The world is running out of IP addresses. The current version of the Internet Protocol relies on unique addresses for each device that connects to a network. In the case of the Internet, public IP addresses that enable devices to communicate directly with one another over the global network are becoming scarcer each day. As more and more devices come online in the future, IPv4 will run out of capacity to accommodate our communication needs.

Thus, IPv6 was introduced and has steadily undergone testing and deployment in a variety of international locations. In this explainer, I'll take a look at the benefits of IPv6, including the differences in IP addressing and inherent security advantages, and then look at how IPv6 and IPv4 can coexist and how the global transition to IPv6 is going.

Differences in addressing
Of course, the primary benefit of IPv6 is its increased addressing capacity. IPv6 addresses are 128 bits to IPv4's 32-bit addresses. This is the single most significant improvement between the different versions and provides for a radically expanded address space. IPv6 supports 40,282,366,920,938,463,463,374,607,431,768, 211,456 addresses -- that's 2 to the 128th power. IPv6 addresses are typically described as eight groups of four hexadecimal digits, eg. 2006:0db8:0000:0000:0000:0000:0714:57ff.

Briefly, there are a couple of tricks and shortcuts to managing these addresses as well:

  • A group of four zeros can be left out of an address; just leave the separating colons in place. The above address in shortened form would read 2006:0db8::0714:57ff. The network equipment automatically detects the omitted parts and internally recognizes the shortened address. However, only one double colon is permitted, as more than one would make it difficult to detect which group was omitted.
  • Leading zeroes in a group can left out. In the previous shortened example, this would read 2006:db8::714:57ff.
  • Better security
    The other significant improvement between IPv6 and IPv4 is the security baked into the protocol. IPsec, the time-proven standard for securing IP communications by encrypting and/or authenticating all IP packets at the network layer, is an integral part of the base protocol suite in IPv6.

    IPsec is more flexible than other encryption standards such as Transport Layer Security and Secure Sockets Layer because it operates at the network layer and thus is able to protect both TCP and UDP-based protocols. Such flexibility, however, comes at a cost of increased complexity and processing overhead.

    Coexistence
    How might IPv6 packets coexist and route over networks still using IPv4? Using a technique called tunnelling, IPv6 packets are put within IPv4 headers to pass through networks without a problem. First, addresses are transformed from IPv4 to IPv6 by adding leading zeroes, and then the IPv6 packet itself is inserted into the header area of an IPv4 packet. The data is then sent out and travels normally through existing infrastructure. At the end of the transmission, an IPv6-aware router can strip the IPv6 packet out of the IPv4 header and route it appropriately to its destination.

    The transition from IPv4 to IPv6
    Many products currently in use in networks across the globe are ready for IPv6, including Cisco routers, Juniper routers, Windows XP, Mac OS X, Solaris and most Linux distributions.

    Such broad support will make the eventual transition from IPv4 to IPv6 much easier. The transition won't be entirely seamless because some applications and network services, such as NTP Version 3 and FTP, hard-code network addresses into their transmissions and thus will require some major reworking as IPv6 becomes the dominant IP standard.

    Additionally, if you are behind a NAT-based firewall, you'll probably have some trouble with intensive network applications like voice over IP and distributed peer-to-peer software as the firewall has difficulties keeping track and translating between 32-bit and 128-bit addresses.

    In terms of timelines for the transition, companies with a global focus and operations or transmissions between companies should be actively testing IPv6 on their networks and devices.

    Internet Corporation for Assigned Names and Numbers announced in July 2004 that the IPv6 records for the Japan (.jp) and Korea (.kr) country code Domain Name System servers became visible in the DNS root server zone files, and the IPv6 records for France (.fr) were added a little later. This made IPv6 operational publicly.

    China and other connected Asian countries, due to the sheer number of devices and computers connecting, are heavily into IPv6 deployment, and companies transacting with business in that region will need to head the line of IPv6 transition in this country.

    Internet service providers are currently in the midst of testing IPv6 support on their devices, so upstream support should fall into place within the next 24 to 36 months. In addition, Microsoft is improving the IP stack in the upcoming Windows Vista and Longhorn Server to better support IPv6, which should be the final enabler to broad-based adoption of the benefits IPv6 brings to the global networking community.

    Jonathan Hassell is an author, consultant and speaker on a variety of IT topics. His published works include RADIUS, Hardening Windows, Using Windows Small Business Server 2003 and Learning Windows Server 2003. He is currently an editor for Apress, a publishing company specializing in books for programmers and IT professionals.