Understanding IPv6

The problems and scaremongering - my attempt to debunk

Note: Although normal practice in the English-speaking world is to use the "short" billion (1,000,000,000), this article uses the "long" billion (1,000,000,000,000) - and there are some really big numbers here.

The exhaustion of IPv4

There are 32 bits in an IPv4 address, and so there exist a little over four milliard IPv4 addresses, of which 3.7 milliard are available for ordinary routed use. This sounds like a lot, but every time an allocation is made for a network, the router needs one address, and the network and broadcast addresses also need to be taken into account, so a further two addresses are lost. Some protocols (such as those used for VoIP) work best with these public addresses. Unfortunately, these addresses have reached the stage where very few are left. New allocations are very limited, and this situation will only get worse unless IPv6 adoption is stepped up.

The remaining 600 million addresses - about 14.3% of the total - all have special purposes - there are 768 intended for documentation, 17.8 million reserved for local communications on private networks, and a number of other technical purposes. Methods exist to connect the private networks to the outside world, using such methods as Network Address Translation, but this complicates the use of protocols that need addresses buried deep within. Add to the fact that the public side addresses are themselves in short supply, and it is possible that some people may have to use the "private" addresses in the connection they make to an ISP - not the intention of these addresses, and it will require NAT at the carrier level.

IPv6 and how it solves the problems

IPv6 is a new 128-bit addressing scheme, meaning it has over 340 hexillion addresses. Of these, 4 hexillion are reserved for special purposes - 1.17% or so - a much lower overhead to begin with. A common policy at present is to allocate a customer a pool of just over a quadrillion addresses - a huge amount - but this is enough to allow sixty-five thousand networks, each with 18 trillion addresses. The customer could be a household, a family in multiple homes (and possibly with mobile devices) or a huge company with thousands of sites and a few hundred mobile devices on the road at any one time. Having 18 trillion addresses on a network allows for the use of Stateless Address Autoconfiguration - which is mostly based on MAC addresses but (for the paranoid) can also use random addresses - this means that any user on the network should get an address easily - no more exhaustible pool of addresses to maintain. There is plenty of room to allocate fixed addresses for services - and this is helpful when dividing a machine into several new ones by purpose.

We are still in the early days of IPv6 - a very great amount of addresses remain yet to be allocated - and there is plenty of time to change the way they are allocated in the event that the per customer allocation used at present is in any danger of exhausting the pool. I would not expect to see this coming close at any time this century.

The obstacles

The real obstacles to adoption of IPv6 are devices and applications that are not yet compatible. This is actually part of a vicious circle - with IPv6 adoption slow on the uptake, manufacturers are not pressing ahead with IPv6 capable kit. All of it can be used on IPv4 as well, though - every system I've ever seen runs "dual stack" - so nothing should break. There is no need to go IPv6 only - in fact, without the help of things like NAT64, which breaks DNSSEC, it is not really possible for most yet - but it will be a workable idea one day, and if the adoption of IPv6 is sped up, that will be even sooner. There are already web sites in parts of Asia and Africa that cannot be reached with IPv4, and no doubt more useful ones will appear. I can only think of one in the UK as yet, and it's a game - Loops of Zen, but if you can't access this yet, you are not getting full Internet access. Ask your provider when they intend to upgrade your access to reach the whole Internet.

Isn't IPv4 with NAT more secure?

Some argue that it is - but that won't get you access to IPv6 sites. It is quite feasible to supply customer-grade routers that are "secure by default", meaning you don't let traffic in that you have not initiated without setting a rule in the firewall to allow it. Perhaps configuration of firewalls could be made easier to learn, or ISPs could offer this as a service. IPv6 is as secure as you make it, and with 18 trillion addresses at the end of your line, only a tiny fraction of which will be in use at any one time, devices can be harder to attack anyway. If you are using SLAAC, the MAC-address based addresses can be turned off in favour of random ones, if you wish - but for some this actually breaks their usage accounting - and for something you intend to run as a server you will need a fixed address anyway.