Nearly all computers connected to the global Internet communicate with one another via TCP/IP (Transmission Control Protocol/Internet Protocol). This standard communications protocol uses IP addresses to specify identification and location information for each Internet-connected device. Since the early 1980s, Internet Protocol Version 4 (IPv4) has been the primary method for transferring data between computers and across networks. Yet even in the 1990s, organizations like the Internet Engineering Task Force (IETF) foresaw the eventual exhaustion of IPv4 address space.
In response to the anticipated depletion of IPv4 addresses and the continued expansion of the always-on Internet, the IETF developed Internet Protocol Version 6, or IPv6. In commercial deployment since 2006, this new generation communications protocol features significantly greater address capacity than its predecessor; specifically, IPv6 has more than 340 undecillion IP addresses available to accommodate growing worldwide demand.
The need for IPv6 is greater than ever due to unprecedented Internet growth and the rapid, continual development of smart phones, tablet computers and other online-enabled devices. In February 2011, the Internet Assigned Numbers Authority (IANA), the organization responsible for international IP address allocation, confirmed complete IPv4 resources depletion. Other global organizations have also reported critical limits on IPv4 address availability. In April 2011, the Asia Pacific Regional Internet Registry became the first of the IANA’s five regional registries to reach its IPv4 address limit. The American Registry for Internet Numbers (ARIN) is expected to follow suit in the near future.
With the imminent depletion of IPv4 resources, ISPs and enterprises across the global must prepare for the crucial transition to IPv6. By understanding the distinguishing characteristics of IPv6 and its related security and deployment challenges, organizations and their IT departments can oversee more successful migrations to this critical next-generation communications protocol.
Differences Between IPv4 and IPv6
Expanded Address Capacity
IPv6 was designed to accommodate the ever-increasing demands for IP addresses, which, due to their binary nature, remain a finite resource. As a result, one of the fundamental differences between IPv4 and IPv6 is address capacity. The newest version of the Internet Protocol supports more than 340 undecillion addresses, representing a marked improvement from IPv4’s capacity of approximately 4.3 billion addresses.
The expanded address capacity of IPv6 is due to the extended length of its network addresses. IPv4 addresses are 32 bits, or about a quarter of the length of 128-bit IPv6 addresses. This notable increase allows IPv6 to support about 2,128 unique addresses for every person on the planet. Such considerable address capacity will enable IPv6 to meet growing IP address demands without the concerns of resource exhaustion associated with IPv4. In the IPv6 network more available addresses will allow greater numbers of users and devices to connect to the Internet than ever before.
Another crucial difference between IPv4 and IPv6 centers on the technology and practices associated with network configuration. Dynamic Host Configuration Protocol, commonly known as DHCP, is the standard system used when a device or machine seeks online access via a Local Area Network. In one common example of DHCP used in the IPv4 network, a DHCP server in the form of a router manages IP information for a home-based LAN; a PC seeking Internet access must then request IP data from the router which allocates and tracks the information in a limited DHCP table.
By contrast, IPv6, with its extensive capacity for unique address assignment, is designed for faster, more efficient Evernet access. IPv6 networks enable laptops, tablets and other machines seeking Internet access to configure themselves automatically through a process known as Stateless Address Auto-configuration (SLAAC). With SLAAC, IPV6-connected devices can configure their own IP address and related information without support from a DHCP server.
What IPv6 Address Look Like
An IPv6 address is generally comprised of two logical parts: the first sequence is a 64-bit network prefix assigned to a user site or subscriber network; the second is a 64-bit host identifier that may be assigned sequentially or generated automatically from an interface Media Access Control (MAC) address.
Unlike their shorter IPv4 counterparts, IPv6 addresses are written as eight groups of four hexadecimal digits. A colon (:) is used to separate each of the eight groups. A typical IPv6 address may appear as: 2004:0cb8:82a3:08d3:1319:8a2e:0370:7334.
When one or more four-digit groups within an IPv6 address contain only zeros, the numbers may be represented by two side-by-side colons (::). This double-colon abbreviation may be used only once per IPv6 address. An example of such an address may be: 2001:db3::1228:54ab.
In addition, a sequence of four bytes written in decimals and separated by dots may appear at the end of an IPv6 address. This formatting can be used to show address compatibility, particularly in environments that use both IPv4 and IPv6 addresses. An example of an IPv6 address with this kind of notation may be: ::ffff:188.8.131.52.
IPv6 presents a number of exciting possibilities for the expanding global Internet; however, there are also noted security challenges associated with the transition to the newest IP. One important consideration for any IT department preparing to transition from IPv4 is the current lack of IPv6 support offered by most network security and network management tools.
Today, the majority of network security offerings are designed for IPv4, which remains the most widely used Internet Protocol in the world. In addition, new security tools created exclusively for IPv6 are likely to require ongoing refinement and retooling before they can provide the extensive coverage required by ISP and enterprise networks. Over time, the widespread migration to the newest Internet protocol will lead to more reliable and readily available security tools for IPv6.
The potential for decreased privacy also presents a challenge to organizations migrating to IPv6 networks. Since information is encoded in IPv6 addresses, potentially sensitive data may be made visible to unintended audiences. In one of the most common examples, a host address may be used to determine the ISP of a particular business or organization. The manufacturer of a host’s Ethernet interface may also be revealed through IPv6 addresses, since these identifiers can also encode MAC addresses.
One of the prevailing challenges encountered by networks migrating to IPv6 is that the new protocol is not backward-compatible with IPv4. Because of this incompatibility, IT networks must offer simultaneous support for IPv4 and IPv6 until the worldwide migration is complete—a process that is projected to take years if not decades to complete. Crucial IPv6 migrations require IT departments to rely increasingly on dual stack, translating and tunneling mechanisms in order to use IPv4 assets in the new generation protocol.
Cost and resource requirements
IPv6 deployment also requires organizations to use additional resources to operate dual IPv4/IPv6 networks. This challenge is especially daunting in today’s market, where growing numbers of IT departments struggle to meet increasing network demands with smaller budgets and fewer personnel. The additional time and expense required to secure IPv4 assets and migrate to IPv6 may create even more complications for these strained departments and their staff.
Another IPv6 deployment challenge involves vendor support. Although overall support for the newest communication protocol is increasing, many products and services are primarily designed for IPv4-enabled networks; IPv6-ready offerings may still be years away. As a result, organizations deploying IPv6 will likely require additional resources such as Network Automation tools, IP Address Management software, and peering solutions in order to meet their evolving networking needs.
Training and internal support
Deploying IPv6 also requires considerable training within an organization. New policies and procedures are often required in order to successfully plan and complete an IPv6 migration. In addition, staff must be informed of the best practices for managing IPv4 and IPv6 assets. IT departments may also need to dedicate several hours and numerous resources learning new IPv6-ready software and hardware.