All About IPv6
Understanding everything about IPv6
What is IPv6?
The Internet Protocol version 6 or simply IPv6 is the latest version of the internet protocol, the communication protocol that identifies devices across the internet in order for them to be located. The IPV6 identifies and locate systems for computers on the networks and routs traffic across the web.
This supposed newest version has actually been around since 1998. Its main purpose was to address the shortfall of IP addresses, IPV4 to be exact, but despite its efficiency and security advantages, migration and adoption to the IPv6 is still rather slow.
The IPV6 was developed in order to address the much anticipated IP address apocalypse. The Internet Engineering Task Force (IETF) created this version to supposedly replace the older one. In December 1998, the IPv6 was launched and became a Draft Standard for the open standards organization. They ratified the IPv6 as an internet standard on July 14, 2017.
Gadgets and devices that are hooked on the internet have a corresponding unique IP address. This is to identify and locate them on the internet. But with the exponential growth of the internet after it was intensively advertised in the 90s, plus the rapid increase of the Internet of Things, it became evident that long-anticipated issue of IPv4 address exhaustion is just around the corner. The need for more addresses to connect devices than what was available that time is quickly running out. In 1998, the task force has officially announced IPV6 as the successor of the IPv4. It would use a 128-bit address, allowing 2128, or approximately 3.4x 1038 addresses, well, at least in theory. The actual number is relatively smaller, as multiple ranges are reserved for special use or totally excluded from being utilized. The two protocols are also far from being interoperable. They were not designed that way, thus direct communication between the two is not possible. This complicates the migration plan to the newer version from the older one. But, a number of transition mechanisms have been formulated in order to rectify the situation.
The new version offers other technical advantages in addition to a much larger addressing space. In particular, the IPv6 allows hierarchical address allocation techniques that make it possible for route aggregation across the net, and so, confines the expansion of routing tables. The use of multicast addressing is stretched out and was made even simpler, and it offers more optimization for the delivery of services. Device and/or gadget mobility, security and configuration features were taken into consideration during the development of the IPv6.
The addresses in the IPv6 are represented as eight groups. They are divided by colons and of four hexadecimal digits. The full representation can be simplified and shortened. For example: this IP address 2001:0db8:0000:0000:0000:8a2e:0370:7334 can become, 2001:db8::8a2e:370:7334.
Aspects of IPV6
The new IP version is an Internet Layer protocol for packet-switched internetworking. It also offers end-to-end datagram transmission across several IP networks, closely sticking on to the design principles developed in the IPv4, the previous version.
Aside from providing more addresses, the new version can also implement features not available in the older version. The IPv6 simplifies aspects of address configuration, network renumbering and router announcements when changing or modifying network connectivity providers.
The IPv6 also simplifies processing of packets in routers by putting the task for packet fragmentation into the end points. Its subnet size has been standardized into 64 bits, and this is made possible by fixing the size of the host identifier portion of an address. The addressing design of the new version is defined in RFC 4291, which was the Internet Society’s publication. It stands for Request for Comments (RFC) and according to the article, the IPv6 allows different types of transmissions: the unicast, anycast and the multicast.
Motivation and Origin
The Exhaustion of the IPv4 address.
The first publicly used Internet Protocol was the Internet Protocol version 4 (IPv4). A US Department of Defense agency, the Defense Advanced Research Projects Agency (DARPA) developed this IP as a research project before it became the foundation for the internet and the World Wide Web.
It includes an addressing system that employs numerical identifiers with 32-bits. The addresses found on the IPv4 are shown in quad-dotted notation as decimal values of four octets, each in the range 0 – 255, or 8-bits per number. Therefore, this protocol offers an addressing capability of 232 or approximately 4.3 billion addresses. During the development of IPv4, running out of addresses did not cross their mind. Address exhaustion was not their concern since this protocol was originally presumed to be a test of DARPA’s networking concepts.
During the first decade of operation of the internet, it became evident that systems and processes had to be developed in order to conserve the address space that is running out. And even with the supposed redesigning of the addressing system using a classless network model in the 1990s, it became evident that this would be enough to prevent the address exhaustion, and that further changes. And this further shows that an internet infrastructure is badly needed more than ever.
In February 2011, the Internet Assigned Numbers Authority or IANA, allocated the remaining unassigned top-level address blocks of 16 million IPv4 addresses to the five Regional Internet Registries (RIRs). But these RIRs have available address pools each, and are anticipated to continue with standard address allocation policies until a /8 Classless Inter-Domain Routing (CIDR) block is left. And then, blocks of 1024 addresses or /22 will be made available from the RIRs to a Local Internet Registry (LIR).
As of September 2015, The Asia-Pacific Network Information Centre (APNIC), the Réseaux IP Européens Network Coordination Centre (RIPE_NCC), Latin America and Caribbean Network Information Centre (LACNIC), and American Registry for Internet Numbers (ARIN) have achieved this, leaving African Network Information Center (AFRINIC) as the only regional internet registry to still employ the normal protocol for distributing the old IP version. And of as November 2018, AFRINIC’s minimum allocation is 1024 IPv4 addresses or /22. LIR can receive additional allocation should address space used is about 80%.
In November of 2019, the European LIR (RIPE NCC), said that they no longer have any available IPv4 address, prompting them to call for greater progress on the adoption of the new version, IPv6. It is widely anticipated that the internet will be using both IPv4 and IPv6 for the coming years.
Comparing IPv4 with IPv6
Data are transmitted as network packets on the internet. IPv6 specifies a new packet format that is developed and designed to minimize packet header processing by routers. The headers of the IPv4 and IPv6 packets are significantly different making them not interoperable. But, a lot of transport and application layer protocols need little to no change in order to operate over the new version. Exceptions however includes, application protocols that has internet-layer addresses like File Transfer Protocol (FTP) and Network Time Protocol (NTP), wherein the new address format can create conflict with the syntax of the existing protocol.
More and Larger Address Space
One of the most significant advantages of the new IP version is its larger address space feature. Its address is 128 bits while the older version only has 32 bits. IPv6 therefore has 2128 = 340,282,366,920,938,463,463,374,607,431,768,211,456 addresses (approximately 3.4×1038). Please note that some blocks of this space and some specific address are for special uses only.
And while the address space in IPv6 is quite large, the designers and developers of this protocol did not make it as a way to assure geographical saturation having usable addresses. Instead, the longer addresses simplify allocation of addresses, allow efficient route aggregation, and enable implementation of special addressing characteristics and features.
IN the older version, complex classless Inter-Domain Routing techniques were created in order to maximize the usage of small address space. In IPv6, the standard size of a subnet is 264 addresses which is about 4 billion times the size of the entire address space of its predecessor. Therefore, the actual address space usage will be smaller in IPv6, but network management and routing efficiency are greatly developed thanks mainly to the large subnet space and hierarchical route aggregation.
In computer networking, when you say multicasting, it refers to group communication wherein data transmission is addressed to a big group of destination computers simultaneously. And is part of IPv6, where the transmission of a packet to several destinations is done on a single send operation. This feature though is not that significant in IPv4 as this is just optional but is commonly implemented.
The multicast addressing in IPv6 has features and protocols common with the older version’s multicast, but also offers adjustments and improvements by getting rid of the need for certain protocols. IPv6 does not implement the usual IP broadcast like the transmission of a packet to each host on the attached link utilizing a special broadcast address, in effect, does not identify broadcast addresses. In the new protocol, it still gets the same result by sending a packet to the link local all nodes multicast group at ff02::1. This is equivalent and comparable to IPv4’s multicasting address of 188.8.131.52.
The newer protocol also provides for new multicast implementations, which includes, embedding rendezvous point addresses in its multicast group address. This makes it easier for the inter-domain solutions to use.
In IPv4, it is quite complex and complicated for a group to avail even one globally routable multicast group assignment. The implementation of the inter-domain solutions is likewise hidden. Unicast address assignments by a LIR for the new version must at least have a 64-bit routing prefix, yielding the smallest subnet size available in this protocol. With this assignment, it is possible to set in the unicast address prefix into the IPv6 multicast address format, and still give a 32-bit block, which is the least important bits of the address, or about 4.2 billion multicast group identifiers. Users of an IPv6 subnet will automatically gain available set of globally routable source-specific multicast groups for various multicast applications.
Stateless Address Autoconfiguration (SLAAC)
The hosts of the new version automatically configure themselves. Each interface has a self-generated link-local address. And when connected to a network, conflict resolution is executed and routers give network prefixes through router ads. Stateless configuration of routers can be done using a special router remembering protocol. When needed, hosts can configure stateful addresses using the Dynamic Hosts Configuration Protocol version 6(DHCPv6). It can also be executed through static addresses manually.
Like IPv4, the latest IP version supports globally unique IP addresses. Its design is intended to re-emphasize the end-to-end principle of network design which was then envisioned during the founding of the early days of Internet by rendering network address translation outmoded. Thus, each device and gadge on the network is globally addressable directly from another device.
A secure, unique and globally addressable protocol would make tracking a gadget or device across networks possible. Consequently, these addresses are a particular privacy concern for mobile gadgets like your laptops, cellphones and tablets. To resolve these privacy issues, the SLAAC protocol has what are basically called “privacy addresses” or more appropriately called, “temporary addresses” as mentioned in RFC 4941, “Privacy Extensions for Stateless Address Autoconfiguration in IPv6.” Temporary addresses are somewhat unstable and are unsystematic.
A usual device or gadget creates a new temporary address every day and will ignore traffic addressed to an old one after a week. Temporary addresses are also utilized by default by Windows since its XP SP1, macOS since MAC OSX 10.7, Android since the 4.0 version, and since the 4.3 version of IOS. The use of such addresses by Linux distributions differs.
It can be a daunting task with IPv4 when it comes to renumbering an existing network for a new connectivity provider with different routing prefixes. But with the latest version, changing the prefix announced by a few routers can renumber the whole network in principle, since the host identifiers can be self-configured by a host independently.
When it comes to style and technique, the SLAAC Address generation is implementation-dependent. The IETF suggest that addresses are deterministic but semantically unclear.
Internet Protocol Security (IPsec)
This was developed initially for the IPv6, but established extensive deployment first in the older IP version, for which it was re-engineered. The IPSec was a mandatory part of all IPv6 protocol implementation
In the IPv6, the IPSec played a major part in all of its protocol implementations, and the Internet Key Exchange or IKE was recommended. However with RFC 6364, the inclusion of such protocol security in IPv6 implementations was relegated to a mere recommendation after it was seen impractical to require a full IPsec implementation for all types of gadgets and devices that may use the new IP version.
But, based on RFC 4301, the IPv6 protocol implementations that apply IPsec has to employ IKEv2 and need to support a minimum set of cryptographic algorithms. This will help make IPsec implementations more interoperable among devices from different sellers. The IPsec Authorization Header (AH) and the Encapsulating Security Payload header (ESP) are used as extension headers of the newest IP version.
Simplified Processing by Routers
In IPv6, the packet header is not complicated as compared to the header of the IPv4. A lot of rarely used fields have been relocated to optional header extensions. With the simplified IPv6 packet header, the process of packet forwarding by routers became simpler. Although IPv6 packet headers are at least two times the size of its predecessor’s packet headers, processing of packets that only has the base IPv6 header by routers may be more efficient in some cases. But bad packet processing performance happens since lots of devices implement IPv6 support in software and not in hardware. The use of Extension Headers which caused packets to be processed by the CPU of the router, can lead to poor performance and even security problems.
Furthermore, a checksum is not included in the IPv6 header. The IPv4 header checksum is calculated for its header, and has to be recalculated by routers each time to time to live is compacted by one. In IPv6, Time to Live is called Hop Limit.
Without a checksum in the IPv6 header, it furthers the end-to-end principle of Internet Design, which pictures that most processing in the network happens in the leaf nodes.
Integrity protection for the data that has been summed up in the IPv6 packet is believed to be secured and guaranteed by both link layer or error detection in higher-layer protocols (Transmission Control Protocol) and the UDP or User Datagram Protocol located on the transport layer. And so, while the older version lets UDP datagram headers to have no checksum, the newer version needs such in UDP headers.
IP fragmentation is not performed in IPv6 routers. Its hosts are obliged to execute path MTU discovery, do end-to-end fragmentation, or send packets that are less than the default maximum transmission unit or MTU, in this case the MTU is 1280 octets.
Mobile IPv6 avoids triangular routing and is deemed as efficient as native IPv6. It can also allow the entire subnets to move to a new router connection point even without being renumbered.
The minimum size of the IPv6 packet header is 40 octets or 320 bits. The options are implemented as extensions and this gives an opportunity to extend the protocol in the future without having an effect on the core packet structure. But, some network operators however, as noted by the RFC 7872, drop the IPv6 packets with extension headers if they travel the transit autonomous systems.
The previous version limits packets to 65,535 (216−1) octets of payload, while the latest version’s nodes can optionally carry packets much more than what IPv4 can handle. This is referred to as jumbograms. This can be bigger as 4,294,967,295 (232−1) octets and using it can greatly enhance and improve the performance over high-MTU links. The Jumbo Payload Option extension header indicates the use of the jumbograms.
The IPv6 has two parts namely: the header and the payload. The former is consist of a fixed part with little functionality needed for all packets and may be followed by optional extensions to execute special features. The first 40 octets of the IPv6 packet are taken by the fixed header. In it are the source and destination addresses, traffic class, hop count, and the kind of optional extension or payload that follows it. The Next Header field notifies the receiver how to interpret the data which follows it. And if the packet has options, this field has the option type of the next option. The NEXT Header field of the last option directs to the upper-layer protocol that is transmitted in the packet’s payload.
The existing usage of the IPv6 Traffic Class field separates this between a 6-bit Differentiated Services Code Point and a 2-bit Explicit Congestion Notification Field.
Extension headers have options that are employed for a special treatment of a packet in the network. Such treatment may include routing, fragmentation and IPSec framework for security using it.
A payload should only be 64kb and below, if without special options. But with Jumbo Payload options, it can be less than 4 GB.
Routers do not fragment a packet unlike with IPv4. It is expected from the hosts that they will use Path MTU Discovery in order to make their packets small in order to reach the destination without the need of fragmentation.
IPv6 addresses consist of 128 bits. As compared to IPv4, the design of the latest version’s address space implements a different design philosophy. In IPv4, subnetting was utilized to improve the efficiency of utilization of the small address space. But in the latest IP version, the address space is considered huge enough for the projected future, and a local area subnet constantly employ 64-bits for the host part of the address, assigned as the interface identifier, while most significant 64-bits are maximized as the routing prefix.
And while it was thought that the IPv6 subnets are impossible to scan, the RFC 7707 debunked such claim and noted that patterns resulting from some address configuration methods and algorithms let address scanning in real-world situation.
The 128-bits of an IPv6 address are shown in eight groups if 16 bits each. Each group is equal to four hexadecimal digits or hextets (hexadectets), and are divided by colons.
The following rules allow the shortening of the representation of an IPv6 address:
One or more leading zeroes from any group of hexadecimal digits (also known as quibble or quad-nibble) are taken away, which is done to all of the leading zeroes. A typical example would be 0041 is converted to 41.
Successive sections of zeroes are substituted with two colons. This can only be used once in an address. Using this several times will render the address indeterminate. The RFC 5952 obliges strongly suggests that a double colon can not be used to denote a deleted single section of zeros.
Please refer below for the examples:
Original address: 2001:0db8:0000:0000:0000:ff00:0042:8329.
Once all leading zeros are removed in each group: 2001:db8:0:0:0:ff00:42:8329.
After omitting consecutive sections of zeros: 2001:db8::ff00:42:8329.
The Loopback address
In RFC 5156, the 0000:0000:0000:0000:0000:0000:0000:0001 is classified and has been abbreviated to ::1 using the two rules.
Since the IPv6 address can have more than one representation, the IETF has written a proposed standard for representing them in text.
And due to its addresses having colons, and URLs use colons to separate the host from the port number, an IPv6 address used as the host part of a URL should be enclosed in square brackets, as indicated in RFC 2732. Example: http://[2001:db8:4006:812::200e] or http://[2001:db8:4006:812::200e]:8080/path/page.html.
A link-local address is required to all interfaces of the new IP version’s hosts. The prefix fe80::/10 can be found in IPv6 link-local addresses. This is combined with a 64-bit suffix that the host can compute and/or assign itself without the need for any configuration and without the cooperation of an external network component (DHCP server). The MAC Address of the underlying network interface card was home to the lower 64-bits link-local address. As this technique of assigning addresses would create unfavorable address changes when faulty network cards were changed, and can also cause a series of security and privacy issues, the RFC 8064 substituted the original MAC-based method with the hash-based method as noted in RFC 7217.
Address Uniqueness and Router Solicitation
To map IP addresses to link-layer addresses, the IPv6 used a new mechanism, since it does not support the broadcast addressing technique, on which the functionality of the ARP in the older version is based upon. ARP stands for Address Resolution Protocol.
The new IP version uses Neighbor Discovery Protocol or NDP in the link layer. This rely on ICMPv6 and multicast transmission.
The IPv6 host verify the uniqueness of their IPv6 addresses in a LAN be transmitting a neighbor solicitation message demanding for the link-layer address of the IP address. If other host in the LAN uses that address, it will respond.
A host that uses a new IPv6 interface initially creates a distinct link-local address employing one of the many mechanisms created and designed to come up with a unique address. If an address that is not unique gets detected, the host will attempt once again using a newly generated address, until a unique link-local address is established. Once this happens, the IPv6 host can decide if the LAN is connected on this link to any router interface that supports IPV6. This is possible by transmitting an ICMPv6 router solicitation message to the all-routers multicast group using its link-local address as source.
If no answer is made after several predetermined number of attempts, the host will conclude that routers are connected. Should it receive any response, known as a router advertisement, from a router, it includes the network configuration info to let establishment of a globally unique address with a right unicast network prefix.
However, there are two red flags that would inform the host if it would use DHCP to get more information and addresses:
The Manage bit – this would determine if the host should either use DHCP or not, in order to obtain further addresses rather than depend on an auto-configured address from the router ads.
The Other bit – This would allow the host to know whether or not the Host should get other info using DHCP. The other info have one or more prefix information options for subnets which the host is linked to, a lifetime for the prefix and two flags.
- On-link: If this flag is set, the host will see all addresses on the particular subnet as being on-link and mail packets straight to them and not sending them to a router for the entire lifetime.
- Address: This would tell the host to generate a global address.
In Global addressing, the assignment process is akin to local-address construction. The prefix is given from router advertisements on the network. Multiple prefix announcements creates several addresses to be configured.
As defined in the RFC 4291, a SLAAC needs a /64 address block. LIR are given at least /32 blocks which they divide among their subordinate networks.
The original recommendation as stated in RFC 3177, defined assignment of a /48 subnet to end-consumer sites. This recommendation was eventually replaced by RFC 6177 which states that “giving home sites considerably more than one /64, but does not recommend that every home site be given a /48 either.” /56 are particularly thought of. It however remains to be seen if ISPs will honor this recommendation since in initial trials, ComCast Clients were given one /64 network.
IPv6 in the Domain Name System (DNS)
The quad A or AAAA resource records mapped the hostnames to IPv6 addresses in the DNA. In RFC 3596, it clearly states that the domain name ip6.arpa was reserved by the IETF for reverse resolution purposes. Here the name space is hierarchically divided by the 1-digit hexadecimal representations of nibble units.
If a dual-stack host asks a DNS server to resolve a fully qualified domain name, the DNS customer of the host transmits two DNS requirements namely: One asking A records and the other asking AAAA records. Based on the rules defined in RFC 6724, the host OS can be configured with a preference for address selection.
During the early days of implementing DNS for IPv6, a different record type was employed. It was developed then in order to facilitate network renumbering. The A6 records for the forward lookup and a handful of other innovations like the bit-string labels and DNAME records. Announced in RFC 2874 and referenced in 3364, it was eventually relegated to experimental status.
IPv6 was not developed as an immediate replacement of the IPv4 as both IPs are seen to continue to operate simultaneously. Thus, transition mechanism of the new version are required in order for the IPv6 hosts to reach the services of the older version, and allow isolated IPv6 hosts and networks to reach each other over the infra of its predecessor.
A dual-stack implementation of two IPs on devices as explained by Silvia Hagen, is the simplest way to migrate to the new version. A lot of transition mechanism employs tunneling in order to encapsulate IPv6 traffic within the network of the older version and vv. This however is not the perfect solution, as this reduces the MTU of a link and thus, makes it hard for the Path MTU Discovery and may even increase latency.
Dual-stack Internet Protocol Implementation
This provide complete IPv6 and IPv4 protocol stacks in the OS of a computer or network device aside from the usual physical layer implementation like the Ethernet. The dual-stack IP implementation allows dual-stack hosts to join in the two networks (IPv4 and IPv6) simultaneously.
A gadget with dual-stack implementation in the OS contains IPv4 and PIv6 addresses, and can communicate with other nodes in the LAN or even in the net using any of the two. The DNS protocol is maximized by the IPs to resolve the FQDN and IP Addresses, however, dual-stack needs that the resolving DNS server can resolve the two types of addresses in the A records, and in the Quad A records the IPv6 addresses. A DNS name server can give back an IPv4 or IPv6 IP address depending on what destination it needs to resolve. It can also do both.
The preferred protocol has to be configured on hosts or through the DNS server. The Happy Eyeballs which was published by the IETF was developed to help dual stack apps in order to interconnect the two IPs, but would still prefer the newer version’s connection if it is available. But, the dual-stack has to be implemented on all routers between the host and service that the DNS server has returned an IPv6 address.
Dual-stack customers must only be configured to favor the latest version, if the network cannot forward IPv6 packets with the IPv6’s routing protocols. Migration to the IPv6 of the application layer is possible if dual stack networks protocols are readily available. And while dual-stack is supported by major OS and network device vendors, it is not by legacy networking hardware and servers.
Internet Service Providers (ISP) Clients with public-facing IPv6
The ISPs are gradually supplying their business and private clients with public-facing IPv6 global unicast addresses. But if the LAN IPv6 is still being utilized, and the ISP can only offer a public facing IPv6, the IPv4 LAN addresses are translated into such public facing protocol using the Network Address Translation (NAT64) mechanism. Some ISP cannot provide their clients and customers with both public facing IPv4 and IPv6 addresses, thus, supporting dual-stack networking, since some ISPs have depleted their globally routable IPv4 address space. In the meantime, customers of ISPs are still trying to reach IPv4 web servers and other destinations.
A considerable percentage of ISPs in all RIRs zones have gotten IPv6 address space. Major ISPs and mobile network like the Verizon Wireless, StarHub Cable, Swisscom, T-Mobile, Chubu Telecommunications, Kabel Deutschland, Internode and Telefonica are just some the RIRs who have obtained IPv6 address space.
Although some ISPs still assign clients only IPv4 addresses, a lot of these ISPs allocate their customers only the latest version or a dual-stack IPv4 and IPv6.
ISPs reports that between 20% and 40% have been recorded in the share of the IPv6 traffic from clients over their network. However in mid-2017, the new version, as reported by AMS-IX have only accounted for about 2% of the entire traffic at several large IXPs, while SeattleIX reported it to be 7%.
The 2017 survey showed that a lot of DSL clients that were supplied by a dual stack ISP did not request DNS servers in order to resolve fully qualified domain names into IPv6 addresses. It was also found out that most of the traffic from the IPv6 ready webserver resources were still requested and served over the older IP version, and mainly because of the ISP clients that did not utilize the dual stack facility given by their ISP and also due to the customers only of IPv4-only ISPs.
RFC 4213 outlined the technical basis for tunneling or encapsulating IPv6 in IPv4 packets. When IPv4-only was the foundation of the internet, one of the most used tunneling protocols was 6to4.
Also used frequently was the Teredo tunneling and was employed mostly to integrate IPv6 LANs with the IPv4 Internet backbone. Teredo tunneling also allows IPv6 LAN to tunnel over the IPv4 network, by encapsulating IPv6 packets within UDP as outlined in RFC 4380.
The Teredo relay is an IPv6 router that intercedes between the Teredo server and the native IPv6 network. It was highly anticipated that 6to4 and Teredo will be launched extensively until such time ISP networks can switch to native IPv6. However in 2014 Google Statistics showed that the use of the two mechanisms had dive down to almost nil.
IPv4-mapped IPv6 addresses
The IPv4-mapped IPv6 addresses, a special class of addresses can be recognized by the hybrid dual-stack IPv6/IPv4 implementations.
These are usually written with a 96-bit prefix in the standard IPv6 format. And the remaining 32-bits are written in dot-decimal notation of IPv4. Addresses in this group contains an 80-bit prefix of zeroes, the next 16-bits are ones, and the rest which are the least significant 32-bits, has the IPv4 address.
Due to the significant internal differences between the two protocol stacks, a number of the lower level functionality which is available to programmers in the IPv6 stack does not function as when it is used with the IPv4-mapped addresses. Some common IPv6 stacks do not implement this address feature, because the two stacks are separate implementations, or because of security reasons. A program is needed to open a separate socket for each IP protocol it utilizes.
Some security concerns may steam from the use of the new IP version. A number of them may be connected with the IPv6 protocol themselves, and others may linked or are related with the implementation flaws.
The addition of nodes having the new IP version enabled by default by the software manufacturer, may end up in a rather inadvertent development of shadow networks, causing IPv6 traffic going into networks which have only IPv4 security management. This may also happen with OS upgrades, when the newer OS allows IPv6 by default, while the IPv4 did not. Failure to upgrade the security infra to accommodate the new version can cause it IPv6 traffic to bypass it. This shadow networks have occurred on business networks wherein the company replaced their Windows XP system with Windows 7. The former that do not have an IPv6 by default while the latter do. As suggested by IPv6 implementors, it is best to disable IPv4 mapped address and use a dual-stack network instead.
IPv6 packet fragmentation
Fragmentation can be leveraged in order to avoid network security controls like in IPv4. RFC 7112 requires that the first fragment of an IPv6 packet must have the whole IPv6 header chain. Moreover, the use of fragmentation with Neighbor Discovery as outlined in RFC 6980 has been deprecated. Furthermore, the use of fragmentation with Secure Neighbor Discovery or SEND is highly discouraged.
Standardization via RFCs
In 1990, the IETF started developing a next generation IP protocol after anticipating a global growth of the internet. At the start of 1992, several proposals were presented for an expanded internet addressing system. By the end of the year, the IETF proclaimed a call for white papers. By end of the third quarter of 1993, the task force made a temporary IP Next generation area or IPng. This IPng will deal with the issues brought about by the rapid growth of the internet. Allison Mankin and Scott Brader together with 15 engineers of diverse backgrounds led this endeavor. In July 25, 1994, the IETF approved the IPng model with the formation of other IPng working groups. In 1996, a series of RFCs was published outlining the IPv6.
In 1995, the RFC 1883 was the first among the RFCs to standardize the IPv6 which became outdated in 1998’s RFC 2460. This RFC became obsolete after RFC 8200 elevated IPv6 to “Internet Standard.”
The CIDR was introduced in 1993. It was used in the routing and allocation of IP addresses for the internet and the extensive use of NAT. It also delayed the exhaustion of the IPv4, allowing the newer version to be deployed in the mid-2000s.
Among the first to adopt the Pv6 were the universities. Among them was Virginia Tech, who launched it in 2004 in a trial location. Later on they expanded the deployment all voer the campus. And by 2016, 82% of the traffic in their network are IPv6.
Imperial College London was also among the firsts as it started experimenting with the IPv6 in 2003. In 2016 their network has a IPv6 traffic of 20% to 40%. And this high IPv6 traffic was due to the collaboration between their physics lab and CERN which uses IPv6 entirely.
The DNS has always backed the IPV6 since 2008. IPv6 was first used in a major world sporting event, the 2008 Summer Olympics in Beijing, China.
By 2011, most if not all OS are equipped with production-quality IPv6 implementations. Cellular phone systems made up a large portion of the field for IP devices, as mobile phones service migrated from 3G to 4G technologies wherein voice is provisioned as a VoIP service. This leveraged IPv6 improvement and further development. In 2009, Verizon released technical specs for devices to operate on its next-gen networks. This authorized IPv6 operation based on the March 2009 edition of the 3GPP Release 8 Specifications. This also deprecated the IPv4, making it just as an optional capability.
The deployment of the new IP version continued. In 2018, roughly 25.3% of the 54,000 autonomous systems advertised the two protocols’ prefixes in the Border Gateway Protocol or BGP routing database. Only about 243 networks have also advertised an IPv6 prefix.
Internet backbone transit networks offering the new IP support existed almost everywhere except in some places like some parts of Africa, the Middle East and China.
By middle of 2018, several major European broadband ISPs had deployed IPv6 for most of their clients and customers. 86% were offered to their clients by the British Sky Broadcasting, 56% for Deutsche Telekom, The Netherland’s XS4ALL had 73% and VOO and Telenet of Belgium had 73% and 63% respectively.
In the US, Comcast had deployed about 66% and in 2018 they reported about 36.1 million IPv6 users. AT&T had 22.3 million IPv6 for the same year.