IPv6: Everything you need to know about this new Internet standard
IPv6, what is it?
IPv6 stands for “Internet Protocol version 6”. It was introduced by the Internet Engineering Task Force (IETF ) and is one of the standardized processes for transferring data packets over computer networks. With the other 500 network protocols of the TCP / IP suite, the direct successor to IPv4, namely IPv6 (IPv5 never having seen the light of day), constitutes the basis of Internet communication. Among the core functions of IPv6 are the sending of network elements to IPv6 addresses and the routing of packets between subnets, also called routing. To do this, IPv6 is based on the network layer (Layer 3) of the OSI model.
IP addresses are assigned from the regional Internet registry (RIR), which distributes IP addresses through the Internet Assigned Numbers Authority ( IANA ). The competent RIR for Europe, the Near East and Central Asia is the RIPE NCC ( European IP Networks Network Coordination Center ).
IPv6 versus IPv4
A simple glance already shows that the address format of the sixth version of IP is very different from the previous version of IPv4:
- IPv4 address: 184.108.40.206
- IPv6 address : 2001: 0620: 0000: 0000: 0211: 24FF: FE80: C12C
While the Internet protocol of version 4 is coded on 32 bits and is written in decimal form, its successor IPv6 allows addresses of 128 bits , which are based on hexadecimal writing for reasons of readability. This comparison makes it clear that the central problem of IPv4 has been solved: with 128 bits, it is now possible to generate far more unique IP addresses than with 32 bits.
- IPv4 address space: 32 bits = 2 32 addresses ≈ 4.3 billion addresses
- IPv6 address space: 128 bits = 2 128 addresses ≈ 340 sextillion addresses
The figures clearly show the huge gap between the two protocols: while the IPv4 address space, with nearly 4.3 billion IPs, is far from making it possible to provide a unique address to each individual on earth, a 128-bit system could, in theory, allow multiple addresses to be assigned to each grain of sand on our planet!
The introduction of IPv6 thus makes it possible to invest in the future. Indeed, trends like those described by the Internet of Things (IoT) suggest that the number of devices connected to the Internet and which must be clearly identified will increase significantly in the coming years.
Construction of an IPv6 address
The 128 bits of IPv6 addresses are distributed over 8 blocks of 16 bits. A 16-bit block is written with 4 characters in hexadecimal form (i.e. the 10 whole numbers and 6 letters of the alphabet). To separate these blocks, we use the colon as a punctuation mark. Here is an example :
- 2001: 0620: 0000: 0000: 0211: 24FF: FE80: C12C
In order to simplify an IPv6 address, it is possible to shorten the writing of the address by removing the zeros that start a block. If a block consists only of zero, the last zero must be kept.
- 2001: 0620: 0000: 0000: 0211: 24FF: FE80: C12C
- 2001: 620: 0: 0: 211: 24FF: FE80: C12C
In addition, on only part of an IPv6 address, the following blocks of zeros can be deleted:
- 2001: 620: 0: 0: 211: 24FF: FE80: C12C
- 2001: 620 :: 211: 24FF: FE80: C12C
The colon following each other (twice only) shows the location of the deleted zeros (above after the second block).
It should be understood that in practice, Internet users have fewer addresses than the 128-bit format seems to indicate.
This is due to the very principle on which the protocol is designed: unlike its predecessor, the new IPv6 standard must allow a real end-to-end connection and make the correspondence from private addresses to public addresses by NAT (Network Address Translation)useless.
In principle, it is also possible to establish end-to-end connections with IPv4; however, since the IPv4 address space is too small to assign a unique address to each device, the NAT intermediary has been developed.
With the new standard, each device that is connected to a local network can now be processed logically via its own address. The addresses therefore contain, in addition to the routing prefix, a unique interface identifier , which is generated manually or from the MAC address of the device’s network card.
The routing prefix and the interface identifier each include 64 bits of the IPv6 address.
Construction of the routing prefix
The routing prefix of an IPv6 address is divided into a network prefix and a subnet prefix. This is represented in the CIDR ( Classless Inter-Domain Routing ) notation, i.e. classless inter-domain routing. Thus, the length of the prefix in bits is defined using the slash sign (/).
The notation 2001: 0820: 9511 :: / 48 corresponds for example to a subnet with an address from 2001: 0820: 9511: 0000: 0000: 0000: 0000: 0000 to 2001: 0820: 9511: FFFF: FFFF: FFFF : FFFF: FFFF .
Typically, the / 32 network is assigned by the RIR to Internet Service Providers (ISPs), which then divide it into subnets. For customers, / 48 or / 56 networks are granted.
Construction of the interface identifier
The interface ID allows clear identification of a given device connected to a network. It is generated manually or based on the MAC address of the device’s network card. The second case is the most classic. It is based on the conversion of the standard MAC address format to the modified EUI-64 format. This takes place in three stages:
- First, the 48-bit MAC address is split into two 24-bit long parts. These parts then constitute the beginning and the end of the 64 bits of the complete interface identifier.
- MAC address: 00-11-24-80-C1-2C
- Cut MAC address: 0011: 24 __: __ 80: C12C
- Second, the remaining 16 bits are allocated in the middle by default with the sequence 1111 1111 1111 1110 which corresponds to the hexadecimal code FFFE.
- Full MAC address: 0011: 24FF: FE80: C12C
- The MAC address is now in a modified EUI-64 format.
- Finally, the seventh bit, also called universal or local bit, is inverted. This indicates whether an address is globally or locally unique.
- Continuation before inversion: 0000 0000
- Continuation after reversal: 0000 0010
- Interface ID before reversing : 0011: 24FF: FE80: C12C
- Interface ID after inversion : 0211: 24FF: FE80: C12C
Extension of confidentiality
An IPv6 address that is based on a modified EUI-64 format could allow third parties to draw conclusions about the MAC address.
This can generate some fears on the part of users on the protection of their data, confidentiality extensions have been developed, in order to make interface IDs anonymous also with IPv6.
The link between the MAC address and the interface identifier is then broken. Instead, privacy extensions generate temporary interface identifiers with outgoing connections more or less established at random.
This makes it more difficult to deduce information about the host and establish behavior profiles based on the IP.
Types of IPv6 addresses
As with IPv4, the different areas of the IPv6 address have specific tasks and properties. They are specified in RFC 4291 and RFC 5156 and are already identifiable by the first bits of an IPv6 address, known as the prefix. The main address types include unicast addresses, multicast addresses, and anycast addresses.
Unicast addresses are used to communicate one network element to one other element. They are divided into two categories: the link-local addresses and unicast global addresses.
- Link-local addresses: addresses in this category are only valid within a local network. They start with the prefix FE80:: / 10. Addresses of the link-local type are used to process elements within a local network and are used, for example, for auto-configuration. Typically, the link-local address extends to the next router, so that each device connected to the network can be able to communicate with it and generate a global IPv6 address. This protocol is called Neighbor Discovery.
- Global unicast addresses: these are unique addresses in the world that a network device needs to establish an Internet connection. The prefix is usually 2000:: / 3 and thus includes all addresses that start with 2000 up to 3FFF. The global unicast address is “routable” and is used to process a host on a local network on the Internet. The global unicast addresses that are redistributed by an Internet provider to its customers, start with the hexadecimal block 2001.
While unicast addresses are used to establish point-to-point communication, multicast addresses allow communication from one element to several.
We talk about multipoint broadcasting or group broadcasting. Packets that are sent to a multicast address are received by all of the network devices which are part of the multicast group. A device can belong to several multicast groups.
If an IPv6 address is established for a network device, it automatically becomes a member of a given multicast group, which is necessary for the recognition, accessibility but also the prefix.
Examples of classic multicast groups: “all routers” or “all hosts”. In general, the prefix FF00:: / 8is applied for multicast addresses.
Packets can also be sent to groups from an anycast address. Unlike multicast addresses, however, data packets are not sent to all members of the anycast group, but only to the nearest device.
Anycast addresses are mainly used to allow load sharing and for security reasons.
IPv6 packet format
The Internet protocol IPv6 differs from IPv4 by a simplified packet format. To simplify the processing of IPv6 packets, a standard length of 40 bytes (320 bits) has been defined for the header.
The optional information, which is only necessary for specific cases, is found in what are called extension headers, which are inserted between the header and the payload.
The IPv6 packet header has only 8 header fields. With IPv4, these were 13 fields. The construction of an IPv6 header can be represented schematically.
|Version||It contains the version of the IP protocol according to which the IP packet was created.|
|Traffic class||Sets priorities (8 bit)|
|Flow label||Packets with the same stream identifier are treated in the same way (20 bits)|
|Payload length||Gives the length of the contents of the packet, including the extensions but without the header data (16 bits)|
|Next header||Indicates the protocol of the upper transport layer (8 bits)|
|Maximum jumps (hop limit)||Indicates the maximum number of hops for intermediate stages (routers), which a packet can pass before expiring (8 bits)|
|Source IP address||Includes the address of the sender (128 bits)|
|Destination IP address||Includes recipient address (128 bit)|
With the introduction of extension headers, optional information from IPv6 packets can be implemented much more efficiently than with IPv4. Since routers do not check and process IPv6 extension headers when a packet is sent, they are usually only processed at the destination.
The performance of the routers has therefore been considerably improved since IPv6 because under IPv4, the optional information had to be checked along the way.
Some of the information that can include IPv6 extension headers is node-to-node options, destination, routing, fragmenting, authentication, and encryption (IPsec) options.
Internet Protocol version 6 features
Most Internet users are connected to IPv6 because of its large address space. However, the new standard also offers a certain number of functions which make it possible to overcome the major limits of IPv4.
This is particularly the implementation of end-to-end encryption, which makes the detour by NAT superfluous and which significantly simplifies the implementation of security protocols like IPsec.
In addition, IPv6 allows automatic address configuration via Neighbor Discovery as well as the allocation of several unique IPv6 addresses per host with different fields of application, to account for different network topologies.
In addition, there are advantages of simplifying packet headers and transferring optional information to header extensions for sending packets for faster routing.
With QoS (Quality of service), IPv6 has an integrated mechanism for securing the quality of services, which makes it possible to prioritize urgent packets and to manage the processing of data packets more efficiently.
The “Traffic class” and “Flow identifier” fields were thus defined according to the QoS methodology.
More critical, however: the assignment of static IP addresses to local network devices as well as the practice of creating unique interface identifiers based on MAC addresses.
Privacy extensions certainly offer an alternative to the modified EUI-64 address format; however, since the prefix of an IPv6 address is ultimately sufficient to draw up a profile of Internet user behavior, it would be desirable to add to the privacy extensions a prefix assigned by the ISP to ensure anonymity on the Internet.