IP v6

References

IP Next Generation Overview, Robert M Hinden, Communications of the ACM, June 1996.

Goals

Address issues of growth (addressing, routing)
Add support for high performance media (ATM, Fast Ethernet) as well as low-bandwidth media (wireless)
Maintain compatibility with IPv4 (current generation IP) and make allow for smooth transition
Deal with security, auto-configuration, real-time issues

Of these, the driving issue was growth. The number of networks (~80,000) connected to the Internet was doubling every 12 months as of early 1996. This growth will eventually taper off as most schools, business, governments are connected. Expected growth in the future will be in new markets.

Some new markets driving growth in use of IP will be:
nomadic computing devices (PDAs, smart cellphones, laptops, etc)
networked entertainment (everyone's TV on the Net)
embedded system device control

Obviously these new markets make very much different sorts of demands on IP than does the traditional computer market. Mobility, low bandwidth, security, very large scale must drive IPv6. If the next generation IP doesn't address these issues then multiple, proprietary, protocols will be developed (i.e. no one's going to wait for the IETF).

Transition

IPv4 will run out of addresses, the question is when, not if. CIDR has extended this time. Routers are being overwhelmed because pools of IP addresses are exhausted and large organizations need to use lots of smaller class C address domains. The trick is to get IPv6 in place and make it compatible before IPv4 breaks down.

The nature of the Internet means that the transition won't be sudden and complete. Co-existence is essential.

Changes from v4 to v6

Expanded addressing and routing

128 bits (from 32) for addresses
"anycast addresses" - a packet which can be delivered to any one of a set of hosts

Header format

some unused fields dropped, others shrunk
address field is 4 times as large, but overall header is only 2x as large
common use of headers is now more efficient

IP version (4 bits)

Priority (4 bits)

Flow label (24 bits)

Payload length (16 bit) - number of bytes in the packet

Next header (8 bits) - type of header following this IP header (compatible with protocol field in v4)

Hop limit (8 bits) - decremented by 1 for each hop; packet discarded when it reaches 0

Source address (128 bits)

Destination address (128 bits)

Better support for header options

more extensible for future options

Quality-of-service

now possible to identify packets in a particular "flow" and give them higher priority handling

Security

extensions for authentication, data integrity, confidentiality are built-in and required

Addressing

Addresses are assigned to interfaces, not nodes. Each node (host) may have multiple interfaces. Each interface may have mulitiple addresses.

Three types of addresses:

unicast - one interface
anycast - set of interfaces, the one with the shortest route can be used
multicast - set of interfaces, all must be sent

128 bits of addressing gives you 4 billion times 4 billion more addresses than in v4. This is 665 x 10^21 addresses per square meter of Earth! (but doesn't consider the way address domains are constructed). If the v6 addressing scheme achieves the same sort of efficiency as other large addressing schems (telephone systems, IPv4, IEEE 802) then in the worst case you have 8x10^17 addresses. The best case is 2x10^33. Lots of addresses.

How much of the 128 bits a node understands is determined by the role it plays. End nodes probably don't know anything at all about addresses. High level routers will have lots of knowledge of how the 128 bits are broken down.

Local-use addresses allow for an organization to assign internally unique IP addresses (subnet + interface) without getting any addresses from Internet officials. Later, if the organization wants to connect to the Internet they get a globally unique identifer (registry + provider + subscriber) that makes their internal address globally unique. No manual re-numbering when you join the Net.

IPv4 addresses are supported by using a 32 bit portion of the v6 address and a special pattern in the first 96 bits.

Routing

Compatible with v4 protocols (OSPF, RIP, IDRP, ISIS). Reflects large installed base.

Some extensions for:

provider selection (gives control over route taken based on policy, performance, cost, etc)
host mobility (route to whatever the current location is)
auto-readdressing (route to a new address)

Quality of Service

This is support for non-default delivery quality. Real-time apps like multimedia require this.

Flow labels identify packets in a related flow of packets. Each flow is between a unique source and destination address (including anycast and multicast). The actual value is choosen randomly so that routers can use this identifier in a hash table to determine characteristics for the flow.

Hosts that don't support flow labels must set this header field to 0 (not part of a flow) when originating a packet, forward it unchanged, and ignore the field when receiving a packet.

Priority field determines the relative priority of packets from a given host. The first half (0-7) is used for traffic that follows congestion-control (backoff) algorithms (like TCP traffic). Suggested levels are:

0	uncharacterize data
1	filler traffic (USENET news)
2	unattended data transfer (email)
3	reserved
4	attended bulk transfer (ftp, http, nfs)
5	reserved
6	interactive traffic (telnet, X, etc)
7	Internet control (routing, SNMP)

The other 8 levels (8 - 15) are for non-congestion controlled data like video and audio streams. The lowest value is for those packets which the sender is most willing to have thrown away if necessary.

Security

There is no support for authentication or encryption in the current IP. As a result these sorts of services are done at the transport level (secure sockets, for example). IPv6 addresses these issues.

An Authentication Header (an optional header) can be used to guarantee authentication and integrity of a packet. MD5 is required, but other algorithms are supported. Exportability is not an issue since no encryption is done on the data.

The Encapsulating Security Header provides for encryption of contents. The required algorithm is DES CBC, others may be used.

Mobile

Each v6 node is permanently identified by its "home address". When a mobile node leaves its home subnet, it leaves a "care-of" address behind with a "home agent". The home agent is a router responsible for intercepting packets bound for the home address of the mobile node and encapsulating them for tunneling to the care-of address. This preserves transparency of location to all higher protocol layers and corresponding hosts.

For performance sake a correspondent node caches the binding of a mobile node's home address to its care-of address. Subsequent traffic to the mobile node will be sent directly to the mobile node's care-of address, rather than via the home agent. The cache time is somewhere between 0 and 2^16 seconds (or infinity). Caching prevents the home agent from being a bottleneck and reduces overall network traffic. The cached binding is sent to the correspondent node by the mobile node when it receives the first encapsulated packet.

The mobile node would typically get its foreign address via DHCP. It is then responsible for sending this care-of address back to its home agent (router). The route acting as home agent uses proxy Neighbor Discovery to intercept packets for the mobile node.

It's possible for a mobile node to have more than one care-of addresses. In this case it may receive packets to both of them. This could be helpful for things like overlapping cell phone ranges.

IPv6 Authentication Header is used to establish a binding so that you can't just start intercepting some nodes packets.

Current Status

Protocol documents for IPv6 have been approved by the IETF Steering Group. Many vendors are working on implementations. All hardware/OS combinations of any significance (volume) have a port going or done.

Lots of attention was paid to the transition problem (from v4 to v6) right from the start of the v6 project. The transition can be made incrementally, there are no dependencies (like all your routers must be upgraded at the same time), some things (like local printers) may never need to be upgraded, you don't have to get new addresses to upgrade. The only requirement is that your DNS server be upgraded first to map v6 names/addresses.

Adoption is being slower than expected. Companies and networks where address space is most stressed are being more aggresive.