A deep dive into the new(ish) IP
What does IPv6 mean for you, anyway?
After many, many years IPv6 is starting to become mainstream. The protocol first entered draft form way back in 1998, but up until recently we’ve all been able to get by with good old IPv4. The big changes started to happen in the last year, with the lack of available IPv4 addresses finally forcing mobile providers to switch over to IPv6. Telstra has already made the complete switch – when you connect to the Telstra mobile network, you are usually no longer assigned an IPv4 address and only get an
IPv6 address.
Now you may be wondering what that means in practice. From a user standpoint, not a great deal. You still access the internet the exact same way. You can even still talk to IPv4 services because the mobile providers have implemented what is effectively an address translation system, where an attempt to access an IPv4 server, for example, will be routed through a device that translates one type of address to the other. For the user, the experience is quite transparent, and most people are completely unaware that they’ve been moved to IPv6.
From a networking standpoint, however, it means quite a bit, and we’ll walk through some of those implications here.
Why IPv6?
Although IPv6 has a number of advantages, the big one is the address space available. Good old IPv4, the version that we’ve mostly been using since the internet became mainstream, only supports an address of 32 bits, usually shown as a quartet of 8-bit numbers (that is, numbers between 0 and 255), like so: 100.200.123.123. When you do the maths on that, that works out to just over four billion possible addresses. There are now way more than four billion devices that connect to the internet.
Up until now we’ve been able to fudge our way through using a technique called Network Address Translation (NAT), which is where, say, your home is only assigned assigned one ‘real’ (public) IP address, and all your devices share that IP address for external communications while being assigned a ‘fake’ (private) IP address for communications within your home. This has resulted in the need for kludges like port forwarding, although it does have a side benefit of being a kind of firewall, preventing external devices from talking directly to devices inside your home.
But even NAT is failing as a solution. IPv6 solves the address space problem by increasing the address size to 128 bits, which provides 3.4×1038 possible addresses, more than we could ever conceivably need. Those addresses are described in eight hextets, each representing 16 bits. This looks something like this: 2002:008c:0000:0000:7900:0000: 8000:1b0, which is obviously not very user-friendly (unlike an IPv4 address, which is short enough to be practically memorised). This can be shortened by removing zeros at the start of a hextet and, as well as replacing a long sequence of zeros with ‘::’. The above address would then become 2002:8c::7900:0:8000:1b0 (still not very user friendly).
The first 64 bits of the address represent the routing information (the network prefix), which tells the data how to get to a local subnet (for example your home or business network), while the last 64-bits represent the individual device on the subnet (the interface address).
The practical upshot of this expanded address space is that we’ll no longer have to use NAT or port forwarding. Every device you own can have its own publicly accessible IP address. That has implications for security and usability, and how you configure
your home network.
IPv6 has a few other advantages as well. It supports multicasting and IP-Sec natively; it allows for larger packet sizes, which can potentially increase transmission efficiency; it also allows for self-configuration of local devices without the need for DHCP or similar mechanisms to assign addresses.
Implications for home network configuration
Nominally, the transition to IPv6 should simplify a lot of home network configuration. You will no longer have to worry about port forwarding, DHCP and other things that come along with IPv4. Each device will have a directly addressable public IP.
That’s not to say that the local network is dead – it’s actually core to the functionality of IPv6. Every IPv6 device has a local link address in addition to its public address (in fact, they might only have a local link address and no public IPv6 address). This local link address has the prefix fe80::/10, followed by the interface address of 64-bits. This address is used exclusively for communicating on a local network, similar to the way private addresses are used in IPv4 – your router will not forward data from local link addresses on to the wider internet. IPv6 devices will automatically discover other devices on their local network through a process called Neighbor Discovery Protocol (which also allows a device to assign its own interface address, obviating the need for DHCP).
The biggest practical implications of IPv6 relate to security. With more devices directly addressable, it will become more imperative to secure every device in your home. Unchanged passwords on devices like routers and IP cameras may become an even greater point of vulnerability, since they will potentially be directly contactable from outside your home network. There are mechanisms to prevent this – for example, only assigning a local link address, or making the configuration only accessible from a local link address – but if you haven’t bothered to change the password, then you probably haven’t bothered to check this.
During the transition period, there is the potential for what are called shadow networks, where IPv6 is enabled on home devices, but security has only been applied for IPv4 traffic. So attackers might sneak past your defences using the IPv6 protocol and talk to your home devices using their IPv6 address, while your firewall or VPN is there only protecting you from IPv4 attacks. This is why, for example, VPN service providers often have the option to turn off IPv6 in their client – because IPv6 traffic can ‘leak’ since it’s not transmitted through the IPv4
VPN tunnel.
As a practical matter, this makes it imperative that every single device in your home is configured as if it were directly connected to the internet. Do not rely on the router firewall to protect you, because it may not. Change the login password to configurable devices like routers and IP cameras, and make sure everything on your local network is protected through strong login security requirements.
When IPv6?
This is actually a difficult question to answer. As we’ve mentioned, on many mobile networks the transition to IPv6 has already begun or even been completed. But mobile networks are an unusual beast – typically addresses are not shared between multiple devices and there is a small number of ubiquitous providers that can handle the translation between IPv4 and IPv6 addresses. Even where an IPv6 connection is shared on a local network (for instance, where you might enable tethering on your mobile or use an LTE modem to share a mobile connection), that sharing is usually done through old IPv4 NAT mechanisms rather than provisioning individual IPv6 addresses for devices.
IPv4 is baked deep into the internet’s DNA, and dislodging it has proven to be an extremely difficult challenge. Many older devices will not support it (Windows started with Windows XP), and a large number of internet servers can only be addressed using IPv4. The exhaustion of IPv4 addresses has forced us to move on, but there‘s a lot of friction between IPv4 and IPv6, and we don’t expect that a full transition will happen for a few years yet.