Keeping the current version of Internet Protocol, the world will run out of IP addresses by 2007. So is it time to move to IPv6?

Microsoft’s most recent operating systems, the Windows XP client and the .NET server family, include a number of improvements that take advantage of current and future technologies to make life easier for users and administrators. One such improvement is built-in support for Internet Protocol version 6 (IPv6), also referred to as the next generation IP or IPng. This version of IP provides several advancements over the most-used IP version, IPv4. IPv4 has served us well, but it provides a comparatively small address space and blocks of addresses were unevenly allocated. “Small” is a relative term, but the architects didn’t allow for the idea of ubiquitous Internet connectivity.

How do you know you need it?
IPv6 offers advantages over the current specification in four areas:

1. Scalability. The most obvious reason to increase the address space is to provide for a unique address for every toaster, coffee maker, or any other device on the planet. The current IPv4 space only allows four billion addresses, yet the world population already exceeds six billion, so it cannot support even one device per person without resorting to tricks such as NAT (network address translation). The problem with NAT is that it breaks the original assumption of end-to-end bi-directional links between systems, so some higher-level protocols and applications will not work when NAT is used.

IPv6 uses a 128-bit address space, theoretically enough for 340 trillion trillion trillion (3.4x1038) addresses. In practice, there will be a smaller number due to the way addresses are structured, but we’re still talking about 35 trillion sites, each with an 80-bit local address space, “which seems to be enough for nine billion people [the projected population in 2050],” according to the Internet Society (ISOC). It’s said to be enough to give an address to each grain of sand on the planet.

The way IPv4 addresses were initially allocated means some countries are starved of addresses. Despite the huge IPv6 address space, addresses will still need to be allocated in blocks to allow efficient routing, and ISOC points out there is consequently a clash between fairness, which “allows anyone who wants a block of addresses to get one,” and scalability (due to issues in maintaining compact routing tables).

The Internet Assigned Numbers Authority (IANA—the organisation that oversees the distribution of IP addresses—has set out a number of goals for the IPv6 address allocation policy, namely uniqueness, accessible registration, aggregation, conservation, fairness, and minimised overhead. According to IANA, “the goal of aggregation is considered to be the most important” although it also describes uniqueness as an “absolute requirement”. The idea behind aggregation is that the “address space should be distributed in a hierarchical manner, according to the topology of network infrastructure”.

Avoiding the fragmentation of address ranges will limit the expansion of Internet routing tables.

Currently, there are over 80,000 entries in the IPv4 routing tables. Enforcing aggregation will limit external routing information to no more than 8192 items.

2. Security The IPv6 specification includes security features in the form of packet encryption (Encapsulated Security Payload, or ESP) and source authentication (Authentication Header, or AH). Both these features are optional parts of the IPv4 specification, but it is mandatory that they are included in every IPv6 implementation.

This means we will be reasonably certain that the data within packets will not be easily inspected while in transit, and that a packet originated from its purported source, thus reducing opportunities for spoofing. AH also provides assurance that the packet has not been altered in transit. That said, it is not mandatory that either ESP or AH are actually used.

3. Performance. IPv6 packets include a Flow Label field, allowing routers to establish virtual circuit-style connections. The field identifies a set of packets that belong to the same flow—much like the Service Type (Diffserv) field in IPv4—so routers and other network devices can perform prioritisation or traffic shaping. This makes it easier to ensure real-time data such as videoconferencing streams are prioritised. IPv6 distinguishes traffic that tolerates delays caused by congestion (eg, e-mail) from isochronous traffic such as audio and video streams. Furthermore, routers will be able to use the information they collect to analyse traffic patterns and use the results to improve network performance.

The Flow Label for a particular flow is a pseudo-random number. No other flow from the same source is assigned the same Flow Label. The Flow Label and the source address are therefore the only information needed for a router to classify a packet for the purpose of determining its priority, and they are stored in the packet header.

With IPv4, this process typically requires examination of the source address, source port, destination address, and destination port.

The fixed size and reduced number of fields in the IPv6 header both allow simplified processing by routers. The new protocol also improves performance by preventing packet fragmentation: an algorithm is included to discover the transmission path and the smallest MTU (maximum transmission unit) along it, and then packet sizes are restricted to that minimum.

4. Autoconfiguration. IPv6 includes a feature called Stateless Autoconfiguration that saves users or administrators from specifying the IP address of a particular piece of hardware. Instead, it generates a link-local IP address based on its media-level address (essentially the Ethernet MAC address or equivalent for other connectivity hardware) and uses the Neighbour Discovery (ND) protocol to check that no other local device is already using that address. If one is, the device repeats the process with a randomly generated address.

Next, an ND Router Solicitation message attempts to discover a local IPv6 router. If there is one, it provides the rest of the information needed to form the “real” IP address. Where no routers are present, autoconfiguration allows two or more devices on an isolated network to communicate.

IPv6 autoconfiguration also simplifies the process of assigning new IP addresses in the event that the organisation moves to a different ISP. The router can use ND to notify devices of the change. This process also makes life easy for users of mobile devices such as phones, PDAs, and notebook computers that connect to different networks at different times. It also means consumer appliances with Internet connections (such as the washing machine that can download new wash cycle programs, or the air conditioner you can turn on by remote control) and other embedded systems will be capable of being hooked up without the user having to perform any network configuration.

Fixed IP addresses have an implication for privacy in that they make it easier to profile a particular user. This is set to become a greater issue as more and more extremely personal devices such as PDAs and mobile phones are connected to the Internet. The idea of generating a portion of the address from a hardware characteristic (typically the MAC address) would make it possible to track the location of the device over time, for example. IPv6 reduces this privacy risk by establishing mechanisms for generating addresses incorporating a random (or pseudo-random) component in place of a component associated with a specific device (such as the MAC address).

There is also an IPv6 equivalent of DHCP, known appropriately enough as DHCPv6, which can provide further information such as the addresses of DNSes.

Making the change

Operating systems with support for IPv6 include AIX, FreeBSD, HP-UX, Linux, Mac OS X, NetBSD, OpenVMS, Solaris, Tru64, and Windows (.NET Server 2003, XP and CE .NET). This takes care of most popular platforms, providing you are running a reasonably up-to-date version. Router vendors already supporting IPv6 include 3Com, Cisco, Ericsson, Extreme, Hitachi, and Nortel.

The ability of IPv6 devices to autoconfigure their addresses in the event of an ISP change is useful but not sufficient for enterprise users, who will need routers and firewalls to autoconfigure in a similar way in order to minimise the amount of administrative effort.

Any software that uses hard-coded IP addresses will need to be changed manually.

In fact, the software side may be the bottleneck. If a program stores internally an IP address for any purpose, the code and the data storage will need to be changed as IPv6 addresses take up more space.

It’s Y2K revisited, but without the hard-and-fast deadline. Similarly, routines that format or check the format of IP addresses as strings will need modification.

Danny Thomas of ITS, University of Queensland, has pointed out that it makes sense for applications to be created in such a way that a single version supports IPv6 and IPv4. The new protocol would then be automatically adopted as soon as it is available on the host running the program.

Three main approaches take care of the transition from IPv4 to IPv6: dual stack, tunnelling, and translation. A dual stack handles both IPv4 and IPv6, selecting the appropriate protocol according to the result of a DNS lookup: if it is an IPv4 address, it uses IPv4; if it is an IPv6 address, it uses IPv6.

Tunnelling provides a way of connecting pockets of IPv6 through the existing IPv4 Internet. IPv6 packets are encapsulated into IPv4 packets for carriage. This is the technique originally used by the experimental 6bone network, but it is gradually migrating to native IPv6 links.

According to Cisco, enterprise users can begin their evaluation and assessment of IPv6. It suggests the main reasons for a relatively early evaluation include planning for mobile IP applications (which may perform and scale better with IPv6), address space expansion to support IP telephony, and to take advantage of security and QoS features that are not easily applied in IPv4 networks using techniques such as address conversion, pooling, or temporary allocation.

But be warned: “It’s not a trivial task to upgrade an enterprise network to IPv6,” says Simon Newstead, systems engineering manager, Australia and New Zealand at Juniper Networks.

Two approaches are available for these trials. An organisation can set up an IPv6 domain and link it to one of the experimental networks such as the 6bone, or set up two or more IPv6 domains and link them via the existing IPv4 infrastructure.

Tasks include setting up (or gaining access to) a DNS with IPv4 and IPv6 support, a protocol translation mechanism such as NAT-PT to allow communication between IPv6-only and IPv4-only hosts, and configuring the routers appropriately.

Several different approaches exist. Cisco suggests small enterprise networks—most Australian enterprises would fall into this category—would use dual stack backbones. The advantages are that it is easy to implement for small campus networks with a mixture of IPv4 and IPv6 applications, but the downside is that managing both protocols is complex and the upgrade effort becomes significant as network size grows. However, the company does not recommend an overall upgrade to a dual-stack network at this stage, though it is a “valid deployment strategy” where IPv4 and IPv6 support is required.

Tunnelling to connect IPv6 islands is a low-cost, low-risk strategy, according to Cisco, although management is again relatively complex.

When these connections go beyond the building or campus, “it’s important to look at what carrier services are offered—ideally, you want a direct IPv6 connection,” says Newstead.

Although IPv6 has quality of service (QoS) features, network managers will still need a way to ensure that particular applications or users are given priority. For example, Packeteer is already planning to add IPv6 products to its range of packet-shaping devices. Senior technologist Mike Morford says the company is already doing IPv6 packet classification and has completed its tagging architecture. The final step will be native IPv6 support. “That’s not a big deal,” he says, “we’re largely waiting for a market driver” before launching products. IPv6 support could be delivered as a software update for existing devices, he says. “It’s obvious to us that IPv6 is happening . . . we’d be excited to see it take off.”

Timetable
IPv6 addresses were officially released in 1999, and the first one was allocated to ESnet, a network operated by the US Department of Energy. ESnet is one of the first large-scale (as in hundreds of thousands of users) networks to run dual stack IPv4 and IPv6.

“By working with Juniper Networks, IPv4 and IPv6 now coexist on the same routers in our network, which reduces operational expenditures and enables us to easily migrate to IPv6 services as required,” says Michael Collins, network engineering services group leader for ESnet.

The move to the new protocol has begun in a small way, with mainly experimental pockets of implementation in various parts of the world including Australia. (We were unable to identify any substantial sites that could serve as a case study.) The shortage of IP addresses is likely to hit first in some parts of Asia (including Japan, where the government has set a 2005 deadline for the switch to IPv6) and parts of Europe.

Newstead says the first large-scale rollouts of IPv6 in the Asia Pacific region are beginning, driven largely by demand for mobile services in Japan and China. Japanese telco NTT has deployed IPv6, and offers customers direct and tunnelled connections.

Australia and New Zealand are “probably lagging a little bit behind, but we don’t have the drivers”. For example, Telstra was able to secure a large block of IPv4 addresses, he says, and a trend among corporate users to employ IP VPN services from carriers makes it easier for those organisations to stay with IPv4. The next two to three years will see “fairly sizable production deployments” of IPv6 in Australia, he predicts, but warns, “It’s not a trivial task to upgrade an enterprise network to IPv6.”

Roland Chia, national business manager—networking at Dimension Data agrees. “There’s no business justification or drivers” pushing organisations towards IPv6, he says. Converting to the newer protocol means “a major organisational expense” at a time when most businesses are very concerned with costs and are looking for quick paybacks.

About the only things likely to change that outlook would be carriers forcing the use of IPv6 for mobile devices, or a sudden boom in “always on” Internet connectivity for embedded systems and electronic devices. Otherwise, the latest estimates are that we won’t run out of IPv4 addresses until 2007, he says.

If that’s the case, there’s time for the economy to get out of the doldrums before organisations have to invest in IPv6.

Advantages and supported applications

Advantages of IPv6
IPv6 provides for a 128-bit address space, which will exponentially increase the number of available public IP addresses.

However, IPv6 offers other improvements over IPv4:

• It supports IPsec, for better security when sending data across a TCP/IP network.
• It supports Quality of Service (QoS), for better transmission of real time, high-bandwidth applications such as videoconferencing and voice over IP.
• It is more efficient; header overhead is minimised, and backbone routers require smaller routing tables.
• Configuration is easier; both stateful addressing (where addresses are automatically assigned by a DHCP server) and stateless addressing (use of local-link auto configuration without DHCP) are supported.

Currently supported applications
The majority of applications supporting IPv6 belong to the Linux/UNIX space. Though more are appearing daily, that list includes:

1. DNS

• BIND 9.2.0: The new version of BIND uses A6 records to map a domain name to an IPv6 address and offers IPv6 transport of packets
• Totd: This lightweight DNS proxy nameserver supports IPv6.
• IPv6 transport for BIND 8: This is a patch for BIND 8.2.3 that helps resolvers talk to nameservers using IPv6.

2. Firewalls

• IPFilter: A software package that supports IPv6 filtering.
• IPFW: This IPv6-aware IPFW tool is included within the FreeBSD 4.0 release.

3. FTP

• LFTP: This FTP client supports IPv6.
• NcFTP (Windows): This is a robust IPv6 FTP client for Windows.

4.IPsec

• IPv6 FreeS/WAN for Linux: This prototype IPsec implementation was developed by IABG as part of the 6INIT project.

5. Mail

• Exim: This mail transfer agent offers built-in IPv6 support.
• Qmail: IPv6 support is available through the v1.03 patch by Kazunori Fujiwara
• Public Sendmail: Version 8.10 of this mail product officially supports IPv6.
• Fetchmail: This mail utility supports both IPv6 and IPsec

6. Monitoring tools

• ASpath-tree: Use this tool on an IPv6 site to monitor BGP4+ routing.

7. Web servers and clients

• Apache (Linux): This release of the Apache Web server for Linux has built-in IPv6 support.
• Apache 2.0.x: This beta code of Apache 2.0 supports IPv6.

Executive summary

• The world will run out of IPv4 addresses during this decade. IPv6 can cope with the anticipated massive expansion in demand for addresses for mobile devices and embedded systems.
• Some countries are already very short of IPv4 addresses, and they will most likely lead the transition to IPv6.
• IPv6 mandates encryption and source authentication in every implementation.
• IPv6 provides schemes for automatically generating unique addresses without manual intervention. This is especially important for mobile devices that connect to different networks at different times.
• Major operating systems and router vendors already support IPv6. Applications that store IP addresses internally will require upgrades.
• Don't rush into IPv6. Few organisations have any pressing need to start making the change yet.

Subscribe now to Australian Technology & Business magazine.

Copyright © 2009 CBS Interactive, a CBS Company. All Rights Reserved.
ZDNET is a registered service mark of CBS Interactive. ZDNET Logo is a service mark of CBS Interactive.