The Upside of Moving to IPv6

The Upside of Moving to IPv6

Summary: I get it. No one wants to change their fundamental network infrastructure, but there are reasons for switching to IPv6 besides simple necessity.


OK, you know your business will need to move to IPv6 for its Internet connection real soon now, but are there any reasons other than sheer necessity to make the move? As it happens there are.

First, let's get the basics out of the way. What are the differences between IPv6 and IPv4? IPv4, with its 32-bit addressing, has all of the 4.3 billion unique addresses. That sounds like a lot until you start considering that you might have an iPad in your brief-case, a computer in front of you, and a PC in front of you, all of which may have a unique Internet Protocol (IP) address. With IPv6's 128 bits worth of possible addresses, that's 2 to the 128th power, until our dogs and cats are also carrying around a baker's dozen of Internet connected devices, we should be safe from running out of IPv6 addresses.

IPv6 addresses are made up of eight groups of four hexadecimal numbers. So, for example, 2010:1003:0000:0000:0000:0000:0433:56cf would be a legal, albeit eye-watering address. Luckily for network administrators, they'll seldom, if ever, need to manually assign IPv6 addresses.

One of IPv6's design goals was to cut down on the time technicians had to spend configuring and managing network devices. IPv6 networks can use stateless auto-configuration to assign addresses without manual intervention. In stateless IPv6 addressing, your network equipment automatically assigns unique IP addresses. In short, you'll no longer need to worry about setting up IP addresses. Your hardware will do it for you.

Of course, you can use Dynamic Host Configuration Protocol (DHCP) to do that on IPv4-based business LANs today. But, with DHCP you can only assign unique addresses within your own network. DHCP and NAT (Network Address Translation) gets in the way when you try to use Internet applications like videoconferencing, Voice over Internet Protocol (VoIP), Peer-to-Peer (P2P) applications, and the like. As a user you usually don't see these problems, unless your application fails. But trust me, anyone who programs for the Internet loathes having to jump through hoops to get their applications to work through NAT. With IPv6, though, every device on every network has a unique, universal Internet IP address, and both developers and network administrators will no longer have to waste time getting network applications to work around NAT.

Another advantage of IPv6 addressing is that when you're moving from place to place with your mobile device, you'll no longer need to worry with getting a new Internet address at every stop. With Mobile IPv6, whether your smartphone or table is connected to the Internet with Wi-Fi or WiMAX, your device should retain the same address. If the wireless infrastructure around you is up to snuff, mobile IPv6 will let you seamlessly move from one form of wireless connectivity to another without losing your connection or needing to pick up a new IP address.

Another IPv6 plus is that Internet Protocol security (IPSec) is baked-in. IPSec is a popular framework of open standards for protecting communications over TCP/IP networks. Typically, it's used in virtual private networks (VPNs) through the use of cryptographic security services. IPSec also supports network-level peer authentication, data origin authentication, data integrity, and encryption. The net result should be to make all Internet traffic safer, since IPv6 can secure and authenticate communications at the network layer, instead of the higher levels of the stack such as Secure Sockets Layer (SSL) and Hypertext Transfer Protocol Secure (HTTPS).

IPv6 should also speed up networks. The header of an IPv6 packet has a fixed length; little-used IPv4 fields -- Header Length (IHL), Identification, Flags, Fragment Offset, Header Checksum, and Padding -- have been tossed out; and the network packet itself has been designed not to fragment. The net result is that IPv6 switches and routers throw and catch IPv6 network traffic at higher speeds than their IPv4 brothers. In practice, this means that, for example, your IPv6 10Gigabit Ethernet switch should be able to send and receive traffic at 99% of the device's top wire speed.

That speed increase is boosted by another specific kind of performance boost for real-time video and communications. IPv6 comes with built-in support for multicast--the transmission of a single datagram to multiple receivers. Or, as Internet architect Dave Clark described multicast: "You put packets in at one end, and the network conspires to deliver them to anyone who asks for them."

Yes, IPv4 has some multicast capabilities, but these are optional and not universally supported. With IPv6, multicast is part of the package. This will make transmitting video over the Internet, which is becoming ever more popular, a lot easier for video content providers.

So, is this going to be enough to make CIO, CTOs, and networking administrators eager to switch to IPv6? Nah! It will still cost a lot of money and take a lot of time. On the other hand, there really are some advantages to switching to IPv6 besides just being able to deal with a world that no longer has freely available IPv4 addresses. In particular, as we keep moving to an ever more mobile work world with video playing a larger role, I expect we'll learn to appreciate IPv6's faster speeds and built-in support for users on the go.

Topics: Telcos, Browser, Networking

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Older gear support is the problem

    It's not going to be about the willingness to move to ipv6, It's going to be about the problems of getting years or decades old gear to move over. There is a lot of old gear still in use that won't support ipv6, the money, headaches and downtime are going to be the prime holdbacks.
    • You got that right...

      @GrimmReaperSound Here in Second World Singapore, the network is so flaky you'd think it was a trainload of breakfast cereal. There are Showcase Projects like fibre-to-the-home being put in... but the routers and such they hand out are all IPv4-only as far as I've ever seen. I can confidently predict that we'll get proper IPv6 support within a decade or six after <em>North</em> Korea rolls out nationwide FTTH... unless the powers-that-be find a way to make even more money from the conversion, of course.
      Jeff Dickey
  • RE: The Upside of Moving to IPv6

    With every individual and/or device having a fixed IP address, it will be much easier to identify people. This could lead to privacy issues. Google will have a field day.
    • I really don't want every device on my network exposed to the world

      (although I can imagine quite a few people and entities that would)

      If I'm going to have IPv6 running on my private network, then I'm going to want an IPv6 router or proxy that allows me to determine what is allowed to talk to whom outside the private network. Sounds like more work; not less. What we will end up with is a situation like that which plagued wifi for years, where everything was shipped default "open", and it was up to a technically sophisticated end user to secure it all. No thanks.
      • RE: The Upside of Moving to IPv6

        @JohnMcGrew@... Your phone has a discrete number.

        Worried about that?
      • RE: The Upside of Moving to IPv6

        Having a stateful firewall on your network is no different for IPv6 than for IPv4 ... same idea, same benefits, same drawbacks.
      • RE: The Upside of Moving to IPv6

        @fairportfan@... No, I'm not. My phone isn't particularly hackable and since I'm staring at it dozens of times a day, it's probably the most closely monitored digital device that I own.
      • But we are running out of IPv4 addresses - then what?

        M Wagner
      • RE: The Upside of Moving to IPv6

        @JohnMcGrew@... This is just what I was thinking. The whole benefit of the current system is that things on your LAN, are only on your LAN unless you decide otherwise. If everything has its own open IP address, then what replaces the protection offered by a router? I.e. the shield between your devices and the rest of the world.

        I would much prefer the idea of IPv6 for internet facing connections (routers, modems etc...), but IPv4 for LAN connections, behind the shield so to speak.
      • @mwagner@...

        ...I think the post above answers that. Sooner or later our public IP addresses will be IPv6, but most local networks will remain IPv4, mainly because few will be in any rush to replace the dozens, hundreds, or thousands of perfectly functional devices that are running just fine locally as they are.
  • Where's the beef?

    Where are the devices for home and SMBs that support IPv6 as you describe and that are affordable?
    • RE: The Upside of Moving to IPv6

      @dogbreath1 My friend, you have hit upon a sore point. There's not much out there that's IPv6 compatible for home or SOHO users. Now, home users won't be hit by this for a while, but a new small business may very well _need_ a good, cheap IPv6 switch for their Internet connection, and there's not much out there. Yet. I'll be writing about this soon. I'll add that a lot of the lower-end IPv6 compatible stuff that is out there already isn't really that compatible. More on that soon.
  • No upside if you're a NetAdmin for an ISP

    I'm such a NetAdmin, and as much as I'd like to move to IPv6, it looks like a major headache.

    With IPv4 and home-based NAT, if a client was downloading child snuff pr0n, and the police called me up, I might not know the exact machine they should look for, but I'd know which house it was at. So either we perform IPv6 NAT, which we're trying to avoid, or we need some way for every computer that sits behind every IPv6 home router/modem of being uniquely identified on the network, not only to the computer, but to it's physical location. How might we do this?

    Well, we might decide to use the least significant 48-bits for the host's MAC address as the 48 LSB of the IPv6 address. Now we know the computer, but we still don't know in which home that computer is located. So we'll program the client's router/modem to use IPv6 DHCP, make the 48 LSB the MAC address, and the next 16-bits the client-id. Now we can track traffic to a specific computer at a specific home. But we've just used up 64-bits of our 128-bit address. Unfortunately, even large ISPs can't afford the price ARIN charges for an IPv6 /64 address space which would be needed to work this scenario. So this is a no-go.

    So we might decide that each home client will be allowed 16 IPv6 addresses. Now we use IPv6 DHCP and we allocate the least significant 4-bits to some random number generated by DHCP, and the next 16-bits for the client-ID. This gives us a more reasonable level number of IP addresses to purchase from ARIN. However, we still don't know which computer is the one we're looking for, but at least we know which house it's in. But, the price of an IPv4 /22 block from ARIN is the same as the price of an IPv6 /118 block. In both cases, we're paying the same amount for 1024 static IP addresses to give out at random to our clients. But with the above scenario, in order to accomplish the uniqueness we want with IPv6, we're stuck buying a /114 address pace at roughly 16 times the price. The profit margins for ISPs are too tight for this. This makes it a no-go.

    So if we want ISPs to invest in IPv6 address blocks to use with their clients, and we want something like unique address resolution for each client machine, the prices for IPv6 blocks is going to need to be slashed. An IPv6 /110 address space should be the same price as an IPv4 /22 address space. Until this happens, there's not going to be much movement from the ISPs.

    But there are further problems with IPv6. With IPv6, every network device is uniquely identified. This means, not only your home computer, cell phone, and tablet, but also your home thermostat, refrigerator, stove, crockpot, and light switches. Is this what we really want? Many of us don't think so. It should not be easy to turn on and off a light switch from a remote location on the internet. Or at the very least, we need far better security, the kind that always ends up being user hostile.

    There is another problem for IPv6. IPv4 packets can be easily broken into up to 8 sub-packets, something IPv4 was designed to do to deal with different kinds networks which might have smaller data packet sizes. This allows easy bonding of transfer media by simply breaking each IPv4 packet into up to 8 sub-packets with each sub-packet using a separate physical medium. IPv6 does not allow this same operation to be made. If you live in the big city, you likely don't care. But go to your cottage and try working from there, and suddenly you'll find you do care. Many rural ISPs use various bonding techniques which operate using the IPv4 packet-split mechanism. IPv6 requires an additional layer in order to handle the bonding, and this additional layer (usually an IPv4 tunnel) hinders performance rather than enhancing it. And I have yet to meet a cottager who is willing to spend the tens of thousands of dollars required to upgrade the rural infrastructure to accommodate IPv6 properly.

    So while IPv6 will solve many problems, it is also creating many problems as well. Many of these problems can be resolved with policy/pricing changes from groups like ARIN. Others can be resolved through software. All of the problems require money before they'll be sufficiently resolved. But all of these problems need to be resolved before we can all realistically move forward on IPv6.

    While people need the encouragement articles like these offer, what we really need are solutions. Solutions are something I'm still not seeing much of.

    So how about you guys at ZDNet and TechRepublic doing a little work to tell us how to resolve these issues?
    • RE: The Upside of Moving to IPv6

      @mheartwood One of us is very confused...I'm pretty sure it's you.

      With IPv6 you know exactly which prefix (ideally a /48) you've assigned to a particular subscriber, and, you hand that over to the police just like you would hand over the /32 in IPv4 today. It's then up to the end user to distribute the addresses within that /48, but, so what? That's no different than the addresses in RFC-1918 space that they distribute today behind their NAT.

      IPv6 address hierarchy works just like IPv4... The top 3 bits being 001 indicates that it's part of the current global unicast pool. (2000::/3).

      The next 9 bits identify a Regional Internet Registry (IANA issues IPv6 to RIRs in /12 chunks).

      An ISP (or Local Internet Registry/LIR) gets space from an RIR, usually a /32, but, sometimes more (e.g. a /24 or /28).

      In some cases, End-Users will get direct assignments from the RIR. In these cases, the RIR will assign a /48 (or larger, /44, /40, etc.) prefix.

      In the case where you are an ISP and assigning space to your end subscribers, you should assign them a /48 unless they have multiple sites or another reason to justify something larger than a /48.

      When Johnny Law comes calling with his subpoena, all you have to do is match the address they brought you to the enclosing /48 and hand over that subscriber information. The rest of the address beyond the first 48 bits is between them and the subscriber.

      As to pricing for IP addresses you're really not aware of how this stuff works. The current ARIN pricing for ISPs gets you an IPv6 /32 for the same price as an IPv4 /20. There's no such thing as an IPv6 /110 for any practical purpose because in IPv6 subnets should be /64s. Further, in ISP pricing, you pay the greater of your IPv4 and IPv6 costs, not the sum, so, for the vast majority of ISPs, their IPv6 pricing is exactly $0.

      As to your issues with things being uniquely addressable, just because it has a unique address does not make it reachable. That's what firewalls are fore. NAT doesn't prevent you from getting to the devices in a subscriber network today. Stateful inspection does that. NAT depends on stateful inspection to function, so, the confusion you are experiencing is understandable, but, the reality is that just because we go to universal addressing in IPv6, doesn't mean we go to universal reachability. Solution: Use a decent firewall with a default deny inbound policy.

      As to the lack of fragmentation in IPv6, believe me, this is a good thing. Even for the rural user. You can still accomplish the desired splitting on packets big enough to matter by using 1280 octet MTUs on your IPv6 interface. You can also use L2 bonding tactics like LAG, etc. without affecting the IPv6 L3 packets. IPv6 does allow L2 to provide segmentation and reassembly. What it doesn't allow for is L3 fragmentation of packets in favor of using PMTU-Discovery instead.

      The problems you've listed as IPv6 created aren't problems so much as a failure to understand IPv6. I agree that there are many educational challenges associated with IPv6, but, for the most part, these are easily overcome with a little research and self-education, or, by getting some IPv6 training.

      There are some training materials available at:

      Hopefully this post showed you how to resolve most of the "issues" you described above.

      • RE: The Upside of Moving to IPv6

        @owen@... "reality is that just because we go to universal addressing in IPv6, doesn't mean we go to universal reachability. Solution: Use a decent firewall with a default deny inbound policy."

        Exactly. If anything in some ways its easier to hide in an IPv6 network. I'll be writing about why the anti-spam black list people, for example, are really, really not looking forward to a IPv6 universe.

  • Wrong!

    First of all about switches. Switches are level 2 devices, they do not "know" about Ipv4 or v6, they just forward Ethernet frames, no speed change here.

    Second, why do you say that every phone and notebook have or would have a real static IP? This is totally unsecure ! Most ISPs practice NAT as a security measure, nothing can connect to clients directly.. To spread viruses, etc. And here we come to..

    Third, most interesting. There is such a thing as client-server arch. All those problems with VoIP and other solutions (like ones based on CORBA) do not obey client-server arch.! Allthough, it would not give any speed overhead. It's just a bit more complicated for the programmer to implement.
    Imagine the security nightmare when everyone will have the ability to potentially connect to every coffee machine in the world. With default or disabled firewalls. Hello, Hollywood :)

    And fifth, most important. It is all a myth. What will happen in 18 months is that all available IP addresses will be distributed between RIRs. It doesn't mean those addresses will be occupied. But only that authority oved a certain free block will become local, not global.

    Of course, moving to IPv6 is inevitable. But we have to think twice about problems that will rise. More money would be spent on security, not solutions.. :)
    • Wrong!

      I humbly disagree with several (all, really) of your points - to varying degrees.

      First, yes switches are L2. But the mapping of L3 to L2 (ARP vs ND) is improved for IPv6 and this impacts a switch's ability to forwards packets as the number of hosts grow ... and they will. Additionally, some switches get smarter and 'snoop' - so they are not fully ignorant of L3 stuff. (MLD snooping and RA-Guard, specifically, are important capabilities IMHO)

      Second - Real IP, yes. Static IP, probably not. Most SOHO users will still be dynamic, getting a /56 or so allocated to their CPE via DHCPv6-PD. And probably having a firewall at the edge, like most already have today (they may call it their Access Point, WAP, Router, etc. - and it probably NATs IPv4 today, and will continue to NAT IPv4 tomorrow).

      Third - Yes, but P2P is a more ideal traffic flow and is desirable for certain types of traffic (not all, admittedly). Speaking of security / privacy, not talking to a midlle-man is a benefit here!

      Fifth ... no fourth? Anyway, yes IANA exhaustion happens "soon" (end of year, maybe as late as February is my crystal ball is correct) and then 6-12 months later the RIR pools will expire, and then the ISPs have what they have - and no more. The current customers, with current addresses, continue working - but (cough) I hear new customers matter to ISPs. Want more? Figure out how to deploy IPv6 for you and your customers, encourage others to do so - and the sooner we can get an "IPv6 predominant Internet" the better all of our lives will be. Unless, of course, you chose to stick with "IPv4 only".

      I agree that we need to "think twice about problems" - as we have been doing for 10 years now ... and security tools / capabilities have risen rapidly in the last year or so!

      Always happy to talk IPv6!
      • RE: The Upside of Moving to IPv6


        About switches and ARP traffic. There is such a thing as ARP cache on each host (client, server, router, etc.).
        IPv6 header is not really improved over IPv4 header in terms of processing if you want switch to fulfill some additional filtering on L3 level for example. Still, no speed improvement here. Even such a small thing as processing 128 bits instead of 32 gives a lot in terms of speed.

        With NAT you don't really need firewall. Only the connections you make (as a client in client-server arch.) can go back. This is very important. And very simple! Of course, there are different implementations of NAT. Some more secure and correct and some not. It's life.

        About client-server. This is not a question of traffic flow. This is ONLY a question of WHICH SIDE initiates the connection. That's IT! Correct procedure answers ALL problems.

        About exhaustion I totally agree, as I said, obviously, moving to IPv6 (or 7? :)) is inevitable, sooner or later. But also, IPv6 does NOT answer all questions today. It's not only because there are billions of software pieces, which rely on IPv4 (internal storage, reliance on algorithms, assumptions of firewalls, etc.), OS stack is only a small portion of IPv6 "solution", but because IPv6 is not ready or even not The thing Internet needs. Moving to classless IP routing was not such a pain. It solved problems. That solution was simple and elegant. IPv6 IS NOT (it is my humble opinion).
    • RE: The Upside of Moving to IPv6

      @arni@... "Most ISPs practice NAT as a security measure" Actually, NAT is meant solely to give people more addresses. The security benefits, while certainly neat, are a side-effect.

    • RE: The Upside of Moving to IPv6


      Aren't there different levels of switches? I keep reading about level 3 switches, so I don't think all switches are level 2 devices...
      D. W. Bierbaum