Internet Protocol Version 6 (IPv6)

Overview

After decades of faithful service, the current version of IP, also known as IP version 4 (IPv4), is showing signs of age. The growth of the Internet and the inclusion of a variety of unanticipated technologies are putting a strain on the original design. Before webegin to discuss IPv4's pitfalls, we must take a moment to reflect on the design of IPv4. This protocol was designed in the late 1970s (roughly the Bronze Age of computing) and has risen above all other networking protocols to become the de facto world standard for data communications. There are not many computer technologies that were designed in 1978 that are still in use today, much less as the cornerstone of a global communications infrastructure.

The Disadvantages of IPv4

In today's Internet, IPv4 has the following disadvantages:

• Limited address spaceThe most visible and urgent problem with using IPv4 in the modern Internet is the rapid depletion of public addresses. Dueto the initial address class allocation practices of the early Internet, public IPv4 addresses are becoming scarce. Organizations in the United States hold most public IPv4 address space worldwide.

  This limited address space has forced the wide deployment of Network Address Translators (NATs), which can share one public IPv4 address among several privately addressed computers. NATs have the side effect of blocking secure traffic, specifically Internet Protocol security (IPSec)–protected traffic, anddisabling some types of peer-to-peer applications. Although many workarounds for NAT issues are in development, they only add complexity to what should be an end-to-end addressable network.

• Flat routing infrastructureIn the early Internet, network IDs were notallocated to create a summarizable, hierarchical routing infrastructure. Instead, individual network IDs were assigned and each network ID became a new route in the routing tables of the Internet backbone routers. Today's Internet is a mixture of flat and hierarchical routing, but there are still more than 80,000 routes in the routing tables of Internet backbone routers, resulting in slower forwarding of Internet traffic.
• ConfigurationIPv4 must be configured, either manually or through theDynamic Host Configuration Protocol (DHCP). DHCP allows IPv4 configuration to scale, but you must also configure and manage a DHCP infrastructure.
• SecuritySecurity for IPv4 is specified by the use of IPSec. However, IPSec is optional for IPv4 implementations. Because an application cannot rely on IPSec being present to secure traffic, an application might resort to other security standards or a proprietary security scheme. The need for built-in security is even more important today, when we face an increasingly hostile environment on the Internet.
• Quality of service (QoS)Nonstandard packet delivery for a specified QoS, such as special handling parameters for low delay and low variance in delay for voice or video traffic, is possible with IPv4. However, it relies on a newinterpretation of the IPv4 Type Of Service (TOS) field, which is not supported for all the devices on the network. Additionally, identification of the packet flow must be done using an upper layer protocol identifier such as a TCP or User Datagram Protocol (UDP) port. This additional processing of the packet by intermediate routers makes forwarding less efficient.
• MobilityMobility is a new requirement for Internet-connected devices, in which a node can change its address as it changes its physical attachment to the Internet and still maintain existing connections. Although there is a specification for IPv4 mobility, due to a lack of infrastructure, communications with an IPv4 mobile node are inefficient.

All of these issues and others prompted the Internet Engineering Task Force (IETF) to begin the development of a replacement protocol for IPv4 that would solve the problems of IPv4 and be extensible to solve additional problems in the future. This replacement for IPv4 is IPv6.

IPv6 solves the problems of IPv4 in the following ways:

• Huge address spaceIPv6 addresses are 128 bits long, creating an address space with 3.4 1038 possible addresses. This is plenty of address space for the foreseeable future and allows all manner of devices to connect to the Internet without the use of NATs. Address space can also be allocated internationally in a more equitable manner.
• Hierarchical routing infrastructureIPv6 public addresses, known as global addresses, are designed to have a structure that fits the typical global-regional-local hierarchy of Internet service providers (ISPs) that typically exist between an organization or home and the backbone of the Internet. Global addresses are designed to be summarizable and hierarchical, resulting in relatively few routing entries in the routing tables of Internet backbone routers.
• Automatic configurationIPv6 hosts can automatically configure their own IPv6 addresses and other configuration parameters, even in the absence of an automatic configuration infrastructure such as DHCP.
• Built-in securityUnlike IPv4, IPv6 support for IPSec is required. Applications can always rely on industry standard security services for data sent and received.
• Better support for QoSIPv6 has an equivalent to the IPv4 TOS field that will have a single interpretation for nonstandard delivery. Additionally, a Flow Label field in the IPv6 header indicates the packet flow, making the determination of forwarding for nondefault delivery services more efficient at intermediate routers.
• Built-in mobilityRather than attempting to add mobility to an established protocol with an established infrastructure (as with IPv4), IPv6 has built-inmobility support.

  Note

  IPv6 is not designed to be a superset of IPv4 functionality and is not backward compatible with IPv4.

IPv6 Addressing

The IPv6 address is 128 bits long, creating an address space of almost inconceivable size. With 128 bits you can express more than 3.4 1038 combinations. Unlike IPv4 unicast addresses, the structure of an IPv6 unicast address is very simple: The first 64 bits areused to express a subnet identifier and the last 64 bits are used to express an interface identifier. Although you can perform variable-length subnetting within the 64 bits of the subnet identifier, the host ID equivalent for IPv6 is always the same size. The 64 bits of subnet identifier are used to provide enough addressing space to enumerate networks from the Internet backbone to the subnets within an organization's site. The 64 bits of interface identifier are used to map 48-bit media access control (MAC) addresses used by today's network adapters and 64-bit MAC addresses used by tomorrow's network adapters.

Basics of Address Syntax

With such a large address space, expressing an individual address became problematic. The designers of IPv6 settled on colon-hexadecimal notation. The 128-bit address isdivided into 16-bit blocks and delimited by colons. Each 16-bit block is expressed in hexadecimal format (rather than decimal format for IPv4). The result is the IPv6 address.

The following are some examples of IPv6 unicast addresses:

• 3FFE:FFFF:2A:41CD:2AA:FF:FE5F:47D1
• FE80:0:0:0:2AA:FF:FE5F:47D1
• FEC0:0:0:41CD:2AA:FF:FE5F:47D1

Notice that the leading zeros within each block are suppressed, as long as each block contains at least one hexadecimal digit.

There are many IPv6 addresses that have a sequence of blocks set to 0. To further compress IPv6 addresses, a single contiguous set of 0 blocks can be expressed as "::", anotation known as double-colon. For example:

• FE80:0:0:0:2AA:FF:FE5F:47D1 becomes FE80::2AA:FF:FE5F:47D1
• FEC0:0:0:41CD:2AA:FF:FE5F:47D1 becomes FEC0::41CD:2AA:FF:FE5F:47D1
• FF02:0:0:0:0:0:0:1 (a multicast address) becomes FF02::1

To express a subnet identifier, a route, or an address range, IPv6 uses the network prefix length notation (also used for Classless Inter-Domain Routing [CIDR] for IPv4). There are no subnet masks in IPv6. For example, 3FFE:FFFF:2A:41CD::/64 is a subnet identifier; 3FFE:FFFF:2A::/48 is a route; and FF::/8 is an address range (the range of all IPv6 multicast addresses).

Types of Addresses

IPv6 defines three types of addresses: unicast, multicast, and anycast. Unicast and multicast addresses work in the same way as they do for IPv4. An anycast address, however, is a strange mixture of unicast and multicast. Whereas a unicast address is used for one-to-one delivery and a multicast address is used for one-to-many delivery, an anycast address is used for one-to-one-of-many delivery. A set of interfaces, known as an anycast group, listens on the anycast address. When a sending host sends packets to an anycast address, the packets are delivered to the anycast group member that is topologically closest to the sending host. This delivery to the closest anycast group member is facilitated by host routes in the routing infrastructure that indicate with routing metrics where the closest group member is located. This new type of address allows some types of network resources, such as Domain Name System (DNS) servers, to be scattered across an organization's network. For example, when a DNS query is sent, it is sent to a reserved DNS Servers anycast address and delivered to the DNS server that is closest to the querying node.

Types of Unicast Addresses

Just as there are different types of IPv4 unicast addresses (such as public and private), there are different types of IPv6 unicast addresses.

Global

Aggregatable global unicast addresses, also known as global addresses, are the equivalent of IPv4 public addresses. Global addresses are globally reachable on the IPv6 Internet. Unlike public IPv4 network IDs, which are a combination of flat and summarizableaddress spaces, IPv6 global addresses have a defined structure that makes them easy to aggregate and summarize at address space boundaries. This results in fewer routes in the various routing domains of the Internet.

Local-Use Unicast Addresses

Local-use unicast addresses are those unicast addresses that are not globally reachable on the IPv6 Internet. These addresses are designed to be used within the site or on the link.

Site-local addresses, which are used within the same site, are equivalent to IPv4 public addresses. Organizations can use them internally without conflicting with global addresses and these addresses can be safely used even when the organization has a direct, routed connection to the IPv6 Internet. Site-local addresses always begin with "FEC0".

Link-local addresses, which are used on the same link, are equivalent to Automatic Private IP Addressing (APIPA) addresses used by current Microsoft desktop and server operating systems. Link-local addresses are automatically configured and can be used to provide automatic addressing for nodes connected to the same network segment when there is no router present. Link-local addresses always begin with "FE80".

IPv6 Interface Identifiers

The interface identifier, the last 64 bits of an IPv6 unicast address, is determined in the following ways:

• Derived from the MAC address of the network adapter to which the address is assigned
• Randomly generated to provide IPv4-equivalent anonymity
• Assigned during a Point-to-Point Protocol (PPP) connection
• Assigned during DHCP configuration

DNS Support

To resolve domain names to IPv6 addresses, RFC 1886 defines the use of the AAAA (or quad-A) DNS resource record to resolve a DNS name to an IPv6 address. The AAAA record is analogous to the address (A) record that exists for resolving a DNS name to an IPv4 address. To obtain an AAAA record in a DNS query response, a querying host must specify either AAAA records or all records in its DNS query.

For reverse name resolution, RFC 1886 also describes the use of pointer (PTR) records to determine the name of an IPv6 node from its address. The IP6.ARPA reverse namedomain is used as the root of the reverse namespace rather than IN-ADDR.ARPA. To create the reverse query name, the IPv6 address is fully expressed as a sequence of hexadecimal digits (including all 0 digits), and then each hexadecimal digit in reverse orderbecomes a separate level in the reverse domain namespace.

For example, for the IPv6 address FEC0:0:0:41CD:2AA:FF:FE5F:47D1 (fully expressed as FEC0:0000:0000:41CD:02AA:00FF:FE5F:47D1), the name in the reverse domain namespace is 1.D.7.4.F.5.E.F.F.F.0.0.A.A.2.0.D.C.1.4.0.0.0.0.0.0.0.0.0.C.E.F.IP6.ARPA.

Core Protocols of IPv6

The core protocols of the IPv6 protocol suite consist of the following:

• IPv6
• Internet Control Message Protocol for IPv6 (ICMPv6)
• Neighbor Discovery (ND)
• Multicast Listener Discovery (MLD)

IPv6

The IPv6 header is described in RFC 2460. It has a new, streamlined design that removes unneeded fields and moves seldom-used fields to extension headers. Even with addresses that are four times larger than IPv4 addresses, the size of the IPv6 header is only twice as large as the IPv4 header, with a 40-byte fixed size. Although larger, the IPv6 header contains fewer fields and is more efficiently processed by routers. Like IPv4, IPv6 is connectionless and provides a best-effort delivery to the destination.

The IPv6 header is not compatible with the IPv4 header. An IPv4-only node silently discards IPv6 packets and an IPv6-only node silently discards IPv4 packets.

ICMPv6

ICMPv6, defined in RFC 2463, provides error reporting and diagnostic functions for IPv6. Additionally, ICMPv6 provides a common packet structure for the messages of ND and MLD. Analogous to ICMP for IPv4, ICMPv6 provides the following types of messages:

• Echo Request
• Echo Reply
• Destination Unreachable
• Time Exceeded
• Parameter Problem

ICMPv6 also includes a Packet Too Big message that is equivalent to the RFC 1191–defined Destination Unreachable-Fragmentation Needed and DF Set message. The ICMPv6 Packet Too Big message is used for IPv6-based path maximum transmission unit (PMTU) discovery.

Neighbor Discovery

ND, defined in RFC 2461, consists of a set of ICMPv6 messages, message options, and defined processes that allow neighboring nodes to discover each other, discover the routers on the link, and provide support for host redirection. ND replaces the following facilities in IPv4:

• Address Resolution Protocol (ARP)
• ICMP Router Discovery
• ICMP Redirect

The five ND messages are as follows:

• Neighbor Solicitation
• Neighbor Advertisement
• Router Solicitation
• Router Advertisement
• Redirect

ND defines the following processes:

• Address resolutionInstead of sending a broadcast ARP Request message and receiving a unicast ARP Reply message, an IPv6 node sends a multicast Neighbor Solicitation and receives a unicast Neighbor Advertisement.
• Duplicate address detectionJust like the sending of gratuitous ARP frames in IPv4, an IPv6 node performs address resolution on addresses it attempts to use before initializing them on an interface.
• Router discoveryWhen nodes start up on a link, they send a multicast Router Solicitation message. Routers on the link send a unicast or multicast Router Advertisement message that contains address prefixes and other configuration options so that the host can automatically configure global and site-local addresses. With proper configuration of routers, a DHCP infrastructure is unnecessary.
• RedirectJust as in IPv4, if an IPv6 host sends traffic to the wrong router, the router forwards the packet and sends the sending host a Redirect message,informing the host of the better next-hop address of the optimal router.
• Neighbor unreachability detectionNew to IPv6 is the ongoing trackingof whether neighboring nodes are reachable. If a neighboring node becomes unreachable, an IPv6 node detects the problem and makes adjustments, such as automatically choosing a new default router, or indicating the error to upper layer protocols.

Multicast Listener Discovery

MLD, defined in RFC 2710, is the IPv6 equivalent to Internet Group Management Protocol (IGMP) version 2 for IPv4. MLD defines ICMPv6 messages that are used by hosts to register group membership, by hosts to leave a group, and by routers to query the subnet for group membership.

Differences Between IPv4 and IPv6

There are many differences between IPv4 and IPv6, and Table 10-1 lists some of the more obvious differences.

Summary

The IPv6 suite of protocols is a revision of the Internet Layer protocols of the currentTCP/IP protocol suite and replaces IP, ICMP, IGMP, and ARP. IPv6 attempts to solvethe problems of IPv4 with efficient and plentiful addressing, a streamlined InternetLayer header that is easier for routers to process, and more efficient neighboring node interaction.