IPv6 and Internet Evolution

Next Generation Standard or Protocol Mutation?

IP, the Internet Protocol, is one of the pillars that support the Internet. Almost 20 years old, first specified in a remarkably concise 45 pages in the Internet Engineering Task Force’s (IETF) Request for Comment (RFC) 791, IP is the network-layer protocol for the Internet.

Because IP is embedded everywhere, any change would be greeted with a great deal of trepidation—change IP, and every single device on the Internet has to change. If you thought Y2K was a nightmare, think again: Touching IP means touching... well, everything.

 Why IPv6 Will Never Come

By Joel Snyder

IPv6, the next version of the venerable IPv4 protocol in use in the Internet, was designed from the start to solve the problems of the 1980s: address exhaustion. There's more to IPv6 than that, mostly window dressing. IPv6 is built around the shortage of 32-bit integers assigned as IP addresses. IPv6 solves the problems of 1990.

At the same time IPv6 went through its highly contentious and political development, the Internet engineers came up with alternate techniques which help to reduce the need for globally unique IP addresses, including CIDR (classless) routing and NAT/PAT (network/port address translation) technologies. Thus, there is no longer a compelling need to run to IPv6, and because the cost of changing to IPv6 is tremendous, there are great pressures not to change.

This doesn't mean that IPv6 is a bad idea. Peace on Earth is a good idea too. It's just that, realistically, IPv6 will never happen. There's insufficient demand for it. People have grown up in a world where IP addresses are worth something, where NAT is the way you get to the Internet, and where making decisions based on a shortage of addresses is something you do every day.

So what if NAT doesn't work well? We just won't use those applications, or we'll find a way to work around them. So what if we have to buy a rack full of gear just to connect two companies' networks together. Heck, spending money on hardware is fun.

It's easy to throw stones at Microsoft as well, because they're not going to release IPv6 with Windows 2000, and probably not with Windows 2001, either. But even if they did ship it with Windows 2000 next month, or next year, it wouldn’t matter: Organizations wouldn't use it. In the absence of a major crisis, why screw with a company LAN that's just barely under control today?

We're not going to go to IPv6, because there is no compelling reason to. Fortune 500 companies are accustomed to having 30 or 40 public IP addresses and using NAT for everything else. They've grown up in a weird, twisted world, but it's a world that they know and understand. For these companies, there is no compelling reason to go to IPv6. And that's why IPv6 will never come.

 

The IETF proposes to do just that. You don't hear much about the IETF, but as a group, it controls the technical specifications for the Internet. But, the IETF isn't some unapproachable priesthood. Its members are those people and organizations who want to improve the Internet. Anybody can join, if they are willing to work.

The IETF's recommendations are voluntary, nobody is forced to do anything they don't want to on the Internet, but its standards have the effect of law. In order for the Internet to work at all, common standards have to be used and the IETF dominates and controls these standards.

In 1991, the IETF decided that current version of IP, called IPv4, had outlived its design. The new version of IP, called either IPng (Next Generation) or IPv6 (version 6), was the result of a long and tumultuous process which came to a head in 1994, when the IETF gave a clear direction for IPv6.

IPv6 is designed to solve the problems of IPv4. It does so by creating a completely new protocol that serves the function of IPv4, but without its limitations. IPv6 differs from IPv4 in five major areas: addressing and routing, security, network address translation, administrative workload, and support for mobile devices. IPv6 also includes an important feature: a definite migration and transition plan from IPv4.

Since 1994, over 30 IPv6 RFCs have been published. Changing IP means changing dozens of Internet protocols and conventions, ranging from how IP addresses are stored in domain name system (DNS) and applications, to how datagrams are sent and routed over Ethernet, PPP, Token Ring, FDDI, and every other medium, to how programmers call network functions.

The IETF, though, is not so arrogant as to assume that everyone is going to change everything overnight. So there are also standards and protocols and procedures for the coexistence of IPv4 and IPv6: tunneling IPv6 in IPv4, tunneling IPv4 in IPv6, and mixing and matching the two protocols in a variety of environments.

IPv6 is not just a standards-writing fantasy. All major operating system and router vendors have demonstrated IPv6, although only a few have started to ship IPv6 as an integral part of their product line.

Some have been early out the door: Apple showed an IPv6 stack for its Macintosh in 1995 based on code produced by Mentat, one of the leading TCP/IP OEM stack vendors.

Most IPv6 products are technology demonstrations or developers’ early release kits. For example, IBM's OS/390 has a demonstration IPv6 stack available for it, as does HP-UX, Compaq's OpenVMS and Tru64 UNIX, Microsoft's Windows NT and Windows 2000, SCO Unix, and Sun's Solaris. Most of the freeware Unix implementations, including Linux, NetBSD, and FreeBSD also have beta IPv6 code available.

A few vendors are standing behind their IPv6 products. These include IBM (with AIX 4.3.1), and router vendors 3COM, Nortel (Bay), and Hitachi. Cisco, one of the few major router vendors not to ship production IPv6 code, does have demonstration builds available and also has access to IPv6 implementations from the IBM Nways router product line, which ships with IPv6 capabilities.

Of course, with dozens of standards, draft, proposed, and completed, IPv6 is still a moving target. The general framework is complete and ready to go, but many of the small details have yet to be worked out. This is actually the IETF way: Learn from implementation, rather than by trying to get it perfect the first time out.

Even when the standards are set in stone, IPv6 compliance won't be a simple check-box. IPv4 implementations vary in what they include and don't include. IPv6 will also have a laundry list of features, many optional, which you'll have to learn to look for.

Some features of IPv6 will be familiar, such as "RIPng," the IPv6-compatible version of RIP (Routing Information Protocol). Learning about RIPng will be easy if you already know about RIP. Other features may be more challenging. For example, one of IPv6's major differences is in the way in which network layer addresses are automatically discovered and managed. This is very different from IPv4 address management protocols you may be familiar with, such as BOOTP or DHCP. What you know about DHCP won't necessarily translate to handling IPv6 addresses.

Even if you've never studied IPv6, you may know about its most famous feature: big addresses. IPv6 uses 32-bit addresses, which, with the growth of the Internet, have become a scarce and valuable commodity. Organizations have gone to great lengths to deal with the shortage and high cost of IPv4 addresses. The most visible change in IPv6 is that addresses balloon from 32-bits to 128-bits.

With such a huge address space, ISPs will have sufficient IP leverage to allocate enough addresses to every customer so that every IP device will be truly unique, whether it's behind a firewall or not. Network address translation (NAT) has become a very common technique to deal with the shortage of IP addresses. Unfortunately, NAT doesn't work very well for many Internet applications, ranging from old dependables, such as NFS and DNS, to newer applications such as group conferencing. NAT has also been an impediment for business-to-business direct network connections, requiring baroque and elaborate address translators to make everything work reliably. One of the goals of IPv6's address space expansion is to make NAT unnecessary, improving total connectivity, reliability, and flexibility.

Additional address space will also help the core of the Internet, it is hoped, by reducing the size and complexity of the global routing tables. Although IPv6 doesn't solve the problems of routing in the Internet, it can help in several areas.

  IPv6 is Inevitable

By Bob Quinn

IPv6 is inevitable. Why? In a sense, Occam's Razor provides the answer: All things being equal, the simplest solution is the best solution. In protocol design terms, "Perfection has been reached not when there is nothing left to add, but when there is nothing left to take away" (RFC1925, Fundamental Truths of Networking). The simplest long-term solution for the Internet calls for (among other things) a single, global address space to provide at least one unique address for every interface on each Internet device. IPv4 cannot provide it. IPv6 can.

If you could count all the network devices accessing the ‘Net today, it would become readily apparent that the existing 32-bit IPv4 address space is already exhausted. In Europe, IPv4 addresses are traded on the black market due to the shortage and considering the continued growth in the number of newly attached devices—not to mention the increase in new types of devices under development—clearly, we need more addresses in order to sustain growth.

Oh sure, we can probably hide the fact we are out of IPv4 addresses by continued use of network address and port translation (NAT) in gateways and firewalls, and maybe we can even extend the NAT mechanism to extend its life. "With sufficient thrust, pigs fly just fine. However, this is not necessarily a good idea."

The strategy of using NAT to share a single IPv4 address among multiple hosts vulcanizes the Internet and corrupts the end-to-end connectivity that IP was initially designed to enable. This is not just a purist's lament, but a practical one, since NAT disables many existing network applications that require unique addresses (such as H.323 conferencing) and will surely limit the development of future applications. Worst of all, however, NAT complicates the network as the number and levels of NAT-enabled gateways increase. Even today, it is not uncommon to encounter private address spaces nested within other private address spaces, with NAT-enabled gateways strung together. It is not a pretty sight.

Certainly, firewalls will be with us forever as a mechanism to provide a security "choke-point" between corporate networks and the public Internet. They are a natural location for NAT, but not a necessary one. We can certainly provide the same security—or better—with the global address space that IPv6 enables. On the other hand, we cannot provide a global address space with NAT.

Yes, the move from IPv4 to IPv6 will involve increased complexity initially, but it will make things simpler in the long run. The move to IPv6 is an evolutionary step, however, not a revolutionary one. It will require living with dual IPv4 and IPv6 stacks, IPv6 in IPv4 tunnels, and IPv4 to IPv6 application programming interface "mappers" to adapt existing applications during the transition. But the resulting global address space that IPv6 will provide in the long-term is what counts most. Our children and grandchildren will thank us for our foresight and forbearance as they enjoy the benefits of a pure and simple IPv6-based Internet.

 
The new IPv6 addresses are large and cumbersome, so an IPv6 implementation tries to reduce the number of people who have to read and write them. A second major goal of IPv6 is to reduce the total time spent configuring and managing systems. An IPv6 system can participate in "stateless" auto configuration, where it creates a guaranteed unique IP address by combining its LAN MAC address with a prefix provided by the network router—DHCP is not required to keep IP addresses from overlapping. Of course, DHCP is still useful for other parameters, such as DNS servers, and is supported as DHCPv6 where needed.

IPv4 is a simple protocol not designed for gigabit and terabit routers, which may need to process millions of packets per second. The third major goal of IPv6 is to speed up the network, both from a performance and from a deployment point of view. IPv6 embodies the lessons learned at trying to build high-speed routers for IPv4 by changing the header of the IP packet to be more regular and to streamline the work of high-speed routers moving packets across the Internet backbone. IPv6 has fixed header sizes, and little-used IPv4 fields have been removed.

A beneficial side effect of the redesign of the IP packet header is that future extensions to IPv6 are simplified: Adding a new option to IP can be done without a major re-engineering of IP routers everywhere.

High-bandwidth multimedia and fault tolerance applications are the focus of the fourth major goal of IPv6. Multimedia applications can take advantage of multicast, the transmission of a single datagram to multiple receivers. Although IPv4 has some multicast capabilities, these are optional and not every router supports them. With IPv6, multicast is a requirement. IPv6 also defines a new kind of service, called "anycast." Like multicast, anycast has groups of nodes that send and receive packets. But when a packet is sent to an anycast group in IPv6, it is only delivered to one of the members of the group. This new capability is especially appropriate in a fault-tolerant environment: Web servers, DNS servers and routers could all benefit from IPv6's anycast technology.

The fifth major goal of IPv6 is extending the use of virtual private networks, VPNs. The new IPSec security protocols, encapsulating security protocol (ESP) and authentication header (AH) are add-ons to IPv4. IPv6 builds in and requires these protocols, which means that secure networks will be easier to build and deploy in an IPv6 world.

Another aspect of VPNs built into IPv6 is Quality of Service (QoS). IPv6 supports the same QoS features as IPv4, including the DiffServ indication, as well as a new 20-bit traffic flow field. Although the use of this component of IPv6 is not defined, it is provided as a solid base to build QoS protocols.

A major consideration in implementing IPv6 is migration and transition: How will we move from an IPv4 world to an IPv6 world without complete chaos? The answer is Simple Internet Transition, SIT, a set of protocol mechanisms that simplify the Internet's transition from IPv4 to IPv6.

The only major prerequisite to making the transition is DNS. To support the new IPv6 addresses, minor changes to DNS are required. The traditional DNS address record, which is used when looking up a 32-bit IPv4 address, is supplemented by a new "AAAA" record, which returns 128-bit IPv6 addresses.

Once a DNS server is updated, the IPv6 SIT architecture says that you can start plugging in hosts and routers which support both IPv6 and IPv4 and everything will continue to work. One reason for this is that old IPv4 addresses can still be used in the IPv6 world (by putting the special 96-bit IPv4 prefix in front of each one).

Going into production immediately with IPv6 may be a little optimistic, so the IPv6 camp has started a network-within-a-network, the "6bone," (www.6bone.net) which is a test IPv6 network running over the IPv4 Internet. The 6bone has been a strong success with hundreds of sites joining from 42 countries. (The 6bone has a counterpart in the Research and Education side of the Internet, called the 6ren.)

  ONLINE RESOURCES

NOTE: All links will open new browser windows

The IPv6 Forum
www.ipv6forum.com/

The 6bone
www.6bone.net/

IPng Information Pages
playground.sun.com/pub/ipng/html/ipng-main.html

IETF IPNG Working Grp.
www.ietf.org/html.charters/ngtrans-charter.html

 
The 6bone has been successful at giving companies of all size experience in running an IPv6 network, because there are significant differences in management and addressing that have to be learned. It has served as a proof of concept, by demonstrating a wide range of operational IPv6 implementations doing real work, day-in and day-out. The IPv6 experimental backbones have also been important because they give organizations a place to get practical operational experience with IPv6.

If IPv6 is in your future, it's critical to get experience as soon as possible. Fortunately, all IPv6 action is happening on the Internet and is very open. A wide variety of Web sites (see Online Resources sidebar) give pointers to vendors, advocacy, information and the operational experimental networks. If you’d prefer one-on-one discussions with the experts, the IPv6 Forum will be meeting in March, in Telluride, Colorado, giving you an opportunity to hear the whole story from the implementors and designers themselves.

IPv6 is a big change from IPv4, and it will take years before it is widely adopted on the Internet. But for both internal IP networking and connections to the outside world, IPv6 is the clear next step for TCP/IP.