Yesterday an old friend of mine contacted me and wanted help with setting up an IPv6 tunnel in his Apple Airport home router. He managed mostly by himself and then said “what now”? I had to explain to him that when the tunnel was up, the expected change was – no change at all. With IPv6 his network should continue to operate as before. That’s proof that the engineers behind IPv6 and all the transition technologies has succeeded. Turn on an additional network protocol in your network and everything continues to work as before! After that, he managed to set up IPv6 in his office and had a number of questions, which inspired me to summarize a few common questions and answers in todays blog. If you have additional ones, please add them in the comments! Let’s spend 30 minutes on IPv6 and see where it takes us today!
IPv6 :: The basics
IPv6 is a a network protocol. The network protocol is the computer language used to communicate on top of various networks, like Ethernet, Wireless Ethernet (WiFi), Fiber networks and telephone lines (ADSL). The cool thing with the Internet is that one network protocol, and one addressing scheme ties it all together. With IP on top of a network infrastructure, we don’t have to bother with network technology if we’re connecting from our smartphone over 3G data networks, setting up connections that takes our data onto a fiber network across the world to end up over ADSL to a server somewhere.
IP just takes care of all the underlying technologies and hides them for the applications. One application that supports IP can run on top of any network infrastructure. This was one of the reasons why IP has replaced most other network platforms that existed before, like AppleTalk, Novell Netware, IBM SNA and other vendor-specific solutions. This is also the solution that made it possible to build the Internet. Regardless of cable and link technology, we could tie every network together into one global network. To build the Internet, version 4 of the Internet Protocol (IPv4) was used, which is the reason why we have a problem today.
The addressing scheme choosen when the IPv4 protocol was designed was amazingly large for that time. It had enough addresses for 4 billion computers. More than anyone could imagine in the age of mainframes.
Today, we have more smartphones with Internet support than the total number of addresses in IPv4. The old protocol simply can’t handle the growth – new companies, organizations and homes being connected – many new devices and new services that require new servers. Work started a long time ago, over fifteen years, on a new protocol that would handle the expected growth.
How do you change a running network?
The big question was of course how to handle the change. Everyone realized that there was no way we could shut down all corporate networks and the Internet for a weekend, then restart with a new protocol. There had to be a migration plan so that the old network could survive and migration happens without disrupting the services.
This plan is both good and bad. The good part is that IPv6 won’t require you to install new web browsers, change e-mail address or buy new domains. The bad part is that there are no immediate benefits of upgrading – everything works like before. This means that everyone waits, because there’s always something more important to do. And we’ve been avoiding this problem for many years, knowing that the day will come when we run out of IPv4 addresses. But that’s someone else’s problem, right?
It’s 2012 – and we’re running out of IPv4 addresses
While we’ve been avoiding the issue, building cloud services, upgrading our smartphones and generally doing cool stuff, the Internet has continued to grow. For every new company, home, coffee shop and smartphone we add, addresses are used. Country after country all around the world are connecting to the Internet and require new addresses. And we’re out of them. We can clearly see the bottom of the big pile of addresses and the market has changed – the price of an address is going up and people are inventing various solutions on how to fix this. Complicated gateways are being deployed, servers that filter content, connect users and services. This seriously affects integrity, privacy and security on the net. It will also affect the speed of your connections.
Stop hiding, start acting!
At this point, we’re at a crossroad. We can avoid the problem and there will still be a network with all these services. But it will be very different. More like a cable-TV network than the Internet we have today. You connect to the service provider’s gateways and have a selection of services that they allow you to use. If you pay extra, they may open access to the full Internet, but still through gateways they operate. It will be very hard to set up peer-to-peer services.
For the Internet as we know it to continue to expand, to be the platform for innovation and growth, to host new cool services, we need IPv6. And it starts with you.
Question 1: Where do I start?
You start with asking your Internet Service provider for IPv6. Ask again. If they don’t have IPv6, try changing to a service provider that delivers. If that still doesn’t work and you have no option, set up an IPv6 tunnel – there are plenty of them, and they’re free. If you are working in the IT department, you need to plan your IPv6 project – or avoid it by integrating IPv6 in every project.
Question 2: Will anything change?
The idea is that everything should be the same. You surf the net, send e-mail and have chat sessions like before. Many services today support IPv6 and some only IPv4 – but since you have both you can reach both the old ones and new services. The transition to IPv6 should be seamless and a non-event for the users.
Question 3: Does my computer support IPv6?
Apple computers, Windows computers, Linux and Android all support IPv6 by default today, so you don’t have to reinstall or change anything if you have a recent system.
Question 4: What about my home router – does it support IPv6?
I have to admit that this is a problematic area. More and more routers does support IPv6, like the Apple Airport, D-link routers, Cisco/Linksys and many more. But far from all, and not older ones. As you upgrade, make sure the new one supports IPv6. Many routers can be reprogrammed with new software, like OpenWRT, that supports IPv6. Ask a friend in the IT business for help, if you can’t do it yourself.
Question 5: What do I need to set up a tunnel?
You need a computer that can act as a tunnel server and IPv6 router. Any PC that runs Linux can do this, many Windows computers and small routers. See the help pages at tunnel providers like tunnelbroker.net (HE) and SIXXS. Read more about tunnels in a previous blog entry.
Question 6: Why do the IPv6 addresses look so funny?
If you are used to IPv4, the IPv6 address looks very different. There are many articles on the net that explains IPv6 addresses, so let me summarize:
- An IPv4 address has 32 ones and zeros – bits. And IPv6 has 128. It’s much larger.
- IPv4 addresses are written with four groups of eight bits in decimal format with dots between them
- IPv6 addresses would be very long written like this, so a new more compressed format was developed where hexadecimal characters are used (ABCDEF added to the normal digits) and to differ from IPv4, a colon is used as a separator.
- In many configurations, many groups in an IPv6 address is set to zero. If there are multiple groups of zeros they can be replaced with two colons – but only once. This is to make the notation shorter.
Question 7: Will NAT still be used?
This is a very good question, and a rather hot topic. Network Address Translation, NAT, is a technology that was invented as a short-term solution to save addresses while waiting for the long term solution – IPv6. With NAT, one Internet address can be shared by many computers. This was a good solution, but also caused a lot of issues. The Internet was created to be a network where every computer was equal – a server and a client at the same time. This is needed for peer-2-peer applications like IP telephony, video chats, poker games and much more. With NAT, a lot of technologies has been developed to solve the problem on how to reach computers on the inside of the NAT to be able to run these applications. It’s complicated and it is ugly.
A side effect of NAT was that a NAT made it harder for computers on the outside to reach the inside. It did not make it impossible, just a bit more tricky. Many people equaled this with security, but it is something that is being discussed amongst network engineers. NAT is just address translation, in my world that’s not security. You still need a firewall.
With IPv6 many people wants to restore the original Internet, where every computer attached is equal and has the ability to operate both as a client and as a server. The firewall controls who can do what, like before. It’s just much easier to allow connections to inside computers without having to do port forwarding or use application layer gateways.
Other people think that everyone needs a NAT and have developed NAT technology and private addressing schemes for IPv6. Hopefully this will not be the default, as it will raise the cost, make the network more complicated and take away focus from the firewall. Of course, that’s my personal opinion .
Question 8: Why do I have so many IPv6 addresses?
With IPv4 every computer has at least two IP addresses. In most cases, you just see one. There’s one – hidden – called 127.0.0.1 that is used for internal communication in your computer. The other one – if you’re connected to a network – is the address used for external communication. In IPv6, there’s a separation of the address used on the local link network – the LAN – and the address used for Internet communication. The local link address is used to set up communication and get the global address. Each computer connected to the network always has multiple IPv6 addresses. The applications gets help form the operating system to choose which address to use for communication.
For network engineers, one big change is that IP broadcast is gone. It’s replaced by IP multicast. Every computer listens to a couple of multicast addresses to stay up-to-date with the network it’s attached to and to make sure that there are no other computer using the same address.
Question 9: What’s the standardization status of IPv6?
IPv6 id ready, already used in production over the Internet and in corporate networks. It’s part of all recent versions of operating systems. It’s everywhere. The IETF, the standardization body for the Internet Protocol, has made IPv6 a default part of everything IP. This means that if you buy a service or a product that claims to support TCP/IP, it has to support IPv6 on the same level – or better – as it supports IPv4. Make sure you require this when you invest in network products and services today.
Question 10: Where do I find more information?
- RIPE has an IPv6 site filled with information and links: IPv6actnow.org
- Team ARIN has an IPv6 wiki that you can add information to if you don’t find what you need already.
- Internet Society has a project called Deploy360 that promotes IPv6 and has a lot of information
- This site, IPv6friday.org, has a lot of articles. Like the one about DNS and the one about DHCPv6.
With this I leave you to explore IPv6 by yourself. Set up a lab environment (maybe together with a few collegues or friends) and start working with IPv6! It is fun and it’s the future of the Internet.