Mon, 16 May 2011

IPV6

Talk it up - IPV6: A New Echo

The IPV6 Echo has been put on the Backbone today. This echo will used for discussions regarding the new IP standard, version 6, which will eventually replace what we now use, version 4 (IPV4).

Why all the hubbub? Well, we (anyone using the internet) are running out of IP addresses.. those addresses that you use when you register your domain name (like mine, 69.11.189.218).

We need rewrites of programs like BinkD, Argus, etc. al., which right now are probably limited to IPV4.

... Though for now, of course, IPV4 is still very much in effect


IPv4 address ranges


IPv6 first and foremost sports larger addresses. Much larger addresses. 40 or 48 bits would have given us more than a trillion or even 281 trillion addresses, respectively, and 64 bits would have been a nice round number. But the IETF opted for 128 bits this time around. The total number of possible addresses that this gives us:


340,282,366,920,938,463,463,374,607,431,768,211,456


IPv6 was designed by the Internet Engineering Task Force (IETF) to deal with the long-anticipated IPv4 address exhaustion.


IPv4 addresses are written down by splitting them into four 8-bit values and putting periods between those, for instance, 192.0.2.31. IPv6 addresses on the other hand, are written down as eight 16-bit values with colons between them, and each 16-bit value is displayed in hexadecimal, i.e., using numbers and the letters A - F. For example, 2001:db8:31:1:20a:95ff:fef5:246e. It's not uncommon for IPv6 addresses to have a sequence of consecutive zeroes. In these cases, exactly one of those sequences can be left out. So 2001:db8:31:0:0:0:0:1 becomes 2001:db8:31::1 and the IPv6 loopback address 0:0:0:0:0:0:0:1 becomes ::1.


Although in most regards, IPv6 is still IP and works pretty much the same as IPv4, the new protocol departs from IPv4 in some ways. With IPv4, you need a DHCP server to tell you your address if you don't want to resort to manual configuration. This works very well if there's a single DHCP server, but not so much when there's more than one and they supply conflicting information. It can also be hard to get a system to have the same address across reboots with DHCP.


With IPv6, DHCP is largely unnecessary because of stateless autoconfiguration. This is a mechanism whereby routers send out "router advertisements" (RAs) that contain the upper 64 bits of an IPv6 address, and hosts generate the lower 64 bits themselves in order to form a complete address.


Although designing a new protocol isn't exactly trivial, the hard part is getting it deployed. Having to put an entire new infrastructure in place or flipping a switch from "IPv4" to "IPv6" for the current Internet aren't feasible. To avoid these issues as much as possible, the IETF came up with a number of transition techniques. The most important ones are dual stack and tunneling. Dual stack is nothing more than the notion that a host can run both IPv4 and IPv6 side by side, so it can talk to IPv4 hosts over IPv4 and to IPv6 hosts over IPv6. Tunneling means that when IPv6 packets must cross part of the network that only supports IPv4, the IPv6 packets are put inside IPv4 packets, transmitted across the IPv4-only part of the network, and then the IPv4 part is removed and the packets continue on their way over IPv6.

Most modern operating systems are set up for dual-stack operation by default. So if there's an IPv6 router on the local network that advertises an IPv6 prefix, a host will generate an IPv6 address for itself so it can talk to the IPv6 Internet. Now that Microsoft has enabled IPv6 by default in Vista (it can be turned on and off with ipv6 install and ipv6 uninstall in XP), we can probably expect more IPv6-enabled home routers - and there are quite a number of them now.

Note that there's no requirement that your ISP supports the new protocol in order to use IPv6: an IPv6-enabled router or a host itself can use a tunnel to reach the IPv6 Internet. There are several tunneling techniques, but the most common ones are "manual" IPv6 in IP tunnels where the exact path of the tunneled IPv6 packets is set up through manual configuration, and 6to4 automatic tunneling. With 6to4, a host or router can create a range of IPv6 addresses from its IPv4 address. 6to4 addresses are easily recognizable because they always start with 2002. Because every 6to4-derived IPv6 address maps to an IPv4 address, it's easy for a system that understands 6to4 to tunnel the IPv6 packets to the right place over IPv4. Gateways make it possible for native IPv6 systems to communicate with 6to4 systems.


Note that Windows Vista (and Windows XP with IPv6 enabled) have 6to4 enabled by default when the system has a public IPv4 address. 6to4 is also relatively easy to turn on with Mac OS X and BSD/Linux and is automatically configured on many linux systems.

Systems with IPv6 connectivity (regardless of the type) decide whether to use IPv4 or IPv6 to reach a destination by consulting the DNS. Communication over the Internet requires addresses, but we generally work with domain names. The DNS takes care of the difference by having one or more A (address) records that contain an IPv4 address associated with a given name. If a system also has an IPv6 address, this is added to the DNS with an AAAA (quad-A) record. Hosts that only have IPv4 connectivity ignore the AAAA records, but dual stack hosts ask the DNS for both the A and AAAA records. They will then generally prefer to connect to a destination over IPv6 if possible, and use IPv4 if there's no AAAA record in the DNS or connecting over IPv6 doesn't work. Some applications and/or OSes always ask for AAAA records when IPv6 is turned on, which creates a problem with some (increasingly rare) buggy DNS servers that return an error after an AAAA query. In these cases, turning off IPv6 can make surfing the web a lot faster from what I understand.


You can see if your computer has working IPv6 connectivity by connecting to www.kame.net or www.apnic.net. KAME is a Japanese project that built an IPv6 networking stack for BSD and Mac OS. Their mascot is a turtle, which dances if you connect over IPv6. APNIC is responsible for giving out IP addresses in the Asia-Pacific region, and their web site will tell you your IP address (IPv4 or IPv6) in the top left corner of the page. Internet Explorer under Windows, Safari on Mac OS X 10.4, and Firefox under Windows, Linux and BSD will use IPv6 when available on the system, but Firefox on the Mac has IPv6 turned off in about:config.

Although stateless autoconfig works very differently from DHCP, in practice IPv6 works much the same as IPv4 in a home network: computers and other devices automatically get an address from a router, modem or gateway so they can connect to the 'Net without manual intervention. Firewalling is a bit different, because with IPv4, most people don't have the option to keep their network completely open.

posted at: 00:00 | path: /technical | permanent link to this entry | 0 comments | "