exists or software updates are not possible (e.g. because the network stack is implemented in permanent ROM).

Consumers tend to look at networking devices like household appliances that only rarely need repairs and never have to be configured or updated. Little effort has been made at educating consumers about the need to upgrade.

The CableLabs consortium published the 160 Mbit/s DOCSIS 3.0 IPv6-ready specification for cable modems in August 2006. The widely used DOCSIS 2.0 does not support IPv6. The new 'DOCSIS 2.0 + IPv6' standard also supports IPv6, which may on the cable modem side only require a firmware upgrade. It is expected that only 60% of cable modems' servers and 40% of cable modems will be DOCSIS 3.0 by 2011.

Other equipment which is typically not IPv6-ready ranges from Skype and SIP phones to oscilloscopes and printers. Professional network routers in use should be IPv6-ready.

IPv6 Readiness Cont.

The introduction of Classless Inter-Domain Routing (CIDR) in the Internet routing and IP address allocation methods in 1993 and the extensive use of network address translation (NAT) has delayed the inevitable IPv4 address exhaustion. Final exhaustion is predicted for the 2011 to 2012 time frame at the major allocation levels.

In 2008, IPv6 accounted for a minuscule fraction of the used addresses and the traffic in the publicly-accessible Internet which is still dominated by IPv4. In October 2010, 243 (83%) of the 294 top-level domains (TLDs) in the Internet supported IPv6 to access their domain name servers, and 203 (69%) zones contained IPv6 glue records, and approximately 1.4 million domains (1%) had IPv6 address records in their zones. Of all networks in the global BGP routing table, 7.2% have IPv6 protocol support.

The 2008 Summer Olympic Games were a notable event in terms of IPv6 deployment, being the first time a major world event has had a presence on the IPv6 Internet at http://ipv6.beijing2008.cn/en (IP addresses 2001:252:0:1::2008:6 and 2001:252:0:1::2008:8) and all network operations of the Games were conducted using IPv6. At the time of the event, it was believed that the Olympics provided the largest showcase of IPv6 technology since the inception of IPv6. Since that time, major providers of Internet services, such as Google, have begun to implement IPv6 access into their products.

IPv6 Deployment

Cellular telephone systems present a large deployment field for Internet Protocol devices as mobile telephone service is being transitioned from 3G systems to next generation (4G) technologies in which voice is provisioned as a Voice over Internet Protocol (VoIP) service. This mandates the use of IPv6 for such networks. In the U.S., cellular operator Verizon has released technical specifications for devices operating on its future networks. The specification mandates IPv6 operation according to the 3GPP Release 8 Specifications (March 2009) and deprecates IPv4 as an optional capability.

Some implementations of the BitTorrent peer-to-peer file transfer protocol make use of IPv6 to avoid NAT issues common for IPv4 private networks.

All major operating systems in use as of 2010 on personal computers and server systems have production quality IPv6 implementations. Microsoft Windows has supported IPv6 since Windows 2000, and in production ready state beginning with Windows XP. Windows Vista and later have improved IPv6 support Mac OS X Panther (10.3), GNU/Linux 2.6, FreeBSD, and Solaris also have mature production implementations.

IPv6 Deployment Cont.