ipv6 internet protocol version 6 to replace ipv4 internet protocol version 4
Lorenzo Colitti discusses Google's IPv6 deploymen
The bulk of this article is addressed to network engineers, but I've been asked for an introductory statement for those not in the field.
Normally, when you use the internet, your computer or router is assigned a number (an IP address) which is unique on the global internet. This number is between 0 and 232.
A controlling body called ICANN (Internet Corporation for Assigned Names and Numbers ) has been responsible for allocating the numbers for this Internet Protocol Version 4 (IPv4) addressing scheme since 1981.
ICANN endorce a number of accredited registries, and it is these that give you an IP address, or a range of IP addresses which are then associated with a domain like hubpages.com.
232 = 4 294 967 296 which is not even enough IP addresses for each person on the planet. Some addresses, by agreement are not used on the internet and these are reserved for private internal networks.
IPv6 is a better-design of the addressing scheme that gives an address space of 2128 which is such a big number that it's hard to comprehend.
To put this in some kind of context, let's assume an upper limit of 100 trillion cells in the human body. If the population of the Earth was 500,000,000,000,000 times greater than today, then each one of those people could have an IP address for each body cell.
But that is not the only (or best) reason for IPv6 as we could have got away with a much smaller address space. The real benefit of such a huge address space is flexibility to assign huge chunks to specific uses which allows a nice easy portable and flexible addressing scheme that is never going to be bounded by small numbers like 232. ( Although I'd like 232 dollars or even pennies thank you very much.)
Because of better geographic organisation, and better hierarchical allocation strategies, IPv6 subnets currently generate only 1/7th as many routes compared to IPv4 subnets. The implication is for faster networking because of less load on the routers.
IPv4 suffers from other problems like a lack of inherent security, poor efficiency and other issues. IPv6 is a better design.
What this might mean to the average computer user is hopefully almost nothing because all these changes should be automatic or transparent to the end-user. Your PC will compute its own IPv6 address by negotiation with other devices on the local network. Your addressing scheme will be portable from one provider to another or from branch to branch in business terms. Security will be automatic from end to end.
IPv6 has been 'promised' and 'imminent' for many years, but it is only now that real progress is beginning.
IPV6 brings quality of service (QoS) for IP telephony, video/audio, interactive games and electronic commerce. This performance guarantee will become more important for highly interactive applications.
You also need to consider IPv6 related security products.
If you are in IT and networking, it's time to start studying IPv6. Below is one of the graphs from a research article titled: Measuring the Deployment of IPv6: Topology, Routing and Performance
You can see how IPv6 has finally started to gain traction.
1.5 Hour lecture - Worth watching if you are learning this from new.
Phones, IPads, and an increasing number of highly mobile nework-functional devices now expect continuous connectivity throughout a company's network and the internet without interruption as it moves from section to section. These 'sections' are known as transport layers and mobile IPv6 permits roaming easily from one to the next. It's called transport layer connection survivability. This manages point-of-attachment changes (without changing IP address) as the mobile unit moves throughout the organisation. It will also work for wired nodes when they are relocated.
This feature is documented in RFC 3775.
"Yahoo is forging ahead with a move to IPv6 on its main Web site by year-end despite worries that up to 1 million Internet users may be unable to access it initially. Yahoo's massive engineering effort to support IPv6 — the long-anticipated upgrade to the Internet's main communications protocol — could at first shut out potential www.yahoo.com users due to what the company and others call "IPv6 brokenness.'"
This is a collection of facts about ipv6 - the internet protocol version 6 that is to replace ipv4.
ipv4 address space is rapidly running out. By mid 2011 (next year as I write this), it is expected that the last "/8" subnet will be allocated.
So we had better learn about ipv6. This is especially because some governments around the world are now mandating ipv6 to be functional in new infrastructure.
There is no shortage of information about IPv6, but this is itself an issue. There is too much to read. So I will try to distill the essentials for easy access.
Randy Bush on IPv6 Deployment
Some useful facts.
- ipv6 supports 2128 addresses (But we slice and dice it wastefully so don't get the idea that each unique number is a specific node or interface).
- There are currently about 0b10100110111001001001110000000000 people in the world, which uses 32 bits, leaving wiggle room of (64-32)=96 bits for each person which would potentially be nearly 8 x 1028 addresses each.
- Hexadecimal letters in IPv6 addresses are not case sensitive.
- In ipv6 the size of a subnet is always 64 bits.
- The least significant 64 bits are allocated for hosts.
- The least significant 64 bit (host) addresses can be automatically assigned by the devices on the network. ( Stateless Address Autoconfiguration - SLAAC )
- ICMPv6 must be implemented on every IPv6 node.
- icmp v6 is used for SLACC.
- SLACC does not need DHCP to assign addresses (or similar)
- Changing addressing scheme in IPv4 is very difficult.
- Changing addressing scheme in IPv6 is easy since only the prefix requires changing.
- In ipv4, implementing multicast is optional.
- In ipv6, multicast is part of the base design.
- IPv6 does not use broadcast addresses; instead, IPv6 uses multicast addresses.
- In IPv6 multicast addresses have a scope field that increases the scalability of multicast routing.
- In ipv6, ff02::1 is analogous to 184.108.40.206 in IPv4
- Each user of an IPv6 subnet automatically has available a set of globally routable source-specific multicast groups for multicast applications.
- Link-local addresses for IPv4 are defined in the address block 169.254.0.0/16.
- In IPv6 A link-local unicast address has the prefix fe80::/10
- In IPv6, a unique link-local address is created with the help of the device's MAC address.
- The protocol that assigns a link local address is called Neighbor Discovery Protocol. (NDP) which replaces ARP.
- Even if a global address is given to an interface, it will also get a link-local address.
- Some applications may not cope with an automatically (stateless) assignment of an IPv6 link local address. In that case, DHCP v6 may be used.
- IPsec was designed for IPv6, actually, IPsec is part of the IPv6 design and unlike when used for IPv4, IPv6 IPsec can be used along the entire route.
- IPsec is integral to IPv6 and is mandatory.
- Unlike the header used in IPv4, the header in IPv6 has no options. Therefore it is a fixed length. Fixed length headers allow more efficient algorithms to work.
- The IPv6 header is only twice the size of the IPv4 header. (Even though the addresses use a lot of bits -- 256 of them.)
- The default MTU for IPv6 is 128 octets.
- IPv6 does NOT do fragmentation. (It's done further up the stack).
- IPv6 assumes the MTU is set after doing an MTU path discovery.
- There is no checksum in the IPv6 header.
- The higher levels are responsible for integrity checking of the IPv6 header.
- Since there is no checksum calculation on the IPv6 header, routers are not burdened with recalculating checksums as elements change.
- The IPv4 TTL (Time to Live) has been renamed Hop Limit in IPv6.
- The number of extensions available as add-on to the IPv6 header is limited only by packet size.
- Present day (like QoS) and future extensions can be added to IPv6 without redesign.
- IPv6 jumbograms can be as large as 232-1 octets.
- Each IPv6 address has a scope, which specifies in which part of the network it is valid and unique.
- IPv6 routers must not forward packets that have site-local source or destination addresses outside the site.
The IPv6 Header
The IPv6 Header.
- The IPv6 fixed header is 40 octets long.
- Version: 4 bits. Contains the number '6'.
- Traffic class: 8 bits. Priority field used to prioritize packets.
- Flow label: 20 bits. A flow is uniquely identified by source address and a non zero Flow Label. Each 'flow' packet is quickly identified as a member of a flow, and routed the same way.
- Payload length: 16 bits. (How many octets follow the header) limit is 216=64Kbytes unless value = 0 which calls up extension for jumbogram.
- Next Header: 8 bits. Type of header - eg TCP(6). This header will be found at the beginning of the payload.
- Hop Limit: 8 bits. Decremented by each forwarding device. When zero, packet is discarded. Starts at 255
- Source address: 128 bits
- Destination address: 128 bits
4 + 8 + 20 + 16 + 8 + 8 + 128 + 128 = 320 bits = 40 octets.
Type Full Format Compressed Format
Unicast 10FB:0:0:0:C:ABC:1F0C:44DA 10FB::C:ABC:1F0C:44DA
Multicast FD01:0:0:0:0:0:0:1F FD01::1F
Loopback 0:0:0:0:0:0:0:1 ::1
Unspecified 0:0:0:0:0:0:0:0 ::
There are three types of addresses:
Unicast uniquely identifies a single interface.
Multicast addresses are delivered to all in a specific set of interfaces.
Anycast addresses are delivered to one member of a specific set of interfaces -- usually the nearest one.
- link-local addresses (used only in the local network)
- multicast addresses.
special Prefix Description IPv6 length address (bits) -------------------------------------------------------------2001:db8:: 32 Reserved for documentation examples and not routed.2001:0:: 32 These are Teredo tunnels. The rest of the bits are supplied by a Teredo server and the client NAT. 2002:: 16 6to4 tunnels. The next 32 bits make up the client IPv4 address.
IPv6 address Prefix Notes
2000:: 3 These are global unicast addresses.
All global unicast addresses begin with 2.
fc00:: 7 These are unique local addresses that are
used only within an autonomous system.
They are not globally routed.
Like private addresses in IPv4.
ff:: 8 If it starts with ff, then it's multicast.
fe80:: 10 link-local (Unroutable) and automatically
configured addresses that are assigned
on a LAN. This is where DHCP for version 6
would be used.
::ffff:a.b.c.d 96 IPv4 mapped IPv6 address.
The lower 32 bits are the IPv4 address
expressed in the familiar decimal dotted
notation. These are used in socket API's
to represent IPv4 hosts.
::1 128 The loopback address.
:: 128 Unspecified address that is used for
default route and router-solicitations.
This is like 0.0.0.0 in IPv4.
128 bits are represented as colon separated chunks. Each chunk is 16 bits, and represented as hexadecimal.
Therefore there are 8 chunks.
For brevity, one run of zeros - in this case 0000:0000 may be reduced to a double colon ::
Leading zeros within a chunk can be omitted.
is equivalent to 2001:db8:220:220:220:220:220:220
Open source IPv6 routing
Take a look at the Vyatta open source router.
If  represents 8 bits, then an IPv6 address is made up of sixteen s because 8 x 16 =128:
/32 represents 32 contiguous bits, starting from the left hand side so a /32 bit mask allows 296 hosts. (Many!)
|-------/32 => 96 bits for hosts --------|
 -  -  - 
The typical allocation for customers is /64, allowing 264 hosts = 18,446,744,073,709,551,616.
This is taken from the ARIN site. (See the links below). ARIN is the American Registry for Internet Numbers.
A regional Internet registry (RIR) manages the allocation and registration of Internet number resources within a particular region of the world. See the inset.
Each registry is expected to adopt the policies laid out by ARIN.
2000::/3 is global unicast address space that IANA may allocate to the RIRs
These addresses are assigned not owned and should not be stockpiled.
IPv6 address policies should avoid fragmentation of address ranges. To do this, allocation in a hierarchical way will help to minimise the size of router tables.
ARIN recommends to allocate:
- /64 when it is known that one and only one subnet is needed
- /56 for small sites, those expected to need only a few subnets over the next 5 years.
- /48 for larger sites
Hybrid TCP stacks accept both IPv6 and IPv4 packets, consequently, a hybrid notation is available.
If a node only supports IPv4, the first 80 bits are zero, and the next 16 bits are set to 1.
The leading run of zeros is replaced with a double colon as described above. 16 bits that are all ones is FFFF (hex)
Here is an example "IPv4-mapped IPv6 address" address:
When IPv6 packets are tunneled over IPv4 networks, a transition mechanism is used. In this case, the IPv4 address is embedded in unicast IPv6 addresses where the leading 96 bits are set to zero:
For IPv4, an 'A' record maps a name to an IP address. In IPv6, it's a 'Quad A' record.
An example Quad A record is:
host1 IN AAAA 2001:db8::2A8:79FF:FE32:1982
Reverse mappings reside under the domain IP6.INT
Each digit in the address makes a domain token of its own.
Globally routable addresses MUST have a reverse lookup.
A full treatment of IPv6 DNS is more complex.
There are two kinds of ICMPv6 messages.
Error Messages – ICMPv6 error messages
These are sent when
- packet sizes exceed the path MTU (Maximum Transfer Unit),
- OR when the hop count is exceeded,
- OR when messages cannot be delivered,
- OR when there are errors in parameter within the IPv6 packet.
Informational Messages – ICMP informational messages describe the current network
- ping (v6) discovers node availability.
- ICMPv6 facilitates Path MTU discovery.
- Neighbor Discovery messages discover routers that can forward packets on the network.
Neighbor Solicitation message
A link-local address has a finite lifetime then it is renewed. A new address thus created is tested to see if it is unique. This is the Duplicate Address Detection.
The renewing node initiates a DAD process by sending out a Neighbor Solicitation Message which is really a shouted question a bit like, "Hey - is this proposed address yours?".
If the address is actually owned, then the owner of the node will send a Neighbor Advertisement Message which means something like, "You can't use that address - it's mine.".
Absence of a reply permits use of the proposed address otherwise, manual IP address assignment is demanded.
A link-local address is always assigned to an interface, however a global address is optional. A global address is capable of being routed on the internet, and must be unique (world wide).
If a global address is assigned, then this address will be prepended with a prefix. The prefix is communicated throughout the relevant network in Router Advertisement messages as shared on the link-local network.
In this way a locally-connected set of routers and nodes are collected together with a common prefix. The prefix ensures global uniqueness.
One great advantage of this is how a complex network may be re-assigned by simply changing the prefix. This is in contrast to an IPv4 assigned network which is extremely difficult to re-assign. For example, two companies using 10.0.1.0/24 networks demand one of those networks is re-designed to use say, 10.0.2.0/24. This affects every node either because of static IP addresses or DHCP scope. Either way, it is a difficult and error-prone task. Or a NAT device is used between the two networks. This 'NAT solution' carries its own complications.
The Mac OS X is intrinsically IPv6- ready, with an incredibly simple configuration.
Solaris 8 and later OS versions (developed by Sun Microsystems) are fully IPv6-ready.
Go HERE to find out how to turn on IPv6 for XP.
You can use a free service to experiment and test out IPv6...
Note: 6to4 cannot traverse NAT.
Cisco began serving up IPv6 content on a special Web site – www.ipv6.cisco.com – in August 2010.
Freenet6 is an IPv6 access service which has enabled over 100,000 people from all over the world to experience the best solution for a smooth and incremental deployment of IPv6. Freenet6 users can get IPv6 connectivity from anywhere, including from behind any NAT device or from outside of their home network. On Freenet6, a single, permanent IPv6 address and a DNS name are assigned to each user, making their PC reachable from anywhere on the IPv6 internet. A full /56 prefix may also be assigned to a router, enabling the distribution of IPv6 connectivity to an entire network.
A tunnel broker
Not all ISPs provide IPv6 connectivity. This makes it difficult for you to test your systems. But there are tunnel brokers out there.
Hurricane Electric won't work behind NAT.
With GoGo6 Freenet6 will work behind NAT.
Both these are tunnel brokers and will allow you to set up an internal IPv6 network then use your IPv4 ISP to get to the tunnel broker which will then strip off the IPv4 encapsulation and allow you to browse the IPv6 Internet.
This video introduces some tunnel brokers.
This conference on IPv6 implementation is interesting and should be easier to understand after reading this article.
More by this Author
Palo Alto's Next Generation Firewall is described in detail.
Find out what big numbers feel like. Why is 2^128 so different to 128^2? In mathematics, as in many disciplines, concepts are very important. It's important to develop a feel for numbers.
In ancient China, craftsmen used skimmed milk and rennet with a little lime to produce a very good water resistant glue. You can do something similar using just skimmed milk and vinegar.