IPv6

From Wikipedia, the free encyclopedia

Jump to: navigation, search

Internet Protocol version 6 (IPv6) is the next-generation Internet Layer protocol for packet-switched internetworks and the Internet. IPv4 is currently the dominant Internet Protocol version, and was the first to receive widespread use. In December 1998, the Internet Engineering Task Force (IETF) designated IPv6 as the successor to version 4 by the publication of a Standards Track specification, RFC 2460.

In December 2008, despite celebrating its 10th anniversary as a Standards Track protocol, IPv6 was only in its infancy in terms of general worldwide deployment. A recent study[1] by Google indicates that penetration is still less than one percent of Internet traffic in any country. The leaders are Russia (0.76%), France (0.65%), Ukraine (0.64%), Norway (0.49%), and the United States (0.45%). Although Asia leads in terms of absolute deployment numbers, the relative penetration is smaller (e.g., China: 0.24%). IPv6 is implemented on all major operating systems in use in commercial, business, and home consumer environments. According to the study, Mac OS X leads in IPv6 penetration of 2.44%, followed by Linux (0.93%) and Windows Vista (0.32%).[2]

IPv6 has a much larger address space than IPv4. This results from the use of a 128-bit address, where IPv4 uses only 32 bits. The new address space thus supports 2128 (about 3.4×1038) addresses. This expansion provides flexibility in allocating addresses and routing traffic and eliminates the need for network address translation (NAT). NAT gained widespread deployment as an effort to alleviate IPv4 address exhaustion.

IPv6 also implements new features that simplify aspects of address assignment (stateless address autoconfiguration) and network renumbering (prefix and router announcements) when changing Internet connectivity providers. The IPv6 subnet size has been standardized by fixing the size of the host identifier portion of an address to 64 bits to facilitate an automatic mechanism for forming the host identifier from Link Layer media addressing information (MAC address).

Network security is integrated into the design of the IPv6 architecture. Internet Protocol Security (IPsec) was originally developed for IPv6, but found widespread optional deployment first in IPv4 (into which it was back-engineered). The IPv6 specifications mandate IPsec implementation as a fundamental interoperability requirement.

The general requirements for implementing IPv6 on a network host are specified in RFC 4294.

The Internet Protocol Suite
Application Layer
BGP · DHCP · DNS · FTP · GTP · HTTP · IMAP · IRC · Megaco · MGCP · NNTP · NTP · POP · RIP · RPC · RTP · RTSP · SDP · SIP · SMTP · SNMP · SOAP · SSH · Telnet · TLS/SSL · XMPP · (more)
Transport Layer
TCP · UDP · DCCP · SCTP · RSVP · ECN · (more)
Internet Layer
IP (IPv4, IPv6) · ICMP · ICMPv6 · IGMP · IPsec · (more)
Link Layer
ARP · RARP · NDP · OSPF · Tunnels (L2TP) · Media Access Control (Ethernet, MPLS, DSL, ISDN, FDDI) · Device Drivers · (more)

Contents

[edit] Motivation for IPv6

The first publicly used version of the Internet Protocol, Version 4 (IPv4), provides an addressing capability of about 4 billion addresses (232). This was deemed sufficient in the early design stages of the Internet when the explosive growth and worldwide penetration of networks was not anticipated.

During the first decade of operation of the TCP/IP-based Internet, by the late 1980s, it became apparent that methods had to be developed to conserve address space. In the early 1990s, even after the introduction of classless network redesign, it became clear that this would not suffice to prevent IPv4 address exhaustion and that further changes to the Internet infrastructure were needed.[3] By the beginning of 1992, several proposed systems were being circulated, and by the end of 1992, the IETF announced a call for white papers (RFC 1550) and the creation of the "IP Next Generation" (IPng) area of working groups.[3][4]

The Internet Engineering Task Force adopted IPng on July 25, 1994, with the formation of several IPng working groups.[3] By 1996, a series of RFCs were released defining Internet Protocol Version 6 (IPv6), starting with RFC 2460.

Incidentally, the IPng architects could not use version number 5 as a successor to IPv4, because it had been assigned to an experimental flow-oriented streaming protocol (Internet Stream Protocol), similar to IPv4, intended to support video and audio.

It is widely expected[citation needed] that IPv4 will be supported alongside IPv6 for the foreseeable future. IPv4-only nodes are not able to communicate directly with IPv6 nodes, and will need assistance from an intermediary; see Transition mechanisms, below.

[edit] IPv4 exhaustion

Estimates of the time frame until complete exhaustion of IPv4 addresses used to vary widely. In 2003, Paul Wilson (director of APNIC) stated that, based on then-current rates of deployment, the available space would last until 2023.[5] In September 2005 a report by Cisco Systems (a network hardware manufacturer) suggested that the pool of available addresses would dry up in as little as 4 to 5 years.[6] As of November 2007, a daily updated report projected that the IANA pool of unallocated addresses would be exhausted in May 2010, with the various Regional Internet Registries using up their allocations from IANA in April 2011.[7] There is now consensus among Regional Internet Registries that final milestones of the exhaustion process will be passed in 2010 or 2011 at the latest, and a policy process has started for the end-game and post-exhaustion era.[8]

[edit] Features and differences from IPv4

In most regards, IPv6 is a conservative extension of IPv4. Most transport- and application-layer protocols need little or no change to operate over IPv6; exceptions are application protocols that embed network-layer addresses, such as FTP or NTPv3.

IPv6 specifies a new packet format, designed to minimize packet-header processing. Since the headers of IPv4 packets and IPv6 packets are significantly different, the two protocols are not interoperable.

[edit] Larger address space

The most important feature of IPv6 is a much larger address space than that of IPv4: addresses in IPv6 are 128 bits long; this compares with 32 bit addresses in IPv4.

The very large IPv6 address space supports a total of 2128 (about 3.4×1038) addresses—or approximately 5×1028 (roughly 295) addresses for each of the roughly 6.5 billion (6.5×109) people alive in 2006.[9] In a different perspective, this is 252 addresses for every observable star in the known universe.[10]

While these numbers are impressive, it was not the intent of the designers of the IPv6 address space to assure geographical saturation with usable addresses. Rather, the longer addresses allow a better, systematic, hierarchical allocation of addresses and efficient route aggregation. With IPv4, complex Classless Inter-Domain Routing (CIDR) techniques were developed to make the best use of the small address space. Renumbering an existing network for a new connectivity provider with different routing prefixes is a major effort with IPv4, as discussed in RFC 2071 and RFC 2072. With IPv6, however, changing the prefix in a few routers can renumber an entire network ad hoc, because the host identifiers (the least-significant 64 bits of an address) are decoupled from the subnet identifiers and the network provider's routing prefix.

The size of a subnet in IPv6 is 264 addresses (64-bit subnet mask); the square of the size of the entire IPv4 Internet. Thus, actual address space utilization rates will likely be small in IPv6, but network management and routing will be more efficient.

[edit] Stateless address autoconfiguration

IPv6 hosts can configure themselves automatically when connected to a routed IPv6 network using ICMPv6 router discovery messages. When first connected to a network, a host sends a link-local multicast router solicitation request for its configuration parameters; if configured suitably, routers respond to such a request with a router advertisement packet that contains network-layer configuration parameters.[11]

If IPv6 stateless address autoconfiguration (SLAAC) is unsuitable for an application, a host can use stateful configuration (DHCPv6) or be configured manually. Stateless autoconfiguration is not used by routers.[12]

[edit] Multicast

Multicast, the ability to send a single packet to multiple destinations, is part of the base specification in IPv6. This is unlike IPv4, where it is optional (although usually implemented).

IPv6 does not implement broadcast, the ability to send a packet to all hosts on the attached link. The same effect can be achieved by sending a packet to the link-local all hosts multicast group.

Most environments, however, do not currently have their network infrastructures configured to route multicast packets; multicasting on single subnet will work, but global multicasting might not.

[edit] Mandatory network layer security

Internet Protocol Security (IPsec), the protocol for IP encryption and authentication, forms an integral part of the base protocol suite in IPv6. IPSec support is mandatory in IPv6; this is unlike IPv4, where it is optional (but usually implemented). IPsec, however, is not widely used at present except for securing traffic between IPv6 Border Gateway Protocol routers.

[edit] Simplified processing by routers

A number of simplifications have been made to the packet header, and the process of packet forwarding has been simplified, in order to make packet processing by routers simpler and hence more efficient. Concretely,

  • The packet header in IPv6 is simpler than that used in IPv4, with many rarely used fields moved to separate options; in effect, although the addresses in IPv6 are four times larger, the (option-less) IPv6 header is only twice the size of the (option-less) IPv4 header.
  • IPv6 routers do not perform fragmentation. IPv6 hosts are required to either perform PMTU discovery, perform end-to-end fragmentation, or to send packets smaller than the IPv6 minimum maximum transmission unit size of 1280 bytes.
  • The IPv6 header is not protected by a checksum; integrity protection is assumed to be assured by a transport layer checksum. In effect, IPv6 routers do not need to recompute a checksum when header fields (such as the TTL or Hop Count) change. This improvement may have been made unnecessary by the development of routers that perform checksum computation at link speed using dedicated hardware.
  • The Time-to-Live field of IPv4 has been renamed to Hop Limit, reflecting the fact that routers are no longer expected to compute the time a packet has spent in a queue.

[edit] Mobility

Unlike mobile IPv4, Mobile IPv6 (MIPv6) avoids triangular routing and is therefore as efficient as normal IPv6. However, since neither MIPv6 nor MIPv4 are widely deployed today, this advantage is mostly theoretical.

[edit] Options Extensibility

IPv4 has a fixed size (40 bytes) of option parameters. In IPv6, options are implemented as additional extension headers after the IPv6 header, which limits their size only by the size of an entire packet.

[edit] Jumbograms

IPv4 limits packets to 64 KB of payload. IPv6 has optional support for packets over this limit, referred to as jumbograms, which can be as large as 4 GiB. The use of jumbograms may improve performance over high-MTU networks. The presence of jumbograms is indicated by the Jumbo Payload Option header.

[edit] IPv6 packet format

The IPv6 packet is composed of three main parts: the fixed header, optional extension headers and the payload.

[edit] Header

+ Bits 0–3 4–11 12-15 16–23 24–31
0 Version Traffic Class Flow Label
32 Payload Length Next Header Hop Limit
64 Source Address
96
128
160
192 Destination Address
224
256
288

The header is in the first 40 octets (320 bits) of the packet and contains:

  • Version - version 6 (4-bit IP version).
  • Traffic class - packet priority (8 bits). Priority values subdivide into ranges: traffic where the source provides congestion control and non-congestion control traffic.
  • Flow label - QoS management (20 bits). Originally created for giving real-time applications special service, but currently unused.
  • Payload length - payload length in bytes (16 bits). When cleared to zero, the option is a "Jumbo payload" (hop-by-hop).
  • Next header - Specifies the next encapsulated protocol. The values are compatible with those specified for the IPv4 protocol field (8 bits).
  • Hop limit - replaces the time to live field of IPv4 (8 bits).
  • Source and destination addresses - 128 bits each.

The protocol field of IPv4 is replaced with a next header field. This field usually specifies the transport layer protocol used by a packet's payload. In the presence of options, however, the next header field specifies the presence of one or more out of six extension headers, which then follow the IPv6 header in distinct order; the payload's protocol itself is specified in the next header field of the last extension header.

Extension Header Type Size Description RFC
Hop-By-Hop Options 0 variable Options that need to be examined by all devices on the path. RFC 2460
Routing 43 variable Methods to specify the route for a datagram. (Used with Mobile IPv6) RFC 2460, RFC 3775, RFC 5095
Fragment 44 64 bits Contains parameters for fragmentation of datagrams. RFC 2460
Authentication Header (AH) 51 variable Contains information used to verify the authenticity of most parts of the packet. (See IPsec) RFC 4302
Encapsulating Security Payload (ESP) 50 variable Carries encrypted data for secure communication. (See IPsec). RFC 4303
Destination Options 60 variable Options that need to be examined only by the destination of the packet. RFC 2460
No Next Header 59 empty A placeholder indicating no next header. RFC 2460

The payload can have a size of up to 64 KB in standard mode, or larger with a "jumbo payload" option in a Hop-By-Hop Options extension header.

Fragmentation is handled only in the sending host in IPv6: routers never fragment a packet, and hosts are expected to use PMTU discovery.

[edit] Addressing

[edit] 128-bit length

Internet addressing growth map

The length of network addresses emphasize a most important change when moving from IPv4 to IPv6. IPv6 addresses are 128 bits long (as defined by RFC 4291), whereas IPv4 addresses are 32 bits; where the IPv4 address space contains roughly 4 billion addresses, IPv6 has enough room for 3.4×1038 unique addresses.

IPv6 addresses are typically composed of two logical parts: a 64-bit (sub-)network prefix, and a 64-bit host part, which is either automatically generated from the interface's MAC address or assigned sequentially. Because the globally unique MAC addresses offer an opportunity to track user equipment, and so users, across time and IPv6 address changes, RFC 3041 was developed to reduce the prospect of user identity being permanently tied to an IPv6 address, thus restoring some of the possibilities of anonymity existing at IPv4. RFC 3041 specifies a mechanism by which time-varying random bit strings can be used as interface circuit identifiers, replacing unchanging and traceable MAC addresses.

[edit] Notation

IPv6 addresses are normally written as eight groups of four hexadecimal digits, where each group is separated by a colon (:). For example,

2001:0db8:85a3:0000:0000:8a2e:0370:7334

is a valid IPv6 address. To shorten the writing and presentation of addresses, several simplifications to the notation are permitted.

Any leading zeros in a group may be omitted; thus, the given example becomes

2001:db8:85a3:0:0:8a2e:370:7334

One or any number of consecutive groups of 0 value may be replaced with two colons (::):

2001:db8:85a3::8a2e:370:7334

This substitution with double-colon may be performed only once in an address, because multiple occurrences would lead to ambiguity. For example, the illegal address notation 2001::FFD3::57ab, could represent

2001:0:0:0:0:FFD3:0:57ab
2001:0:0:0:FFD3:0:0:57ab 
2001:0:0:FFD3:0:0:0:57ab and 
2001:0:FFD3:0:0:0:0:57ab

Using the double-colon reduction the localhost (loopback) address, fully written as 0000:0000:0000:0000:0000:0000:0000:0001, may be reduced to ::1 and the undetermined IPv6 address (zero value), i.e., all bits are zero, is simply ::.

For example, the addresses below are all valid and equivalent:

2001:0db8:0000:0000:0000:0000:1428:57ab
2001:0db8:0000:0000:0000::1428:57ab
2001:0db8:0:0:0:0:1428:57ab
2001:0db8:0:0::1428:57ab
2001:0db8::1428:57ab
2001:db8::1428:57ab

The sequence of the last 4 bytes of the IPv6 address may optionally be written in dot-decimal notation, in the style of IPv4 addresses. This notation is convenient when working in a mixed (dual-stack) environment of IPv4 and IPv6 addresses, and IPv6 addresses are derived from IPv4 ones. The general form of the notation is x:x:x:x:x:x:d.d.d.d, where the x's are the 6 high-order groups of hexadecimal digits and the d's represent the decimal digit groups of the four low-order octets of the address. For example, ::ffff:12.34.56.78 is the same address as ::ffff:0c22:384e. Usage of this notation may not be widely supported.

RFC 4291 (IP Version 6 Addressing Architecture) provides additional information.

[edit] Prefix and network notation

An IPv6 network is a contiguous group of IPv6 addresses. The size of this block must be a power of 2, and the beginning of a block must be aligned on a bit boundary of the address space. The leading set of bits of the addresses, which are identical for all hosts in a given network, are called the network's address prefix.

Networks are written in CIDR notation: a network is denoted by the first address in the network and the size in bits of the prefix, separated by a slash "/". For example, the network written 2001:0db8:1234::/48 starts at address 2001:0db8:1234:0000:0000:0000:0000:0000 and ends at 2001:0db8:1234:ffff:ffff:ffff:ffff:ffff.

Network addresses should not be confused with the notation used for interface addresses under some operating systems. Under such systems, an interface address is written by combining the address of the interface with the prefix length of the network it is connected to. For example, an interface with address 2001:db8:a::123 connected to a /64 subnet is written 2001:db8:a::123/64.

[edit] IPv6 address types

IPv6 addresses are classified into three types:[13]

  • Unicast addresses
A unicast address identifies a single network interface. The protocol delivers packets sent to a unicast address to that specific interface. Unicast IPv6 addresses can have a scope which is reflected in more specific address names: global unicast address, link-local address, and unique local unicast address.
  • Anycast addresses
An anycast address is assigned to a group of interfaces, usually belonging to different nodes. A packet sent to an anycast address is delivered to just one of the member interfaces, typically the “nearest” according to the routing protocol’s choice of distance. Anycast addresses cannot be identified easily: they have the structure of normal unicast addresses, and differ only by being injected into the routing protocol at multiple points in the network.
  • Multicast addresses
A multicast address is also assigned to a set of interfaces that typically belong to different nodes. A packet that is sent to a multicast address is delivered to all interfaces identified by that address. Multicast addresses begin with an octet of one (1) bits, i.e., they have prefix FF00::/8. The four least-significant bits of the second address octet identify the address scope, i.e. the span over which the multicast address is propagated.
Commonly implemented scopes are node-local (0x1), link-local (0x2), site-local (0x5), organization-local (0x8), and global (0xE). The least-significant 112 bits of a multicast address form the multicast group identifier. Only the low-order 32 bits of the group ID are commonly used, because of traditional methods of forming 32 bit identifiers from Ethernet addresses. Defined group IDs are 0x1 for all-nodes multicast addressing and 0x2 for all-routers multicast addressing.
Another group of multicast addresses are solicited-node multicast addresses which are formed with the prefix FF02::1:FF00:0/104, and where the rest of the group ID (least significant 24 bits) is filled from the interface's unicast or anycast address. These addresses allow link-layer address resolution via Neighbor Discovery Protocol (NDP) on the link without disturbing all nodes on the local network.

[edit] Special addresses

IANA maintains the official list of the IPv6 address space. Global unicast assignments can be found at the various RIRs or at the GRH DFP pages.

There are a number of addresses with special meaning in IPv6:

Unspecified address
  • ::/128 — the address with all zero bits is called the unspecified address. This address must never be assigned to an interface and is to be used only in software before the application has learned its host's source address appropriate for a pending connection. Routers must not forward packets with the unspecified address.
Link local addresses
  • ::1/128 — the loopback address is a unicast localhost address. If an application in a host sends packets to this address, the IPv6 stack will loop these packets back on the same virtual interface (corresponding to 127.0.0.1 in IPv4).
  • fe80::/10 — The link-local prefix specifies that the address is only valid in the scope of a given local link. This is analogous to the Autoconfiguration IP addresses 169.254.0.0/16 in IPv4.
Unique local addresses
  • fc00::/7unique local addresses (ULA) are routable only within a set of cooperating sites. They were defined in RFC 4193 as a replacement for site-local addresses (see below). The addresses include a 40-bit pseudorandom number in the routing prefix that intends to minimize the risk of conflicts if sites merge or packets are misrouted into the Internet. Despite the restricted, local usage of these addresses, they have a global address scope. This is a departure from the site-local address definition that unique local addresses replaced.
Multicast addresses
  • ff00::/8 — The multicast prefix designates multicast addresses[14] as defined in "IP Version 6 Addressing Architecture" (RFC 4291). Some of these have been assigned to specific protocols, for example ff0X::101 will reach all local NTP servers (RFC 2375).
Solicited-node multicast addresses
  • ff02::1:FFXX:XXXX — XX:XXXX are the 3 low order octets of the corresponding unicast or anycast address.
IPv4 transition
ORCHID
  • 2001:10::/28 — ORCHID (Overlay Routable Cryptographic Hash Identifiers) as per (RFC 4843). These are non-routed IPv6 addresses used for Cryptographic Hash Identifiers.
Documentation
  • 2001:db8::/32 — this prefix is used in documentation (RFC 3849). The addresses should be used anywhere an example IPv6 address is given, or model networking scenarios are described.
Deprecated or obsolete addresses
  • ::/96 — This is a 96-bit zero-value prefix originally known as IPv4-compatible addresses. This class of addresses were used to represent IPv4 addresses within an IPv6 transition technology. Such an IPv6 address has its first 96 bits set to zero, while its last 32 bits are the IPv4 address that is represented. The Internet Engineering Task Force (IETF) has deprecated the use of IPv4-compatible addresses with publication RFC 4291. The only remaining use of this address format is to represent an IPv4 address in a table or database with fixed size members that must also be able to store an IPv6 address.
  • fec0::/10 — The site-local prefix specifies that the address is valid only inside the local organization. Its use has been deprecated in September 2004 by RFC 3879 and new systems must not support this special type of address.

[edit] Link-local addresses and zone indices

All interfaces have an associated link-local address, that is only guaranteed to be unique on the attached link. Link local addresses are created in the fe80::/10 address space.

Because link-local addresses have a common prefix, normal routing procedures cannot be used to choose the outgoing interface when sending packets to a link-local destination. A special identifier, known as a zone index, is needed to provide the additional information; in the case of link-local addresses, zone indices correspond to interface identifiers.

When an address is written textually, the zone index is appended to the address, separated by a percent sign "%". The actual syntax of zone indices depends on the operating system:

  • the Microsoft Windows IPv6 stack uses numeric zone indexes, e.g., fe80::3%1. The index is determined by the interface number.
  • Some Unix-like systems (e.g., BSD and Linux) use the interface name as a zone index: fe80::3%eth0.

Zone index notations cause syntax conflicts when used in Uniform Resource Identifiers (URI), as the '%' character also designates percent-encoding.[15]

Relatively few IPv6-capable applications understand address scope syntax at the user level, thus rendering link-local addressing inappropriate for many user applications. However, link-local addresses are not intended for most of such application usage and their primary benefit is in low-level network management functions[citation needed], for example for logging into a router that for some reason has become unreachable.

[edit] Literal IPv6 addresses in network resource identifiers

Since an IPv6 address contains colon (":") characters, network administrators must take care to avoid conflicts with other syntactic meanings of the colon in network resource labels. In IPv4 the colon is used to separate an IP address from a transport protocol port number. This usage has been extended to IPv6, however, when a port is specified in an address string, the proper IPv6 address must be enclosed in square brackets ("[", "]"). This convention is used in other more complex identifiers.

Example: In a URL the IPv6-Address is enclosed in brackets, e.g., http://[2001:0db8:85a3:08d3:1319:8a2e:0370:7348]/.

If the URL also contains a port number the notation is:

https://[2001:0db8:85a3:08d3:1319:8a2e:0370:7344]:443/

This is not only useful but mandated when using shortform:

https://[2001:db8::1428:57ab]:443/

Additional information can be found in "RFC 2732 - Format for Literal IPv6 Addresses in URL's" and "RFC 3986 - Uniform Resource Identifier (URI): Generic Syntax."

In Microsoft Windows operating systems, IP addresses were also allowed in Uniform Naming Convention (UNC) path names. Since the colon is an illegal character in a UNC path name, the use of IPv6 addresses is also illegal in UNC names. For this reason, Microsoft has registered a second-level Internet domain, ipv6-literal.net, as a means to facilitate symbolic substitution. IPv6 addresses may be transcribed in the following fashion:

2001:0db8:85a3:08d3:1319:8a2e:0370:7348
  is written as
2001-db8-85a3-8d3-1319-8a2e-370-7348.ipv6-literal.net

This notation is automatically resolved by Microsoft software without DNS queries to any nameservers. If the IPv6 address contains a zone index, it is appended to the address portion after an 's' character:

fe80--1s4.ipv6-literal.net.

[edit] IPv6 and the Domain Name System

IPv6 addresses are represented in the Domain Name System by AAAA resource records (so-called quad-A records) for forward lookups. Reverse lookup takes place under ip6.arpa (previously ip6.int), where name space is allocated by the ASCII representation of nibble units (digits) of the hexadecimal IP address. This scheme, which is an adaptation of the IPv4 method under in-addr.arpa, is defined in RFC 3596.

AAAA record fields
NAME Domain name
TYPE AAAA (28)
CLASS Internet (1)
TTL Time to live in seconds
RDLENGTH Length of RDATA field
RDATA String form of the IPV6 address as described in RFC 3513

RFC 3484 specifies how applications should select an IPv6 or IPv4 address for use, including addresses retrieved from DNS.

The DNS protocol is independent of its transport layer. Queries and replies may be transmitted over IPv6 or IPv4 transports regardless of the address family of the data requested.

At the design-stage of the IPv6 DNS architecture, the AAAA scheme faced a rival proposal. This alternate approach, designed to facilitate network renumbering, uses A6 records for the forward lookup and a number of other innovations such as bit-string labels and DNAME records. It is defined in RFC 2874 and its references (with further discussion of the pros and cons of both schemes in RFC 3364), but has been deprecated to experimental status.

[edit] Disabling IPv6 because of incompatibilities

Various Internet forums carry reports of people disabling IPv6 because of slowdowns when connecting to hosts on the Internet.

In most cases, this slow-down results from DNS resolution failures due to faulty NAT devices and other DNS resolvers which improperly handle the AAAA DNS query. These DNS resolvers just drop the DNS request for AAAA records, instead of properly returning the appropriate negative DNS response. Because the request is dropped, the host sending the request has to wait for a timeout to trigger, thus causing a perceived slow down when connecting to IPv6 hosts. Since there is no result of the request that can be cached locally, even if a DNS cache is running, the problem will persist for subsequent identical lookups. If the domain name system is working properly, another likely source of delay is mis-routing of IPv6 packets.

[edit] Transition mechanisms

Until IPv6 completely supplants IPv4, a number of transition mechanisms[16] are needed to enable IPv6-only hosts to reach IPv4 services and to allow isolated IPv6 hosts and networks to reach the IPv6 Internet over the IPv4 infrastructure.

For the period while IPv6 hosts and routers co-exist with IPv4 systems, RFC 2893 (Transition Mechanisms for IPv6 Hosts and Routers) and RFC2185 (Routing Aspects of IPv6 Transition) define compatibility and transition mechanisms. These techniques, sometimes collectively called Simple Internet Transition (SIT),[17] include:

  • dual-stack IP implementations for interoperating hosts and routers
  • embedding IPv4 addresses in IPv6 addresses
  • IPv6-over-IPv4 tunneling mechanisms
  • IPv4/IPv6 header translation

[edit] Dual stack

Since IPv6 represents a conservative extension of IPv4, it is relatively easy to write a network stack that supports both IPv4 and IPv6 while sharing most of the code. Such an implementation is called a dual stack, and a host implementing a dual stack is called a dual-stack host. This approach is described in RFC 4213.

Most current implementations of IPv6 use a dual stack. Some early experimental implementations used independent IPv4 and IPv6 stacks.

[edit] IPv4 mapped addresses

Dual stack IPv6/IPv4 implementations typically support a special class of addresses, the IPv4 mapped addresses. This address type has its first 80 bits set to zero, the next 16 set to one, while its last 32 bits represent an IPv4 address. For example, ::ffff:c000:280 is the IPv4 mapped address for the IPv4 address 192.0.2.128.

As an exception to standard IPv6 addresses notation, IPv4 mapped addresses are commonly represented with their last 32 bits written in the customary dot-decimal notation of IPv4, appended to the standard IPv6 notation of the leading bits, e.g., ::ffff:c000:280 could be written as ::ffff:192.0.2.128.

This address type allows the transparent use of the Transport Layer protocols over IPv4 through the IPv6 networking API. A beneficial feature of this mechanism is that server applications only need to open a single listening socket to handle connections from clients using IPv6 or IPv4 protocols. IPv6 clients will be handled natively by default, and IPv4 clients appear as IPv6 clients with an appropriately mapped address. It can also be used to establish IPv4 connections specifically with an IPv6 socket. While the network protocol on the transmission medium is IPv4, the connection is presented as an IPv6 interface to the application.

Because of the significant internal differences between IPv4 and IPv6 at all levels of the IP stack, some of the lower level functionality that may be exposed by the IPv6 stack might not work with IPv4 mapped addresses, if there is no direct translation to IPv4.

Some common IPv6 stacks do not support the IPv4 mapped address feature, either because the IPv6 and IPv4 stacks are separate implementations (Microsoft Windows prior to Vista/Longhorn: e.g. XP/2003), or because of security concerns (OpenBSD). On these operating systems, it is necessary to open a separate socket for each IP protocol that is to be supported. On some systems (e.g., Linux, NetBSD, FreeBSD) this feature is controlled by the socket option IPV6_V6ONLY as specified in RFC 3493.

[edit] Tunneling

In order to reach the IPv6 Internet, an isolated host or network must use the existing IPv4 infrastructure to carry IPv6 packets. This is done using a technique known as tunneling which consists of encapsulating IPv6 packets within IPv4, in effect using IPv4 as a link layer for IPv6.

The direct encapsulation of IPv6 datagrams within IPv4 packets is indicated by IP protocol number 41. IPv6 can also be encapsulated within UDP packets e.g. in order to cross a router or NAT device that blocks protocol 41 traffic. Other encapsulation schemes, such as used in AYIYA or GRE, are also popular.

[edit] Automatic tunneling

Automatic tunneling refers to a technique where the routing infrastructure automatically determines the tunnel endpoints. RFC 3056 recommends 6to4 tunneling for automatic tunneling, which uses protocol 41 encapsulation.[18] Tunnel endpoints are determined by using a well-known IPv4 anycast address on the remote side, and embedding IPv4 address information within IPv6 addresses on the local side. 6to4 is widely deployed today.

Teredo, an automatic tunneling technique that uses UDP encapsulation, can allegedly cross multiple NAT boxes.[19] Teredo is not widely deployed today, but an experimental version of Teredo is installed with the Windows XP SP2 IPv6 stack. IPv6, including 6to4 and Teredo tunneling, are enabled by default in Windows Vista.[20] Most Unix systems only implement native support for 6to4, but Teredo can be provided by third-party software such as Miredo.

ISATAP[21] treats the IPv4 network as a virtual IPv6 local link, with mappings from each IPv4 address to a link-local IPv6 address. Unlike 6to4 and Teredo, which are inter-site tunnelling mechanisms, ISATAP is an intra-site mechanism, meaning that it is designed to provide IPv6 connectivity between nodes within a single organisation.

[edit] Configured tunneling (6in4)

In configured tunneling, better known as 6in4 tunneling, the tunnel endpoints are explicitly configured, either by an administrator manually or the operating system's configuration mechanisms, or by an automatic service known as a tunnel broker.[22] Configured tunneling is usually more deterministic and easier to debug than automatic tunneling, and is therefore recommended for large, well-administered networks.

Configured tunneling uses IP protocol number 41 over the IPv4 tunnel.

[edit] Proxying and translation for IPv6-only hosts

After the Regional Internet Registries have exhausted their pools of available IPv4 addresses, it is likely that hosts newly added to the Internet might only have IPv6 connectivity. For these clients to have backward-compatible connectivity to existing IPv4-only resources, suitable translation mechanisms must be deployed.

One form of translation is the use of a dual-stack application-layer proxy; for example a web proxy.

NAT-like techniques for application-agnostic translation at the lower layers have also been proposed. Most have been found to be too unreliable in practice because of the wide range of functionality required by common application-layer protocols, and are considered by many to be obsolete.

[edit] IPv6 readiness

[edit] Adoption issues

Issues of IPv6 adoption include:

  • legacy equipment where
    • the manufacturer no longer exists to provide support
    • the manufacturer refuses to produce updates to support IPv6 or provides them but only at a prohibitive cost.
    • software upgrades are impossible (for example: software in permanent ROM)
    • the device has insufficient resources to implement the IPv6 stack (usually a lack of ROM & RAM)
    • the device can handle IPv6 but only at a much lower performance than IPv4 (an issue with many older routers)
  • manufacturers providing new equipment with sufficient resources for IPv6
  • manufacturers investing in developing new software for IPv6 support
  • publicity to persuade end-users to prepare to upgrade existing equipment
  • publicity to educate or inform end-users about IPv4 obsolescence to create demand for IPv6-capable equipment
  • ISPs not investing technical resources into preparing for IPv6

There are two distinct classes of users of networking equipment, informed (mainly commercial and professional), and uninformed (mainly consumer). The former understand that network devices are specialist computers which may need software upgrades for security and performance fixes. The latter generally treat their networking equipment as appliances, which are configured only when first unboxed, if at all, and only ever undergo firmware upgrades when absolutely necessary. Inevitably it is the latter group who have no knowledge of IPv4 or v6, but who are most likely to suffer when their equipment has to be replaced, since commercial grade equipment has generally handled IPv6 for quite a few years.

Most equipment such as hosts and routers require explicit IPv6 support. Fewer problems arise with equipment which only does low-level transport, such as cables, most ethernet adapters, and most layer-2 switches.

As of 2007, IPv6 readiness is currently not considered in most consumer purchasing decisions. If such equipment is not IPv6-capable, it might need to be upgraded or replaced prematurely if connectivity from or to new users and to servers using IPv6 addresses is required.

As with the year-2000 compatibility, IPv6 compatibility is mainly a software/firmware issue. However, unlike the year-2000 issue, there seems to be virtually no effort to ensure compatibility of older equipment and software by manufacturers. Furthermore, even compatibility of products now available is unlikely for many types of software and equipment. This is caused by only a recent realisation that IPv4 exhaustion is imminent, and the hope that we will be able to get by for a relatively long time with a combined IPv4/IPv6 situation. There is a tug-of-war going on in the internet community whether the transition will/should be rapid or long. Specifically, an important question is whether almost all internet servers should be ready to serve to new IPv6-only clients by 2012. Universal access to IPv6-only servers will be even more of a challenge.

Most equipment would be fully IPv6 capable with a software/firmware update if the device has sufficient code and data space to support the additional protocol stack. However, as with 64-bit Windows and Wi-Fi Protected Access support, manufacturers are likely to try to save on development costs for hardware which they no longer sell, and to try to get more sales from new "IPv6-ready" equipment. Even when chipset makers develop new drivers for their chipsets, device manufacturers might not pass these on to the consumers. Moreover, as IPv6 gets implemented, optional features might become important, such as IPv6 mobile.

Home routers are usually not IPv6 ready.[citation needed] As for the CableLabs consortium, the 160 Mbit/s DOCSIS 3.0 IPv6-ready specification for cable modems has only been issued in August 2006. IPv6 capable Docsis 2.0b was skipped while the widely used DOCSIS 2.0 does not support IPv6. The new 'DOCSIS 2.0 + IPv6' standard also supports IPv6, which may on the cable modem side only require a firmware upgrade.[23][24] It is expected that only 60% of cable modems' servers and 40% of cable modems will be DOCSIS 3.0 by 2011.[25] Other equipment which is typically not IPv6-ready range from Skype and SIP phones to oscilloscopes and printers. Professional network routers in use should be IPv6-ready. Most personal computers should also be IPv6-ready, because the network stack resides in the operating system. Most applications with network capabilities are not ready, but could be upgraded with support from the developers. Since February 2002, with J2SE 1.4, all applications that are 100% Java have implicit support for IPv6 addresses.[26]

ADSL services offer a problem if the access networks of the incumbent telephone connection cannot support IPv6, such that independent ADSL providers cannot provide native IPv6 connectivity.

[edit] IPv6 conformance testing and evaluation

A few organizations are involved, locally and internationally, with IPv6 testing and evaluation ranging from the United States Department of Defense to the University of New Hampshire. Fault injection and mutation test equipment is available from companies such as Mu Dynamics, whereby tests can be customized. Other classes of test equipment, including load and performance and conformance are available from companies like Spirent, Ixia and Agilent Technologies.

[edit] IPv6 deployment

Although IPv4 address exhaustion has been slowed by the introduction of classless inter-domain routing (CIDR) and the extensive use of network address translation (NAT), address uptake has accelerated again in recent years.[citation needed] Some forecasts expect complete depletion by the year 2011.[27]

As of 2008, IPv6 accounts for a minuscule fraction of the used addresses and the traffic in the publicly-accessible Internet which is still dominated by IPv4.[28]

The 2008 Summer Olympic Games were a notable event in terms of IPv6 deployment, being the first time a major world event has had a presence on the IPv6 Internet at http://ipv6.beijing2008.cn/en (IP addresses 2001:252:0:1::2008:6 and 2001:252:0:1::2008:8) and all network operations of the Games were conducted using IPv6.[29]It is believed that the Olympics provided the largest showcase of IPv6 technology since the inception of IPv6.[30]

[edit] Major IPv6 announcements and availability

Year Announcements and availability
1996 Alpha quality IPv6 support in Linux kernel development version 2.1.8.[31]
6bone (an IPv6 virtual network for testing) was started.
1997 By the end of 1997, a large number of interoperable IPv6 implementations exist.[32][33]
By the end of 1997 IBM's AIX 4.3 is the first commercial platform supporting IPv6.[34][35]
Also in 1997, Early Adopter Kits for DEC's operating systems, Tru64 and OpenVMS, were available.[36]
1998 Microsoft Research[37] releases its first experimental IPv6 stack. This support is not intended for use in a production environment.
2000 Production-quality BSD support for IPv6 becomes generally available in early to mid-2000 in FreeBSD, OpenBSD, and NetBSD via the KAME project.[38]
Microsoft releases an IPv6 technology preview version for Windows 2000 in March 2000.[37]
Sun Solaris supports IPv6 in Solaris 8 in February.[39]
Compaq ships IPv6 with Tru64.[36]
2001 In January, Compaq ships IPv6 with OpenVMS.[36]
Cisco Systems introduces IPv6 support on Cisco IOS routers and L3 switches.[40]
HP introduces IPv6 with HP-UX 11i v1.[41]
2002 Microsoft Windows NT 4.0 and Windows 2000 SP1 have limited IPv6 support for research and testing since at least 2002.
Microsoft Windows XP (2001) supports IPv6 for developmental purposes. In Windows XP SP1 (2002) and Windows Server 2003, IPv6 is included as a core networking technology, suitable for commercial deployment.[42]
IBM z/OS supports IPv6 since version 1.4 (generally availability in September 2002).[43]
2003 Apple Mac OS X v10.3 "Panther" (2003) supports IPv6 which is enabled by default.[44]
In July, ICANN announces that the IPv6 AAAA records for the Japan (.jp) and Korea (.kr) country code Top Level Domain (ccTLD) nameservers are visible in the DNS root server zone files with serial number 2004072000. The IPv6 records for France (.fr) are added a little later. This makes IPv6 operational in a public fashion.
2005 Linux 2.6.12 removes experimental status from its IPv6 implementation.[45]
2007 Microsoft Windows Vista (2007) supports IPv6 which is enabled by default.[42]
Apple's AirPort Extreme 802.11n base station includes an IPv6 gateway in its default configuration. It uses 6to4 tunneling and can optionally route through a manually configured IPv4 tunnel.[46]
2008 On February 4, 2008, IANA adds AAAA records for the IPv6 addresses of six root name servers.[47][48] With this transition, it is now possible for two Internet hosts to fully communicate without using IPv4.
On March 12, 2008, Google launches a public IPv6 web interface to its popular search engine at the URL http://ipv6.google.com.[49]
On July 18, 2008, Internode launches a national IPv6 service, the first in Australia.[50]
2009 In January 2009, Google extended its IPv6 initiative with Google over IPv6, which offers IPv6 support for Google services to compatible networks.
On January 19, 2009, The Pirate Bay announces native IPv6 support.[51] Both trackers and web servers are IPv6 enabled (main website at the URL: http://ipv6.thepiratebay.org/).

[edit] See also

[edit] References

  1. ^ Global IPv6 Statistics - Measuring the current state of IPv6 for ordinary users, S.H. Gunderson (Google), RIPE 57 (Dubai, Oct 2008)
  2. ^ Google: more Macs mean higher IPv6 usage in US
  3. ^ a b c RFC 1752: The Recommendation for the IP Next Generation Protocol
  4. ^ History of the IPng Effort
  5. ^ Exec: No shortage of Net addresses By John Lui, CNETAsia
  6. ^ A Pragmatic Report on IPv4 Address Space Consumption by Tony Hain, Cisco Systems
  7. ^ IPv4 Address Report
  8. ^ Proposed Global Policy for the Allocation of the Remaining IPv4 Address Space
  9. ^ U.S. Census Bureau
  10. ^ ABC: Number of visible stars put at 70 sextillion
  11. ^ RFC 4862: IPv6 Stateless Address Autoconfiguration, September 2007
  12. ^ RFC 2894: Router Renumbering for IPv6, M. Crawford, August 2000
  13. ^ RFC 2373 - IP Version 6 Addressing Architecture
  14. ^ IP Version 6 multicast address
  15. ^ Formats for IPv6 Scope Zone Identifiers in Literal Address Formats
  16. ^ IPv6 Transition Mechanism / Tunneling Comparison
  17. ^ Rodriguez, Adolfo; John Gatrell; John Karas; Roland Peschke (2001-08-06). "Internet transition - Migrating from IPv4 to IPv6". TCP/IP Tutorial and Technical Overview. IBM. http://safari.oreilly.com/0738421650/ch17lev1sec7. Retrieved on 2008-08-15. "These techniques are sometimes collectively termed Simple Internet Transition (SIT)." 
  18. ^ RFC 3056: Connection of IPv6 Domains via IPv4 Clouds
  19. ^ RFC 4380: Teredo: Tunneling IPv6 over UDP through Network Address Translations (NATs)
  20. ^ The Windows Vista Developer Story: Application Compatibility Cookbook
  21. ^ RFC 4214: Intra-Site Automatic Tunnel Addressing Protocol (ISATAP)
  22. ^ RFC 3053: IPv6 Tunnel Broker
  23. ^ [1]
  24. ^ [2]
  25. ^ ABI Research (2007-08-23). DOCSIS 3.0 Network Equipment Penetration to Reach 60% by 2011. Press release. http://www.abiresearch.com/abiprdisplay.jsp?pressid=710. Retrieved on 2007-09-30. 
  26. ^ "Networking IPv6 User Guide for JDK/JRE 5.0". http://java.sun.com/j2se/1.5.0/docs/guide/net/ipv6_guide/index.html. Retrieved on 2007-09-30. 
  27. ^ IPv4 Address Report
  28. ^ Geoff Huston - An Update on IPv6 Deployment (RIPE 56)
  29. ^ The Beijing Organizing Committee for the Games of the XXIX Olympiad (2008-05-30). Beijing2008.cn leaps to next-generation Net. Press release. http://en.beijing2008.cn/news/official/preparation/n214384681.shtml. 
  30. ^ Das, Kaushik (2008). "IPv6 and the 2008 Beijing Olympics". IPv6.com. http://www.ipv6.com/articles/general/IPv6-Olympics-2008.htm. Retrieved on 2008-08-15. "As thousands of engineers, technologists have worked for a significant time to perfect this (IPv6) technology, there is no doubt, this technology brings considerable promises but this is for the first time that it will showcase its strength when in use for such a mega-event." 
  31. ^ Linux IPv6 Development Project
  32. ^ IETF December 1997 Proceedings
  33. ^ IESG: Implementation Report
  34. ^ IPv6 support shipping in AIX 3.3
  35. ^ Its AIX 4.3.
  36. ^ a b c | DEC/Compaq IPv6 history
  37. ^ a b Internet Protocol Version 6 (old Microsoft Research IPv6 release)
  38. ^ KAME project
  39. ^ Sun Solaris 8 changes from Solaris 7
  40. ^ Cisco main IPv6 site
  41. ^ HP main IPv6 site
  42. ^ a b Microsofts main IPv6 site
  43. ^ IBM: z/OS operating system
  44. ^ Mac OS X 10.3 Using IPv6 *** Document not found error message *** 2008-11-14
  45. ^ Linux 2.6.12 changelog
  46. ^ Apple AirPort Extreme technical specifications.
  47. ^ IPv6: coming to a root server near you
  48. ^ IANA - IPv6 Addresses for the Root Servers
  49. ^ Official Google Blog
  50. ^ http://www.internode.on.net/news/2008/07/96.php
  51. ^ http://thepiratebay.org/blog/146

[edit] External links

Personal tools