Integrative Project

Security Improvements of IPv6 as Compared to IPv4 for

Basic Network Administrators

William F. Cleveland
TS5990 Integrative Project
Capella University
Instructor: Dr. Sharon Gagnon
March 8, 2009
Abstract

The Project is written to answer the question of why the conversion of IPv4 to IPv6 is

important from both a general and specifically security reasons. Two of the major reasons are

because of the increase in devices that can access the Internet and improvements in security.

Other reasons will be brought to the attention of the target audience.

The guide is written toward the basic networking administrator and gives reason why

they should embrace IPv6 more quickly. It will not cover the how to implement IPv6, other

than to explain what software and hardware devices support IPv6 already and those that are

quickly adapting the protocol.

The project is written to expand the author's experience and to provide a guide to the

target audience. The topic must be explained in a matter that instructs the user and explores

the topic thoroughly so no doubt may be left as to the importance of converting and upgrading

to IPv6 for TCP/IP communications.

Table of Contents
Abstract.......................................................................................................................................2
Executive Summary ...................................................................................................................7
Ethical and Legal Assumptions...................................................................................................8
Introduction..................................................................................................................................8
IPv4 Background.........................................................................................................................9
Limitations of IPv4: ...............................................................................................................11
NAT (Network Address Translation):.....................................................................................15
IPv6 Benefits.............................................................................................................................17
IPv6 and Mobility..................................................................................................................17
IPv6 Internet Security ..........................................................................................................18
IPv6 Extension headers: ......................................................................................................19
Hop-by-hop extension header:.........................................................................................19
Destination Options Extension Header: ..........................................................................19
Routing Extension Header: ..............................................................................................20
Fragment Extension header: ...........................................................................................20
Order matters:...................................................................................................................21
IPv6 Security Concerns:............................................................................................................23
General Security concepts for IPv6......................................................................................24
IPsec Protects Packets.........................................................................................................25
Direct end-to-end connections..............................................................................................27
Forwarding of packets .........................................................................................................28
IPv6 Usage:...............................................................................................................................29
So, why so little IPv6 traffic?.................................................................................................30
Incentives..............................................................................................................................31
Conclusion.................................................................................................................................32
References ...............................................................................................................................34
Appendix A: [Stakeholder Acceptance].....................................................................................35
Appendix B: [IPv6 Terminology]................................................................................................36
List of Figures
Figure 1: World Population Growth ..................................................................................10
Figure 2: World Population compared to IPv6 Addresses ..............................................11
Figure 3: IPv4 vs IPv6 (Lane & Hauser, 2002, p412).......................................................14
Figure 4: NAT Diagram (Davies, 2008. p8).......................................................................16
Figure 5: IPv6 Header diagram (Hogg & Vyncke, 2009. p16)..........................................23
Figure 6: Internet Traffic (Labovitz, 2008).........................................................................29
Index of Tables
Table 1: IPv4 Private Addresses (Graham, 1997)........................................................16
Table 2: Extension Header Order (Hogg & Vyncke, 2009)...........................................21
Table 3: Header Field names and Functions (Hogg & Vyncke, 2009. p16)..................22
Table 4: Risky Message types (Hogg & Vyncke, 2009. p20)........................................24
Table 5: Common Security Weaknesses (Hagen, 2006. p101)....................................25
Table 6: IPsec Framework Elements (Hagen, 2006. p103)..........................................26

William Cleveland Page 5

Appendices

Appendix A Stakeholder Acceptance ..…………………………………………………..35

Appendix B: [IPv6 Terminology].…………………………………………………............36

William Cleveland Page 6

Executive Summary
The project is an analysis of the importance of IPv6, and why it should be

implemented on local and global networks. It will give the strengths and weaknesses

of the protocol and the details of it's makeup. The target audience will be written for

network administrators who have not looked into the details of IPv6, but should have

an understanding of the technology and it's benefits.

Topics covered include the security improvements of the new protocol, the

addressing shortage of IPv4 and large number of possible IPv6 addresses, security

concerns, and the structure of IPv6 protocol. Many examples and details are

presented from several sources to back up the statements and theories.

Very little will be discussed on how to implement IPv6, instead focusing on the

why it should be implemented. With more administrators pushing for it's

implementation, more and more networks will start using it, and thus force more and

more networks to adapt to it.

William Cleveland Page 7

Ethical and Legal Assumptions
The ethical and legal impacts of the IPv6 technology on society are broadly

described as affecting all the people who use and access the Internet. It is well

known in industry that IPv4 addresses are running out and with more and more people

and devices depending on the communication opportunities of the Internet. We can

not allow those addresses to run out and cause problems. Failure to convert

communication standards to use IPv6, which allows for unique addresses of nearly

every grain of sand on all the beaches on the planet, would cause widespread

communication problems. Communications that we are becoming more and more

dependent upon.

As a new technology in a transition period, it will be at it's weakest to hackers

and those out to exploit the new technology. However, with improved security

features over that of IPv4, IPv6 will provide a more secure long term solution.

Introduction
Written as a persuasive paper on using IPv6, this work will give some

background on IPv4 and why it is quickly becoming outdated, and obsolete. Next you

will read about the improvements that IPv6 has to offer to all Internet users for every

purpose. Some of the weak points will be raised, but solutions will be pointed out that

should outweigh them.

William Cleveland Page 8

 Topics will be addressed such as the slow pace of adapting IPv6, especially in

America, mainly due to other counties trying to remove themselves from the perceived

control America has over the Internet addressing system. Also, as many countries

are creating new networks and expanding or even creating their communications

backbone, it is easy for them to implement IPv6 initially, instead of using IPv4 then

switching over at a later date

IPv4 Background

The need for moving away from IPv4 and implementing IPv6 can be

understood when you keep in mind how many mobile devices are in the world; how

many people each day are accessing the Internet for the first time; the creation of

huge wireless network grids; and the idea of giving additional electric devices (Stove,

Refrigerator, Washing machines, etc.) access to the Internet. While IPv4 provides

about four billion IP addresses — not enough to assign one to everyone of Earth's

more than six billion inhabitants — IPv6 provides enough address space to assign

more than three billion network addresses to every person on the planet. (Colitti, L. &

Kline, E. 2008). This is significantly lower than the actual number because of the

reservation of address to special devices and entities. To put the total number into

perspective, here is a chart based on data from the US. Census Bureau showing

world population estimates (see Figure 1).

William Cleveland Page 9

25,000,000,000

20,000,000,000

15,000,000,000

10,000,000,000

5,000,000,000

0
04/12 10/17 04/23 10/28 04/34 11/39 05/45 11/50 05/56 11/61 05/67 12/72 06/78 12/83 06/89 12/94 07/00 01/06
07/09 01/15 07/20 01/26 07/31 01/37 08/42 02/48 08/53 02/59 08/64 03/70 09/75 03/81 09/86 03/92 09/97 04/03 10/08
Figure 1: World Population Growth

Figure 1 shows a curve displaying a constant 1.14% increase in growth from

2009 to 2108. It starts at about 6 billion people on the planet, and by 2108 shows 21

billion people. (This chart does not take into account projected reductions in the

growth rate or other variables, but uses a constant growth number to simplify the data.

since this chart is only an example of the large numbers involved).

Figure 2 shows the exact same population growth data, but the total number of

addresses available in IPv6 is listed as the last data point. Also, the population

numbers are represented in scientific notation to save space.

William Cleveland Page 10

 1.00E+40

1.00E+36

1.00E+32

1.00E+28

1.00E+24

1.00E+20

1.00E+16

1.00E+12

1.00E+08

1.00E+04

1.00E+00
04/12 10/17 04/23 10/28 04/34 11/39 05/45 11/50 05/56 11/61 05/67 12/72 06/78 12/83 06/89 12/94 07/00 01/06
07/09 01/15 07/20 01/26 07/31 01/37 08/42 02/48 08/53 02/59 08/64 03/70 09/75 03/81 09/86 03/92 09/97 04/03 10/08

Figure 2: World Population compared to IPv6 Addresses

As the graph depicts, the population growth curve appears to go away

because the difference between 7 billion and 21 billion is small when working with

numbers that have 38 zeros behind them instead of only 9. Again, all that was done

to the data was to add the total addresses available with IPv6. This number uses 128

bits of space, which can be expressed as a real number of 3.4*10^38 total addresses

(Davies, 2008. p6).

Limitations of IPv4:

The protocol for IPv4 has not been changed since Request for Comments

(RFC) 791 published in 1981, by the Information Sciences Institute, University of

Southern California. The protocol has proven to be robust, easily implemented, and

interoperable. Scalable as an intra-network and on a global utility the size of today's

Internet.

William Cleveland Page 11

 However, the Internet grew very quickly in the 90's and continues to grow very

quickly as we approach 2010. IPv4 addressing experienced those growth pains and

encountered the following problems which were not anticipated:

Exponential growth of the Internet. IPv4 is based on 32bit addressing which

allows about 4.2 billion unique addresses, but previous and current allocation

practices only allow for a few hundred million public addresses. This is because

many companies who initially supported the Internet backbone were allocated Class A

network address. (The first number in the address, ex. 9.xxx.xxx.xxx). This removed

large sections of addresses from being used by other entities. This has forced many

organizations to use Network Address Translation (NAT) to map out more addresses

for internal networking (more on how this works later). This directly defeats the true

peer-to-peer connectivity and fundamental design principle of the original Internet

(Davies, 2008).

Need for simpler configurations: Dynamic Host Configuration Protocol

(DHCP) is a stateful address configuration protocol or manually configured. With

more and more devices connecting to the Internet, an easier way to configure them is

needed. Automatic configuration of addresses and other configuration settings are

needed that do not rely on the administration of DHCP infrastructure (Davies, 2008)

Need for security at the Internet layer: More security is needed because of

public access. Initially the Internet was limited to universities doing research and the

government, so trust was pretty high. An optional security layer was added later to

IPv4 called Internet Protocol Security, or IPSec which provides security. It is standard

in IPv6, and enhances the overall security of each individual packet sent over the

William Cleveland Page 12

network. Many proprietary solutions also exist to provide the needed security when

sending private communications over a public medium (Davies, 2008).

Need to prioritize and support real-time delivery of data across the Internet.

Being able to prioritize the data would greatly help speed up many applications. E-

mail does not need to move at the same speed as a video conference. Gamers may

want to pay more for quicker response times. With IPv4 all data is treated the same

on the Internet.

There are many differences between the two protocols. Many of the

improvements will be detailed later in the paper. Figure 3 goes into detail about the

many changes by breaking down them down and listing them out. Chapter

references in the Figure are from the book by Lane, P. T. & Hauser, R. (2002). CIW

Internetworking Professional Study Guide. Alameda, CA. Sybex Inc.

William Cleveland Page 13

 Figure 3: IPv4 vs IPv6 (Lane & Hauser, 2002, p412)

William Cleveland Page 14

NAT (Network Address Translation):

NAT (Network Address Translation) is widely used to connect many intranets to

the Internet. Most home and small business networking solutions use a router that

split one IP address assigned by their provider to many hosts or devices on their

intranet. This is required because of the limited number of public addresses. By

using NAT, one IP address can be used by several hundred hosts. However, the more

hosts, the slower the network performance (Davies, 2008).

Using a NAT creates two extra connection steps when all Internet packets leave

the NAT (usually built into the router that connects the Intranet to the Internet). The

extra steps require processing and changing the data packet's contents, hopefully as

fast as the hosts are requesting them. Here is how it works:

The host PC with NAT address (192.168.0.10 port 1025) requests information

from Internet web server: (157.60.13.9 port 80). Port 1025 is used by svchost.exe

(Microsoft Remote Procedure Call (RPC) service ), 80 is a web server listen port.

The router takes that request before allowing it to leave the intranet and

changes a couple of things: The source address is now the NAT public IP address (the

address your Internet provider supplies you), and the source port is changed to 5000

(or some number) and mapped (in a internal table) to 192.168.0.10 port 1025.

William Cleveland Page 15

Figure 4: NAT Diagram (Davies, 2008. p8)

When the web server sends back the packet of information the NAT has to read

the packet and decide which device requested it. The NAT checks it translation table

and determines that the packet with a port request of 5000 was requested by local

system with IP address of 192.168.0.10 port 1025. Consequently it modifies the

packet and sends it on to the requesting Host PC. Routers are getting faster then

they were, but so is the increase in the traffic on the network. This will lead to a

reduction in the performance of the intranet devices accessing the Internet (Davies,

2008)

The use of NAT in coordination with private network address allows for

companies of varied size to maintain internal networks and still connect to the Internet.

There are three ranges of IPv4 private addresses (Graham, 1997)

IP address range network/mask number of address

10.0.0.0 - 10.255.255.255 10.0.0.0/8 16,777,216 (224)
172.16.0.0 - 172.31.255.255 172.16.0.0/12 1,048,576 (220)
192.168.0.0 - 192.168.255.255 192.168.0.0/16 65,536 (216)
Table 1: IPv4 Private Addresses (Graham, 1997)

William Cleveland Page 16

IPv6 Benefits
As discussed, the benefits of IPv6 include public addressing for all devices and

networks for the foreseeable future. Of course it is hard to imagine what new

technology requirements there may be that would require more addresses. One

requirement might be if not only we had addresses for each device, but also for each

application or data file on the devices, perhaps as a way to prevent piracy or some

other reason. Another suggestion could be for inventory reasons. The military for

instance could keep track of every bullet in every gun ever fired if they wanted to track

this type of information.

Mobility features, security, direct end-to-end connections, and more efficient

forwarding of packets are all reasons to adapt IPv6 technology. This section will

explore in more detail those benefits.

IPv6 and Mobility

More and more devices are becoming mobile because of demands by

companies and individuals who want the power of their desktop computers in their

hands. Today's hand held devices have much more processing power than the first

mainframe computers. Being mobile means being able to access your e-mail, phone

messages, and information on the Internet while moving between wireless networks.

Users do not want to experience zones of blackout areas where they can not

William Cleveland Page 17

stay connected or delays while switching from one network to another. Wireless

network providers are increasing their coverage, and devices need to adapt to

switching seamlessly between networks. IPv6 can be used by many applications with

mobility features. These applications can be in cars, bikes, trains, and many other

types of transportation that would have substantial connectivity requirements. IPv6

enables sensor-based networks that form roaming ad hoc meshed networks over

topologies. The huge numbers required to create a mesh network would make IPv6

ideal protocol for communications (Hogg & Vyncke, 2009)

IPv6 Internet Security

The Internet is running both IPv4 and IPv6 protocols at the same time because

they are independent. IPv6 addresses are different, so addresses are unique and

easy to filter. Systems need the IPv6 protocol on nodes to access IPv6 services.

There are several risks associated with using IPv6 because each device has its own

direct address and are susceptible to flooding traffic where one computer sends

requests to many computers at the same time. “Benefits of using IPv6 are great, but

so are the consequences if the communication is not secured properly” (Hogg &

Vyckie, 2009. p77)

An example of risk reductoin in apopting IPv6 would be that network worms

would find it harder to propagate because it is difficult to guess the IP address of other

systems since there are so many IPv6 addresses and the total number used is small.

There is a further reduction in the chance of spreading because different types of

William Cleveland Page 18

devices may not be susceptible to the vulnerabilities that are allowing the worm to

spread. It can not be said that worm writers will not figure out how to get around this,

but it will take a bit longer. For instance, they could use search engines, scan the

host's routing table, or use a combination of IPv4 and IPv6 protocols to spread faster

(Hogg & Vyncke, 2008)

IPv6 Extension headers:

Extension headers provide additional options for special case packets. IPv4

has options field after, but using these options is rare because of the greatly increased

processing time required for the packet. IPv6 deals with these extension headers

more effectively. The options are located in the header between the IP header and

the data payload. There can be more than one extension header in a packet, but

they are not required. There are several types of extension headers in IPv6 (Lane &

Hauser, 2002).

Hop-by-hop extension header:

This header is used to pass optional information to all nodes along a packet's

delivery path. It must be the first header in the packet as it is read by every node

along the path. It should also appear only once in the packet. This header has the

same structure as the Destination Options header.(Hogg & Vyncke, 2009)

Destination Options Extension Header:

Passes additional parameters to the destination system. This header does not

William Cleveland Page 19

need to be processed until the destination is reached. This header has the same

structure as the Hop-by-hop header (Lane & Hauser, 2002).

Routing Extension Header:

This header is used for identifying routes for the packet. It lists one or more

intermediate relays through which the packet must be routed on it way to the

destination node. Standards require that all nodes (Routers and hosts) must be able

to handle a IPv6 packet that contains a routing header. There are two types of routing

headers. Type 0 is similar to the concept of IPv4 source routing headers. Type 2 is

for IPv6 Mobile.

This header can be used to reflect traffic through a middle host before reaching

it's destination. Skipping hosts can improve speed, but could be used as a means to

bypass firewalls that do not check for the presence of the routing extension header

(Hogg & Vyncke, 2009)

Fragment Extension header:

Fragmentation is the process of breaking an IP packet in to smaller packets to

be easily carried across a data network that would not normally be able to handle the

large packets (like a wireless network). When the large packet is received,and the

outbound interface MTU is size is too small, each packet is broken up before

transmission, and given a unique identifier (fragment ID). The receiving host

reassembles the fragments by putting them all back together in order and then

passing the resulting complete IP packet to the protocol stack (Hogg & Vyncke. 2009)

William Cleveland Page 20

 The fragment extension header divides packets that are larger than the MTU

(Maximum Transmission Unit ). The IPv6 header does not fragment packets like IPv4.

Large packets are now handled by the sending systems, not the intermediate routers

(Lane & Hauser, 2002).

Order matters:

The IPv6 packet does not need to contain any extension headers, or it can

contain just a few. If it does contain more than one extension header they should be

placed in a specific order. The recommended order is shown in Table 2 (Lane &

Hauser, 2002)(Hogg & Vyncke, 2009)..

Next-Header Number Header Name

1 IPv6 Header
2 Hop-by-Hop Options header
3 Destination Options header
4 Routing header
5 Fragment header
6 Authentication header
7 Encrypted Security Payload header
8 Destination Options header
9 Upper-layer header header
Payload
Table 2: Extension Header Order (Hogg & Vyncke, 2009)

The fields withing the IPv6 header each have very specific jobs. Table 3 is a list

of the fields in the header and what they are used for:

William Cleveland Page 21

 Field Name Function
Version Always equal to 6 for IPv6
Traffic Class Identifies the priority and class of service
of this packet
Flow Label For future use in identifying packets that
are part of a unique flow, stream or
connection.
Payload Length Defined the length in octets of the packet
that follows the IPv6 header
Next Header Identifies the type of header that follows
the IPv6 header
Hop Limit Counter for the remaining number of hops
that the packet can traverse.
Source Address The IPv6 address of the node that
originated this packet.
Destination Address The IPv6 address that this packet is
destined for.
Table 3: Header Field names and Functions (Hogg & Vyncke, 2009. p16)

Figure 5, shows the header diagram standard. This standard covers the IPv6

header format that is used in the IPv6 protocol. It is based on 32 bit boundaries to

make it easy for 32-bit processors to utilize the structure effectively. The protocol and

header itself do not represent any security vulnerabilities. How they are processed

and created are what lead to security issues. “Packets do not hack computers,

hackers hack computers” (Hogg & Vyncke, 2009. p17).

William Cleveland Page 22

 Figure 5: IPv6 Header diagram (Hogg & Vyncke, 2009. p16)

Hogg & Vyncke (2009) warns that although extensions are a good addition to

the protocol, there are several security risks associated with them at this time.

IPv6 Security Concerns:

The Internet Engineering Task Force (IETF) is the organization that defines the

specifications of the IPv6 protocol. Implementors must follow these rules to create an

interoperable protocol. Some of the specs are not fully defined and are considered

ambiguous and incomplete. This allows unforeseen security issues to arise after

software is developed and deployed. Most of these vulnerabilities involve fields within

the IPv6 packet header. These headers define the protocol and are the primary focus

of research into security for IPv6.

There are many elements to a IPv6 packet, and to maximize security you need

William Cleveland Page 23

an extensive ACL (Access control List). This will provide filtering on a network device

to parse the header and skip past several extension headers to reach the upper-layer

information to determine whether the protocol should be passed. The ACL filters for

IPv6 need to handle fragmentation and determine if a fragment is part of a multi-part

package, or part of a “Multi-packet attack” (Hogg & Vyncke, 2009). The filters need to

read the header, extension header, upper-layer information and payload of a packet.

One technique that can be easily implemented is to block all the message

packets that have not yet need allocated by the IANA. The Internet Assigned

Numbers Authority (IANA) is responsible for the global coordination of the DNS Root,

IP addressing, and other Internet protocol resources. There are 4 types of messages

with unallocated message types. They are listed in Table 4.

Risk Types
Unallocated error messages 5-99, and 102-126
Unallocated informational messages 155-199, and 202-254
Experimental messages 100, 101, 200, and 201
Extension type numbers 127, 255
Table 4: Risky Message types (Hogg & Vyncke, 2009. p20)

Of course if you add these to your filters, they will have to be updated when the

types become valid (Hogg & Vyncke, 2009).

General Security concepts for IPv6

A general security review is always good for a network administrator. A

comprehensive security plan needs to consider many aspects, not just attacks from

William Cleveland Page 24

outside the network. The list in Table 5 covers many of the points of weakness that

may be encountered in a network plan:

Common Security Weaknesses

Insufficient of nonexistent IT security concepts and corresponding provisions
Nonobservance or insufficient control of IT security Provisions
Usurping of rights (password Theft)
Incorrect use or faulty administration of IT systems
Abuse of rights
Weaknesses in software (buffer/heap overflows in conjunction with application
running with superuser rights).
Manipulation, theft or destruction of IT devices, software or data (physical security).
Network eavesdropping (sniffing wired or wireless network) or replaying of
messages.
Trojan horses, viruses, and worms
Security attacks such as masquerading, IP spoofing, Denial of Service (DoS) attacks,
or man-in-the-middle attacks
Routing misuse
Table 5: Common Security Weaknesses (Hagen, 2006. p101)

IPsec Protects Packets

The IPsec standard uses a combination of algorithmic choices based on

symmetric and asymmetric cryptography. Asymmetric cryptography is the use of

public and private security keys to communicate. Symmetric cryptography requires

both the sender and receiver to posses the same encryption key. Both IPv4 (added

later) and IPv6 protocols use IPsec to protect the data in the packets. The framework

William Cleveland Page 25

elements for IPsec are listed in Table 6:

IPsec Framework elements:

A general description of security requirements and mechanisms at the network layer
A protocol for encryption (Encapsulating Security Payload, ESP)
A protocol for authentication (Authentication header, AH)
A definition for the use of cryptographic algorithms for encryption and authentication
A Definition of security policies and security associations between communication
peers.
Key management
Table 6: IPsec Framework Elements (Hagen, 2006. p103)

The configuration of IPsec creates a protective boundary between the secure

and unsecured areas on the network. The boundary can be a single host or network.

The access control rules determine what happens to packets with IPsec information

traversing the boundary. Generally, each packet is either protected using security

services, discarded, or allowed to bypass the protection based on policies. These

policies match traffic to specific criteria defined by an administrator.

The difference between IPsec for IPv4 and IPv6 is that IPsec is optional for

IPv4, but is a requirement for IPv6 and integrated directly into the protocol and

available with any implementation. With IPv6 two headers are included as extension

headers, an Authentication Header (AH), and the Encapsulating Security Payload

header (ESP).

“The Authentication Header provides integrity and authentication for all end-to-

end data transported in an IP Packet.” (Hagen, 2006. p109). The header can be used

William Cleveland Page 26

in both transport and tunnel modes. In transport mode, the entire payload including

the fields of the IPv6 header is secured. In tunnel mode, the inner packet contains the

IP address of the sender and receiver. The outer IP header contains the IP address of

the tunnel endpoints. The rest of the complete packet is secured.

“The Encapsulating Security payload header (ESP) provides Integrity,

Confidentiality, Data Origin Authentication, Anti-Replay Service, and limited Traffic

Flow Confidentiality for all end-to-end data transported in an IP packet.” (Hagen, 2006.

p111). The ESP header is located in the front of the transport, network control, or

routing protocol header.

To guarantee interoperability, IPsec does include encryption algorithms that all

implementations must recognize. However, it also gives the user freedom to allow the

user to choose a specific encryption to authentication algorithm. IPsec is simply

providing a general framework that allows each pair of communicating endpoints to

choose algorithms and parameters (like key sizes) (Comer, 2000). Comer (2000) also

goes on to state that:

IPsec is not a single security protocol. Instead, IPsec provides a set of security

algorithms plus a general framework that allows a pair of communicating

entities to use whichever algorithms provide security appropriate for the

communication.

William Cleveland Page 27

Direct end-to-end connections

When using IPv4 there is a barrier between devices connecting directly to each

other. This prevents true peer to peer communications because of NATs in the path of

the data. With IPv6, NATs are no longer necessary to save addressing space, and the

problems with mapping addresses and ports disappear. This true end-to-end

communication between hosts on the Internet means addresses are not changed

while in transit, thus gateways, and application programmers do not have to deal with

the problems of keeping track of the changes. Restoring this connectivity will be come

much more important as more and more devices use peer-to-peer connections such

as mobile phones.

Restoring global addressing and end-to-end connectivity removes barriers for

applications needing the direct communication. This would also remove the need for

echo servers on the Internet. For businesses, it means easier development of peer-

based applications to share music or media, or collaborate without having to work

around NAT barriers. For home users, they would be able to connect directly to their

PCs from anywhere in the world, rather than having to use intermediate hosts on the

Internet (Davies, 2008).

Forwarding of packets

IPv6 has fewer fields to process while forwarding and thus fewer decisions to

make in forwarding. Unlike IPv4, the IPv6 header is a fixed size of 40 bytes, which

William Cleveland Page 28

allows faster processing by routers, because they do not have to determine the

contents of the header. Additionally, the structure of IPv6 global addresses means

that there are fewer routers to analyze in the routing tables of organizations and the

Internet backbone routers. This means traffic can be forwarded at higher data rates,

resulting in higher performance for tomorrow's high-bandwidth application that use

multiple data types (Davies, 2008)

IPv6 Usage:

How much traffic is currently using IPv6 protocols? The graphic below shows

the percentage of IPv6, both native and tunneled, as a percentage of all Internet

traffic. At its peak, in Dec 2007, IPv6 represented less than one hundredth of 1% of

Internet all traffic. (Labovitz, 2008). This graph also shows that as Internet traffic

increases, IPv6 traffic is not increasing at the same rate as IPv4. Consequently, the

percentage decreases over time as shown in Figure 6.

William Cleveland Page 29

Figure 6: Internet Traffic (Labovitz, 2008)
 A disclaimer to Figure 6 is put forward by Labovitz (2008):

….. the above graph may not be completely fair since many of the ISPs
do not have infrastructure to monitor native IPv6 (more about this later). But
our numbers seem to agree with data from a variety of other sources on IPv6
adoption rates.

So, why so little IPv6 traffic?

With all the benefits and rapidly approaching end for IPv4, it is a wonder why

more ISP are not switching over to the new protocol and taking advantage of the

improved technology. The biggest issue is money. The U.S. department of commerce

estimates it will cost $25 billion for ISPs to upgrade to native IPv6. Unlike the federal

incentive to upgrade to HDTV signals, there is little visual stimulus for customers to

demand upgrades from their ISPs (Labovitz, 2008).

The protocol is handled behind the scenes, like what kind of paint is used on

highways. The Internet highway is still here, do customers care how it all works? Not

now, but in the future when more and more devices are accessible on the Internet

problems will start to occur with speed and connectivity. This will be especially true

with users in North America, because other major Internet using countries are already

moving away from IPv4 because of the perceived American control over the protocol.

China, Japan, and the European Union are already well on their way to implementing

IPv6 backbones within their countries (Labovitz, 2008).

The report, from Arbor Networks, claims to be the most comprehensive study of

William Cleveland Page 30

IPv6 use to date. It includes few surprises for those who follow the area closely, but

the results provide a sobering measure of how just slowly the technology has been

adopted. "At its peak, IPv6 represented less than one hundredth of 1 percent of

Internet traffic" over the past year, Arbor Networks' Craig Labovitz (2008) wrote in a

summary of the findings, adding wryly: "This is somewhat equivalent to the allowed

parts of contaminants in drinking water." "We believe this is the largest study of IPv6

and Internet traffic in general to date (by several orders of magnitude)," Labovitz

(2008) wrote.

IPv6 is the successor to the current version of the Internet's underlying

protocol, IPv4. Its adoption is important because IPv4 can support only about 4 billion

IP (Internet Protocol) addresses and they are fast running out. While IPv6 will be able

to support many trillions more (2 to the 128th power). It also offers advantages in

security and network management.

Incentives
With cost being a major depressor for implementing IPv6, but IPv4 addressing

running very low as an incentive, the IANA has another incentive for ISPs to switch

over. Those that do are offered a minimum number of IP addresses of 2^64, or 1.8 *

10^19 (18,446,744,073,709,551,616) addresses, just for switching over to IPv6. That

may seem like a lot given the millions of ISPs and businesses, but we are working

with a huge number of total addresses, so the IANA is able to do this without causing

the same problems that preallocating IPv4 addresses caused (Labovitz, 2008).

William Cleveland Page 31

 For individual networks there could also be the incentive to be cutting edge and

experimenting with the new technologies before they become widespread in their use.

Thus giving an advantage to those that implement IPv6 early, before it is required.

Conclusion
IPv6 is a protocol that is several years old. It was created to replace the IPv4

protocol because of the number of Internet users is every increasing and IPv4 will

without doubt run out of addresses for those users and devices very soon. IPv6 will

have to be implemented and working smoothly before that time comes. It offers the

new security features and almost unlimited expansion of nodes that will be required in

the future.

Details were covered that showed many of the features of IPv6 including the

packet header makeup and security features. Some of the weaknesses were covered

to illustrate the problems that may be encountered, but when addressed, they are sure

to have solutions. Just as the problems of IPv4 were addressed and resolved when it

grew to widespread use.

There are ways for the user to implement IPv6 on their systems, and many

good Web sites that explain how to do this for many different platforms. There are

also many Web sites already created that support the IPv6 protocol only, so IPv4

users are not able to access them at all. A simple search of the web will provide many

results.

If this paper has peeked your interest in implementing IPv6, you should try

William Cleveland Page 32

some of the instructions available on the Internet and begin testing. If your Internet

provider does not support IPv6 at all or you have a router that does not handle IPv6

connections through your NAT, there are sites that allow you to create a direct network

tunnel, thus allowing you to get around those kind of obstacles (You have to sign up

for those services, but most appear to be free). There are many ways to begin using

IPv6 addressing now, and when more people use it, the more popular it will become.

William Cleveland Page 33

References
Beijnum, I. (2006). Running IPv6. New York, NY. Apress.

Capella University. (2008). TS5160: Business foundations for IT professional (2nd

ed.). Boston, MA: Prentice Hall Custom Publishing.

Colitti, L. & Kline, E. (2008). Looking Towards IPv6. Retrieved Feb. 25th, 2009 from

Official Google Blog. Web Site: http://googleblog.blogspot.com/2008/05/looking-

towards-ipv6.html

Comer, D. (2000). Internetworking with TCP/IP. Upper Saddle River, NJ. Prentice

Hall.

Davies, J. (2008). Understanding IPv6. Redmond, WA. Microsoft Publishing.

Graham, B. (1997). TCP/IP Addressing, Designing and optimizing your IP addressing

scheme. San Diego, CA. Academic Press,

Hagen, S. (2006). IPv6 Essentials. Sebastopol, CA. O'Reilly Media.

Hogg, S. & Vyncke, E. (2009). IPv6 Security. Indianapolis, IN. Cisco Press.

Labovitz, C. (2008). The End is near, but is IPv6? Retrieved Feb. 2nd, 2009, from Arbor

Networks. Web Site: http://asert.arbornetworks.com/2008/08/the-end-is-near-

but-is-ipv6/

Lane, P. T. & Hauser, R. (2002). CIW Internetworking Professional Study Guide.

Alameda, CA. Sybex Inc.

Siil, K. (2008). IPv6 Mandates. Indianapolis, IN. Wiley Publishing.

William Cleveland Page 34

Appendix A: [Stakeholder Acceptance]

Subject: Re:u01d1 Project Topic -

Topic: u01d1 Project Topic
Cleveland
Date: January 10, 2009 1:07
Author: Sharon Gagnon
PM
Bill,

As I have mentioned the deliverable for this course is the paper that you write. I can

be your stakeholder for this course and it is not necessary to find other people to be

involved. I have seen this project done several times and a good focus is to compare

IPV4 to IPV6. I will be looking for the "why" factor in your paper, not the "how to do it

factor" This is a good topic. Best wishes on your job search.

Sharon

William Cleveland Page 35

Appendix B: [IPv6 Terminology]
(Davies, 2008. p9-10)

Address: An identifier that can be used as the source or destination of the IPv6

packets that is assigned at the IPv6 layer to an interface or set of interfaces.

Host: A node that cannot forward IPv6 packets not explicitly addressed to itself (a

non-router). A host is typically the source and a destination of IPv6 traffic, and it

silently discard traffic received that is not explicitly addressed to itself.

Interface: The representation of a physical or logical attachment of a node to a link.

An example of a physical interface is a network adapter. An example of a logical

interface is a tunnel interface that is used to send IPv6 packets across an IPv4

network by encapsulating the IPv6 packet inside an IPv6 header.

IANA: The Internet Assigned Numbers Authority (IANA) is responsible for the global

coordination of the DNS Root, IP addressing, and other Internet protocol

resources

ICANN: Internet Corporation for Assigned Names and Numbers an international

nonprofit corporation set up by the world’s communities to help coordinate

Internet-related tasks. ICANN also replaced the U.S. government as the

responsible party that oversees Internet Assigned Numbers Authority (IANA).

ISP: Internet Service Provider. The local provider of Internet access. Usually a

company that for a fee provides individual households or businesses access to

William Cleveland Page 36

 the Internet. Access can be done through Coax cable, phone lines, electrical

wires, or wireless.

Link MTU: The maximum transmission unit – the number of bytes in a the largest IPv6

packet – that can be sent on a link. This is the same as the maximum payload

size of the link-layer technology.

Link: The set of network interfaces that are bounded by routers and that use the same

64-bit IPv6 unicast address prefix. Other terms for “link” are subnet and network

segment. Many link-layer technologies are already defined for IPv6, including

typical LAN technologies (such as Ethernet and Institute of Electrical and

Electronics Engineers [IEEE] 802.11 wireless) and a wide are network (WAN)

technologies (such as the Point-to-Point Protocol [PPP] and Frame Relay).

Additionally, IPv6 packets can be sent over logical links representing an IPv4 or

IPv6 network by encapsulating the IPv6 packet within an IPv4 or IPv6 header.

Neighbors: Nodes connected to the same link. Neighbors in IPv6 have special

significance because of the IPv6 Neighbor Discovery, which has facilities to

resolve neighbor link-layer addresses and detect and monitor neighbor

reachability.

Network: Two or more subnets connected by routers. Another term for network is

internetwork.

Node: Any Device that runs an implementation of IPv6. This includes routers and

hosts.

William Cleveland Page 37

Packet: The protocol data unit (PDU) that exists at the IPv6 layer and is composed of

an IPv6 header and payload.

Router: A node that can forward IPv6 packets not explicitly addressed to itself. On an

IPv6 network, a router also typically advertises its presence and host

configuration information.

Upper-layer protocol: A protocol above IPv6 that used IPv6 as it's transport.

Examples include Internet layer protocols such as ICMPv6 and Transport layer

protocols such as TCP and UDP (but not Application Layer protocols such as FTP

and DNS, which use TCP and UDP as their transport).

William Cleveland Page 38