IPv6 (Internet Protocol Version 6)
IPv6 (Internet Protocol version 6) is a set of specifications from the Internet Engineering Task Force (IETF) that is essentially an upgrade of IP version 4 (IPv4), a category of IP addresses in IPv4-based routing. The basics of IPv6 are similar to those of IPv4 -- devices can use IPv6 as source and destination addresses to pass packets over a network, and tools like ping work for network testing as they do in IPv4, with some slight variations.
The specification (RFC8200) for IPv6 was published in 2017 and was elevated to Internet Standard (STD86).
Difference between IPv4 and IPv6
The most obvious improvement in IPv6 over IPv4 is that IP addresses are lengthened from 32 bits to 128 bits. This extension anticipates considerable future growth of the Internet and provides relief for what was perceived as an impending shortage of network addresses. IPv6 also supports auto-configuration to help correct most of the shortcomings in version 4, and it has integrated security and mobility features.
Benefits of IPv6
IPv6 benefits include:
- Supports source and destination addresses that are 128 bits (16 bytes) long
- Uses a link-local scope all-nodes multicast address
- Does not require manual configuration or DHCP.
- Uses host address (AAAA) resource records in DNS to map host names to IPv6 addresses.
- Uses pointer resource records in the IP6.ARPA DNS domain to map IPv6 addresses to host names.
- Supports a 1280-byte packet size (without fragmentation).
- Uses Flow Label field to identify packet flow for quality of service (QoS) handling by router.
- Uses Internet Control Message Protocol version 6 (ICMPv6) Router Solicitation and Router Advertisement messages to determine the IP address of the best default gateway.
- Uses Multicast Neighbor Solicitation messages to resolve IP addresses to link-layer addresses.
- Uses Multicast Listener Discovery (MLD) messages to manage membership in local subnet
IPv6 complications include:
- Doesn't include a checksum in the header. IPv6 no longer has a header checksum to protect the IP header, meaning that when a packet header is corrupted by transmission errors, the packet may be delivered incorrectly.
- IPv4 and IPv6 machines cannot communicate directly to each other.
- The process of making the switch to IPv6 from IPv4 is slow and tedious.
- Understanding IPv6 subnetting can be difficult on its own.
- Because the header is of fixed length in IPv6, options cannot be tagged onto the IP header as in IPv4.
- Requires IPSec
- Uses Flow Label field to identify packet flow for QoS handling by router.
- Allows the host to send fragments packets but not routers.
Who deploys IPv6?
Google reported in August 2019, that nearly 29 percent of those searching on Google were doing so over IPv6.
The Federal Communications Commission (FCC) notes that the transition will be years long. During the transition, steps will be taken by Internet service providers, content and application providers to ensure that IPv4 addresses will continue to be supported. However, during the transition, the FCC warns, online services could be impaired or degraded, and privacy could be compromised because of increased dividing and transferring of IPv4 addresses.
As of August 2019, most virtual private network (VPN) providers weren't yet supporting IPv6.
IPv6 can run end-to-end encryption (E2EE). Widespread adoption of IPv6 will therefore make man-in-the-middle attacks (MitM) significantly more difficult.
According to network security firm Sohpos, IPv6's support of the Secure Neighbor Discovery (SEND) protocol renders Address Resolution Protocol (ARP) poisoning and other naming-based attacks more difficult. With IPv4, it’s fairly easy for an attacker. IPv6 makes it difficult for attackers to redirect traffic between two legitimate hosts and manipulate a conversation.
This added security depends entirely on proper design and implementation, and the more complex and flexible infrastructure of IPv6 makes for more work. If, for example, a server enables IPv6 by default but the firewall doesn't, the network is more prone to attack.
Operating a network in which two internet protocols -- IPv4 and IPv6 -- are deployed generally implies that network configuration needs to be replicated for IPv6 -- that is, the network must be configured so that IPv6 can operate like IPv4. This network configuration not only includes aspects such as enabling IPv6 routing and incorporating IPv6 information in the domain name system, but also the enforcement of network security policies via packet filtering.
IPv6 and MAC address
IPv6 addresses are 128 bits long (16 bytes), including 64 bits for the network number and 64 bits for the host number. The host portion of an IPv6 address or part of it often will be derived from a media access control (MAC) address or other interface identifier. Depending on the subnet prefix, IPv6 has a more complicated architecture than IPv4. The number of IPv6 addresses is 1028 (79 228 162 514 264 337 593 543 950 336) times larger than the number of IPv4 addresses. The text form of the IPv6 address is xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx, where each x is a hexadecimal digit, representing 4 bits. Leading zeros can be omitted.
Continue Reading About IPv6 (Internet Protocol Version 6)
- Robert Hinden provides an IP Next Generation Overview . His paper includes a diagram of the IPv6 header format.
- A description of the IPv6 Working Group and links to the IPv6 specifications are available at IP Next Generation (IPng).