Thursday, October 29, 2015

IPv6, Not your grandma's IP

by Craig Miller

Not GrandmaIPv6 is a different networking protocol

The first thing to learn about IPv6, is that it isn't just like your old friend IP(v4). It is a different network protocol which happens to reuse the same layer 4 (UDP and TCP). The two network protocols (IPv4 and IPv6) are not compatible. There is no magic interoperability between them. To access a IPv6 server on the internet from IPv4, there must be a proxy somewhere on the internet which will do the conversion for you. Most implementations, windows, linux, mac, android, use what is called dual stack, this enabling your computer to speak both protocols (kind of like speaking both French and English in Canada).

The separateness of IPv6 is a double edge sword, you can take advantage of it, but so can others. I'll cover this aspect in more detail in a later post.


Quick look at the differences

The obvious and not-so-obvious differences between IPv4 and IPv6 are:
IPv4IPv6
32 bit long address128 bit long address (see Quibbling in IPv6)
thinking: must conserve host addressesthinking: define the networks needed for the job. It is OK to waste a /64 on a point to point link because it will make the entire network simpler.
Variable Subnet Length Mask, subnettting is hardNo VSLM, all user subnets are /64, results in simplified subnetting (see Simplifying Subnetting)
Single IP addressAlways uses multiple IP addresses: one or more global, a temporary (RFC 3041), and a link-local (see What's with all those IPv6 Addresses)

n/aNon-routable address, FE80/10, aka Link-local
Uses BroadcastNo Broadcast, uses Multicast (see Goodbye Broadcast)
Pseudo auto-config (169.254.0.0/16)Stateless Autoconfig (SLAAC)  (RFC 4862) provides a method to automatically obtain a globally routable address (see SLAAC-ing Off)
Client initiates DHCPNetwork controls (via M & O bits in RA) DHCPv6 (RFC 3315)
Net Address Translation, keeping IPv4 alive since 1994 (RFC 1631) as a short-term solutionNo NAT. Restores true any address to any address connectivity.
Uses ARP to resolve MAC addressesUses ICMP to resolve MAC addresses. Blocking ICMP on the firewall, will disconnectyour network (see IPv6 using ICMP)
Private address space (RFC 1918) aka 10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12Unique Local Address (ULA) FC00::/7 (RFC 4193). Don't use. This is IPv4 thinking, use Global addresses everywhere, keep the network simple
OSPFv2 routingOSPFv3 routing

Don't turn off IPv6 and miss the opportunity to learn

And that is just the tip of the iceberg. So what is one to do? Stick your head in the sand, and turn off IPv6? I would suggest, no. Start playing with IPv6, either with an extra machine (we all have extra machines laying around, right?), or in a VM, and start learning.

Set up your computer to prefer IPv4, if needed

But what if you don't have an IPv6 connection to the internet, and things are slow

If you are running linux, add this to your /etc/gai.conf file, and restart your web browser. IPv4 (as per RFC 6724) will now be preferred:
precedence ::ffff:0:0/96 100

If you are using Windows, use netsh to raise the IPv4 preference.
netsh int ipv6 set prefix ::ffff:0:0/96 100 4

If you are using a Mac, let me know. I haven't found how to adjust the IPv4/IPv6 preference.

Future Growth of the Internet will be on IPv6

IPv6 isn't going away, and ignoring it won't make it go away either. Your organization may be happy using private IPv4 address space, but your customers will be using IPv6, and if they can't get to your IPv4-only website, you will be losing customers. Now that ARIN has run out of IPv4 addresses, there is no time like the present to learn how the next phase of the Internet will work.

And hopefully, once you learn the benefits of IPv6, you wil take the time to simplify your next generation network. (see IPv6 is not coming, it is here)

No comments:

Post a Comment