IPv6

Internet Protocol version 6 (IPv6) is the most recent version of the Internet Protocol (IP), the communications protocol that provides an identification and location system for computers on networks and routes traffic across the Internet. IPv6 was developed by the Internet Engineering Task Force (IETF) to deal with the long-anticipated problem of IPv4 address exhaustion, and was intended to replace IPv4. In December 1998, IPv6 became a Draft Standard for the IETF,

Devices on the Internet are assigned a unique IP address for identification and location definition. With the rapid growth of the Internet after commercialization in the 1990s, it became evident that far more addresses would be needed to connect devices than the 4 billion (2³²) addresses IPv4 made available. By 1998, the IETF had formalized the successor protocol, IPv6. This uses 128-bit addresses, yielding an address space of 2¹²⁸, 10³⁸, or 340 undecillion total addresses. Several transition mechanisms have been devised to allow IPv4 and IPv6 to interoperate, but IPv6 is not backwards-compatible with IPv4 and the two do not interoperate directly.

IPv6 provides other technical benefits in addition to a larger addressing space. In particular, it permits hierarchical address allocation methods that facilitate route aggregation across the Internet, and thus limit the expansion of routing tables. The use of multicast addressing is expanded and simplified, and provides additional optimization for the delivery of services. Device mobility, security, and configuration aspects have been considered in the design of the protocol.

IPv6 addresses are represented as eight groups of four hexadecimal digits each, separated by colons. The full representation may be shortened according to specific rules; for example, becomes .

Main features

thumb|upright=1.2|Glossary of terms used for IPv6 addresses

IPv6 is an Internet Layer protocol for packet-switched internetworking and provides end-to-end datagram transmission across multiple IP networks, closely adhering to the design principles developed in the previous version of the protocol, Internet Protocol Version 4 (IPv4).

In addition to offering more addresses, IPv6 also implements features not present in IPv4. It simplifies aspects of address configuration, network renumbering, and router announcements when changing network connectivity providers. It simplifies packet processing in routers by placing the responsibility for packet fragmentation in the end points. The IPv6 subnet size is standardized by fixing the size of the host identifier portion of an address to 64 bits.

The addressing architecture of IPv6 allows three different types of transmission: unicast, anycast and multicast. IPv6 does not implement broadcast, and therefore has no notion of a broadcast address.

Motivation and origin

IPv4 address exhaustion

thumb|upright=1.2|Decomposition of the dot-decimal [[IPv4 address representation to its binary notation]]

Internet Protocol Version 4 (IPv4) was the first publicly used version of the Internet Protocol. IPv4 was developed as a research project by the Defense Advanced Research Projects Agency (DARPA), a United States Department of Defense agency, before becoming the foundation for the Internet and the World Wide Web. IPv4 includes an addressing system that uses numerical identifiers consisting of 32 bits. These addresses are typically displayed in dot-decimal notation as decimal values of four octets, each in the range 0 to 255, or 8 bits per number. Thus, IPv4 provides an addressing capability of 2³² or approximately 4.3 billion addresses. Address exhaustion was not initially a concern in IPv4 as this version was originally presumed to be a test of DARPA's networking concepts. During the first decade of operation of the Internet, it became apparent that methods had to be developed to conserve address space. In the early 1990s, even after the redesign of the addressing system using a classless network model, it became clear that this would not suffice to prevent IPv4 address exhaustion, and that further changes to the Internet infrastructure were needed.

The last unassigned top-level address blocks of 16 million IPv4 addresses were allocated in February 2011 by the Internet Assigned Numbers Authority (IANA) to the five regional Internet registries (RIRs). At that point, each RIR still had available address pools and was expected to continue with standard address allocation policies until one Classless Inter-Domain Routing (CIDR) block remained. After that, only blocks of 1,024 addresses (/22) were provided from the RIRs to a local Internet registry (LIR). Since then, all five RIRs—Asia-Pacific Network Information Centre (APNIC), the Réseaux IP Européens Network Coordination Centre (RIPE NCC), Latin America and Caribbean Network Information Centre (LACNIC), African Network Information Centre (AFRINIC), and American Registry for Internet Numbers (ARIN)—have reached this stage. RIPE NCC was the last to do so; it announced that it had fully run out of IPv4 addresses on 25 November 2019, and called for greater progress on the adoption of IPv6.

Comparison with IPv4

On the Internet, data is transmitted in the form of network packets. IPv6 specifies a new packet format, designed to minimize packet header processing by routers. Because the headers of IPv4 packets and IPv6 packets are significantly different, the two protocols are not interoperable. However, most transport and application-layer protocols need little or no change to operate over IPv6; exceptions are application protocols that embed Internet-layer addresses, such as File Transfer Protocol (FTP) and Network Time Protocol (NTP), where the new address format may cause conflicts with existing protocol syntax.

Larger address space

The main advantage of IPv6 over IPv4 is its larger address space. The size of an IPv6 address is 128 bits, compared to 32 bits in IPv4. To address these privacy concerns, the SLAAC protocol includes what are typically called "privacy addresses" or, more correctly, "temporary addresses". Temporary addresses are random and unstable. A typical consumer device generates a new temporary address daily and will ignore traffic addressed to an old address after one week. Temporary addresses are used by default by Windows since XP SP1, macOS since (Mac OS X) 10.7, Android since 4.0, and iOS since version 4.3. Use of temporary addresses by Linux distributions varies.

Renumbering an existing network for a new connectivity provider with different routing prefixes is a major effort with IPv4. With IPv6, however, changing the prefix announced by a few routers can in principle renumber an entire network, since the host identifiers (the least-significant 64 bits of an address) can be independently self-configured by a host.

The SLAAC address generation method is implementation-dependent. IETF recommends that addresses be deterministic but semantically opaque.

IPsec

Internet Protocol Security (IPsec) was originally developed for IPv6, but found widespread deployment first in IPv4, for which it was re-engineered. IPsec was a mandatory part of all IPv6 protocol implementations,

Simplified processing by routers

The packet header in IPv6 is simpler than the IPv4 header. Many rarely used fields have been moved to optional header extensions. The IPv6 packet header has simplified the process of packet forwarding by routers. Although IPv6 packet headers are at least twice the size of IPv4 packet headers, processing of packets that only contain the base IPv6 header by routers may, in some cases, be more efficient, because less processing is required in routers due to the headers being aligned to match common word sizes. Additionally, for many implementations, the use of Extension Headers causes packets to be processed by a router's CPU, leading to poor performance or even security issues.

Moreover, an IPv6 header does not include a checksum. The IPv4 header checksum is calculated for the IPv4 header, and has to be recalculated by routers every time the time to live (called hop limit in the IPv6 protocol) is reduced by one. The absence of a checksum in the IPv6 header furthers the end-to-end principle of Internet design, which envisioned that most processing in the network occurs in the leaf nodes. Integrity protection for the data that is encapsulated in the IPv6 packet is assumed to be assured by both the link layer or error detection in higher-layer protocols, namely the Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP) on the transport layer. Thus, while IPv4 allowed UDP datagram headers to have no checksum (indicated by 0 in the header field), IPv6 requires a checksum in UDP headers.

IPv6 routers do not perform IP fragmentation. IPv6 hosts are required to do one of the following: perform Path MTU Discovery, perform end-to-end fragmentation, or send packets no larger than the default maximum transmission unit (MTU), which is 1280 octets.

Mobility

Unlike mobile IPv4, mobile IPv6 avoids triangular routing and is therefore as efficient as native IPv6. IPv6 routers may also allow entire subnets to move to a new router connection point without renumbering.

Extension headers

thumb|Several examples of IPv6 extension headers

The IPv6 packet header has a minimum size of 40 octets (320 bits). Options are implemented as extensions. This provides the opportunity to extend the protocol in the future without affecting the core packet structure.

Address representation

The 128 bits of an IPv6 address are represented in 8 groups of 16 bits each. Each group is written as four hexadecimal digits (sometimes called hextets or more formally hexadectets and informally a quibble or quad-nibble

A host bringing up a new IPv6 interface first generates a unique link-local address using one of several mechanisms designed to generate a unique address. Should a non-unique address be detected, the host can try again with a newly generated address. Once a unique link-local address is established, the IPv6 host determines whether the LAN is connected on this link to any router interface that supports IPv6. It does so by sending out an ICMPv6 router solicitation message to the all-routers multicast group with its link-local address as source. If there is no answer after a predetermined number of attempts, the host concludes that no routers are connected. If it does get a response, known as a router advertisement, from a router, the response includes the network configuration information to allow establishment of a globally unique address with an appropriate unicast network prefix. There are also two flag bits that tell the host whether it should use DHCP to get further information and addresses:

• The Manage bit, which indicates whether or not the host should use DHCP to obtain additional addresses rather than rely on an auto-configured address from the router advertisement.
• The Other bit, which indicates whether or not the host should obtain other information through DHCP. The other information consists of one or more prefix information options for the subnets that the host is attached to, a lifetime for the prefix, and two flags: The initial recommendation of stated assignment of a subnet to end-consumer sites. In this recommendation was refined: The IETF "recommends giving home sites significantly more than a single , but does not recommend that every home site be given a either". Blocks of s are specifically considered. It remains to be seen whether ISPs will honor this recommendation. For example, during initial trials, Comcast customers were given a single network.

IPv6 in the Domain Name System

In the Domain Name System (DNS), hostnames are mapped to IPv6 addresses by AAAA ("quad-A") resource records. For reverse resolution, the IETF reserved the domain ip6.arpa, where the name space is hierarchically divided by the 1-digit hexadecimal representation of nibble units (4 bits) of the IPv6 address.

When a dual-stack host queries a DNS server to resolve a fully qualified domain name (FQDN), the DNS client of the host sends two DNS requests, one querying AAAA records and the other querying A records, in that order, by default. If both types of addresses are returned by the DNS, and there is a route for it, the IPv6 address is preferred over the IPv4 address. However, the host operating system may be configured with an alternate preference for address selection.

<!--A6 record redirects to this section.-->

An alternative record type was used in early DNS implementations for IPv6, designed to facilitate network renumbering. The A6 resource record was used for the forward lookup, completed with a number of other innovations such as bit-string labels and DNAME records. After a discussion of the pros and cons of both schemes,) the use of A6 resource records has been deprecated to experimental status.

Transition mechanisms

IPv6 is not foreseen to supplant IPv4 instantaneously. Both protocols will continue to operate simultaneously for some time. Therefore, IPv6 transition mechanisms are needed to enable IPv6 hosts to reach IPv4 services and to allow isolated IPv6 hosts and networks to reach each other over IPv4 infrastructure.

According to Silvia Hagen, a dual-stack implementation of the IPv4 and IPv6 on devices is the easiest way to migrate to IPv6. Many other transition mechanisms use tunneling to encapsulate IPv6 traffic within IPv4 networks and vice versa. This is an imperfect solution, which reduces the maximum transmission unit (MTU) of a link and therefore complicates Path MTU Discovery, and may increase latency.

Dual-stack IP implementation

Dual-stack IP implementations provide complete IPv4 and IPv6 protocol stacks in the operating system of a computer or network device on top of the common physical layer implementation, such as Ethernet. This permits dual-stack hosts to participate in IPv6 and IPv4 networks simultaneously.

A device with dual-stack implementation in the operating system has an IPv4 and IPv6 address, and can communicate with other nodes in the LAN or the Internet using either IPv4 or IPv6. The DNS protocol is used by both IP protocols to resolve fully qualified domain names and IP addresses, but dual stack requires that the resolving DNS server can resolve both types of addresses. Such a dual-stack DNS server holds IPv4 addresses in the A records and IPv6 addresses in the AAAA records. Depending on the destination that is to be resolved, a DNS name server may return an IPv4 or IPv6 IP address, or both. A default address selection mechanism, or preferred protocol, needs to be configured either on hosts or the DNS server. The IETF has published Happy Eyeballs to assist dual-stack applications, so that they can connect using both IPv4 and IPv6, but prefer an IPv6 connection if it is available. However, dual-stack also needs to be implemented on all routers between the host and the service for which the DNS server has returned an IPv6 address. Dual-stack clients should be configured to prefer IPv6 only if the network is able to forward IPv6 packets using the IPv6 versions of routing protocols. When dual-stack network protocols are in place the application layer can be migrated to IPv6.

While dual-stack is supported by major operating system and network device vendors, legacy networking hardware and servers do not support IPv6.

ISP customers with public-facing IPv6

thumb|upright=1.2|IPv6 Prefix Assignment mechanism with IANA, RIRs, and ISPs

Internet service providers (ISPs) are increasingly providing their business and private customers with public-facing IPv6 global unicast addresses. If IPv4 is still used in the local area network (LAN), however, and the ISP can only provide one public-facing IPv6 address, the IPv4 LAN addresses are translated into the public facing IPv6 address using NAT64, a network address translation (NAT) mechanism. Some ISPs cannot provide their customers with public-facing IPv4 and IPv6 addresses, thus supporting dual-stack networking, because some ISPs have exhausted their globally routable IPv4 address pool. Meanwhile, ISP customers are still trying to reach IPv4 web servers and other destinations.

A significant percentage of ISPs in all regional Internet registry (RIR) zones have obtained IPv6 address space. This includes many of the world's major ISPs and mobile network operators, such as Verizon Wireless, StarHub Cable, Chubu Telecommunications, Kabel Deutschland, Swisscom, T-Mobile, Internode and Telefónica.

While some ISPs still allocate customers only IPv4 addresses, many ISPs allocate their customers only an IPv6 or dual-stack IPv4 and IPv6. ISPs report the share of IPv6 traffic from customers over their network to be anything between 20% and 40%, but by mid-2017 IPv6 traffic still only accounted for a fraction of total traffic at several large Internet exchange points (IXPs). AMS-IX reported it to be 2% and SeattleIX reported 7%. A 2017 survey found that many DSL customers that were served by a dual stack ISP did not request DNS servers to resolve fully qualified domain names into IPv6 addresses. The survey also found that the majority of traffic from IPv6-ready web-server resources were still requested and served over IPv4, mostly due to ISP customers that did not use the dual stack facility provided by their ISP and to a lesser extent due to customers of IPv4-only ISPs.

Tunneling

The technical basis for tunneling, or encapsulating IPv6 packets in IPv4 packets, is outlined in RFC 4213. When the Internet backbone was IPv4-only, one of the frequently used tunneling protocols was 6to4. Teredo tunneling was also frequently used for integrating IPv6 LANs with the IPv4 Internet backbone. Teredo is outlined in RFC 4380 and allows IPv6 local area networks to tunnel over IPv4 networks, by encapsulating IPv6 packets within UDP. The Teredo relay is an IPv6 router that mediates between a Teredo server and the native IPv6 network. It was expected that 6to4 and Teredo would be widely deployed until ISP networks would switch to native IPv6, but by 2014 Google Statistics showed that the use of both mechanisms had dropped to almost 0.

IPv4-mapped IPv6 addresses

thumb|IPv4-compatible IPv6 unicast address

thumb|IPv4-mapped IPv6 unicast address

Hybrid dual-stack IPv6/IPv4 implementations recognize a special class of addresses, the IPv4-mapped IPv6 addresses. These addresses are typically written with a 96-bit prefix in the standard IPv6 format, and the remaining 32 bits are written in the customary dot-decimal notation of IPv4.

Addresses in this group consist of an 80-bit prefix of zeros, the next 16 bits are ones, and the remaining, least-significant 32 bits contain the IPv4 address. For example, represents the IPv4 address . A previous format, called "IPv4-compatible IPv6 address", was ; however, this method is deprecated. On these operating systems, a program must open a separate socket for each IP protocol it uses. On some systems, e.g., the Linux kernel, NetBSD, and FreeBSD, this feature is controlled by the socket option IPV6_V6ONLY.

The address prefix is a class of IPv4-embedded IPv6 addresses for use in NAT64 transition methods. For example, represents the IPv4 address .<!--This needs a lot better explanation-->

Security

A number of security implications may arise from the use of IPv6. Some of them may be related with the IPv6 protocols themselves, while others may be related with implementation flaws.

Shadow networks

The addition of nodes having IPv6 enabled by default by the software manufacturer may result in the inadvertent creation of shadow networks, causing IPv6 traffic flowing into networks having only IPv4 security management in place. This may also occur with operating system upgrades, when the newer operating system enables IPv6 by default, while the older one did not. Failing to update the security infrastructure to accommodate IPv6 can lead to IPv6 traffic bypassing it. Shadow networks have occurred on business networks in which enterprises are replacing Windows XP systems that do not have an IPv6 stack enabled by default, with Windows 7 systems, that do. Some IPv6 stack implementors have therefore recommended disabling IPv4 mapped addresses and instead using a dual-stack network where supporting both IPv4 and IPv6 is necessary.

IPv6 packet fragmentation

Research has shown that the use of fragmentation could be leveraged to evade network security controls, similar to IPv4. As a result, it is now required that the first fragment of an IPv6 packet contains the entire IPv6 header chain, such that some very pathological fragmentation cases are forbidden. Additionally, as a result of research on the evasion of RA-Guard, the use of fragmentation is deprecated with Neighbor Discovery, and discouraged with Secure Neighbor Discovery (SEND).

Standardization through RFCs

Working-group proposals

thumb|A timeline for the standards governing IPv6

Due to the anticipated global growth of the Internet, the Internet Engineering Task Force (IETF) in the early 1990s started an effort to develop a next generation IP protocol. In September 1993, the IETF created a temporary, ad hoc IP Next Generation (IPng) area to deal specifically with such issues. The new area was led by Allison Mankin and Scott Bradner, and had a directorate with 15 engineers from diverse backgrounds for direction-setting and preliminary document review: The working-group members were J. Allard (Microsoft), Steve Bellovin (AT&T), Jim Bound (Digital Equipment Corporation), Ross Callon (Wellfleet), Brian Carpenter (CERN), Dave Clark (MIT), John Curran (NEARNET), Steve Deering (Xerox), Dino Farinacci (Cisco), Paul Francis (NTT), Eric Fleischmann (Boeing), Mark Knopper (Ameritech), Greg Minshall (Novell), Rob Ullmann (Lotus), and Lixia Zhang (Xerox).

The Internet Engineering Task Force adopted the IPng model on 25 July 1994, with the formation of several IPng working groups. In 1998 became the RFC for IPv6.

The Domain Name System (DNS) has supported IPv6 since 2008. In the same year, IPv6 was first used in a major world event during the Beijing 2008 Summer Olympics.

By 2011, all major operating systems in use on personal computers and server systems had production-quality IPv6 implementations. Cellular telephone systems presented a large deployment field for Internet Protocol devices as mobile telephone service made the transition from 3G to 4G technologies, in which voice is provisioned as a voice over IP (VoIP) service that would leverage IPv6 enhancements. In 2009, the US cellular operator Verizon released technical specifications for devices to operate on its "next-generation" networks. The specification mandated IPv6 operation according to the 3GPP Release 8 Specifications (March 2009), and deprecated IPv4 as an optional capability. By mid-2018 some major European broadband ISPs had deployed IPv6 for the majority of their customers. Sky UK provided over 86% of its customers with IPv6, Deutsche Telekom had 56% deployment of IPv6, XS4ALL in the Netherlands had 73% deployment and in Belgium the broadband ISPs VOO and Telenet had 73% and 63% IPv6 deployment respectively. Adoption varies significantly by region, with countries such as India, France, and Germany reporting adoption rates exceeding 70%, while others lag behind.

Peering issues

There is a peering dispute occurring between Hurricane Electric and Cogent Communications on IPv6, with the two network providers refusing to peer.

See also

• China Next Generation Internet
• Comparison of IPv6 support in operating systems
• DoD IPv6 product certification
• OCCAID
• Timeline of the history of the Internet
• University of New Hampshire InterOperability Laboratory

References

External links

• IPv6 in the Linux Kernel by Rami Rosen
• An Introduction and Statistics about IPv6 by Google
• The standard document ratifying IPv6 – RFC 8200 document ratifying IPv6 as an Internet Standard