Wednesday, March 9, 2011

IPv6 and the myth it's unnecessary

Once upon a time a group of experts in their fields came together and asked themselves: if they wanted to build a network that would link numerous academic and military institutions, how would it work?

The result was ARPANET, one of the precursors to the Internet (and arguably the most important and influential.) The core of ARPANET, which forms the backbone of the Internet today, is something called IP - which stands for Internet Protocol. Whenever you request a webpage over the Internet, or watch a video, or use a VoIP call, you're using IP at some level. What's happening is that the content you're using or sending is broken out into little pieces called IP packets, and sent to the destination. Each destination is identified by a number - and you've probably heard of that number, it's called an IP address.

The current version of IP is v4. You might ask what became of protocols one through three, and quite honestly, I can't tell you. In any case, IPv4 is the current standard, and in theory it allows the simultaneous connection of around four BILLION devices. That's a lot of IP devices. However, with a world population of seven billion, you can immediately see a problem.

Of course, most of that seven billion isn't connected to the Internet, but, on the other hand, most of us who are have multiple devices hooked up. My wife and I have, between us:

- Two laptops
- A satellite receiver
- An Internet connected media player
- Two cellphones

Then we also have, at our employers, our work computers, and we use various  servers too. And I haven't even counted the routers and other bits of infrastructure necessary to make the network work at all.

Actually, we have a lot more connected to the Internet than the above, reflecting the fact your's truly works in the computer industry (my home is full of servers!), but it should be fairly obvious that, actually, the vast majority of Americans have multiple devices that need Internet access.

There's also an efficiency problem. Just because an IP address exists doesn't mean it's usable. In some cases, the agencies responsible for allocating IP addresses have reserved blocks for special uses. In other cases, it would be terribly inefficient to deliver exactly the right number of IP addresses to an organization, and thus a company that might only have ten servers will commonly have a block of 256 IP addresses allocated to them.

The result of this is something that's little publicised and actually treated as false by the majority of people: we ran out of IP addresses many, many, years ago.

No, we did. So what did we do to solve the problem? Well, back in the 1990s, when the Internet was young, it was typical for individuals to only get a single IP address from their ISP, and even if they had multiple accounts, they could only log into one at once because more than one would require multiple modems and phone lines. As a result, the more geeky of us, who had home networks, were faced with a problem - how did we allow all of our computers to use the Internet when we only had one IP address?

The result was development of a system called NAT. NAT allows multiple devices to share a single IP address. It was controversial when it was first developed, and actually banned by many ISPs until the early 21st Century, who thought computer programmers with two computers would be more than happy to rent a $500 T1 to ensure both could connect simultaneously. As the technology became mainstream, the ISPs relented, and NAT became popular.

What does NAT do? Well, NAT can be thought of as a proxy. When a computer behind NAT wants to make a connection to a machine on the Internet, the NAT gateway rewrites the packet so it looks like it came from the gateway, not the computer. When responses come in, the gateway recognises who they're for, and routes them to the computer.

The problem with NAT is that it's only designed to work one way: if a computer is behind NAT, it doesn't have a "real" IP address, and so there's no way for a computer on the Internet to make a connection to it. NAT works very well with some applications - for web browsing, or a programmer making an administrative connection to a server, NAT is fine. But certain systems require two way communication, sometimes surprisingly so. Protocols that require two way communication include:
  • Direct peer-to-peer telecommunication such as voice over IP
  • The BitTorrent file transfer system
  • Authentication and security systems where both sides need authentication
  • Any type of "push" notification - for example, to receive notification of an email immediately upon it arriving at a server.
In some cases, the protocols to implement the above have been implemented using workarounds, but in many cases those workarounds are dreadfully inefficient and arguably insecure. Typically, a server has to be put on the Internet that acts as a proxy. Other systems, such as STUN, provide workarounds for certain types of NAT implementation. But either way, NAT is a problem, and prevents things from working smoothly that would work if only computers using NAT were directly accessable.


What's IPv6? It's something similar to the protocol the experts mentioned above would have put together had they known that the entire world, instead of just a group of academic institutions and the military, would have been using their network. IPv6 has a lot of great features, some of which, such as IPSec, have actually become standards in the IPv4 world too, but critically IPv6 changes the way IP addresses are allocated.

Instead of there being a mere four billion IP addresses, there are four billion x four billion x four billion x four billion addresses! That's a lot of zeroes. It's enough to make NAT unnecessary, indeed the standard way users will get IPv6 connections from their ISPs will involve them receiving four billion x four billion (that's two to the power of sixty four!) addresses all allocated to them.

Businesses will normally get the same thing, and that'll be fine because they're not going to need anything different.

This has important ramifications. If computers can now talk directly to one another, the hacks and workarounds of yesteryear will no longer be necessary, and things should start to "just work". In fact, IPv6 even has its own systems for allocating addresses on a network that'll mean that it should be no harder to hook up a device to your network than it is to your power supply. Instructions on hooking up a Roku box or a Vonage router will no longer involve complications requiring you hook it up to your router in a certain way or spend time configuring ports.

Making the move

What's stopping adoption? Well, IPv6 is incompatible with IPv4. A computer that supports it needs to run two network stacks, and it needs an IPv6 router. Windows, Ubuntu, and Mac OS X, all have those network stacks, but may need the stacks turned on.

In terms of getting a connection, three methods exist:
  • The best way, and least available, is to get an IPv6 feed directly from your ISP. Unfortunately ISPs that offer IPv6 are extremely uncommon, but this is likely to change in the year ahead.
  • The second best way is a system called 6to4. I use 6to4 myself. In 6to4, every IPv4 address has a block of IPv6 addresses associated with it. These are real addresses - if you can configure your system to use 6to4, then your computers have real, routable, addresses, and you will be able to talk to any IPv6 site. The downside of 6to4 is... well, there's only one downside actually: some ISPs block it! I'm not kidding, I tried using it over AT&T's DSL service here in Florida and found they were actually blocking the public 6to4 gateway. Idiocy!
  • The worst way, but in some cases the only option available, is to use one of the private services that will allocate an IPv6 block to you and allow you to access it over a kind of VPN. It's not pretty, but it works, and may be your only option of the others are not available.
All of these methods will allow you to hook up your home or business network so that all your machines have real, routable, IPv6 addresses, and so that they can communicate with any IPv6 connected device.

What are the benefits today? They're relatively few, but they will grow Like-minded individuals can communicate using IPv6 and take advantage of the various security improvements. For example, two organisations can agree to allow certain machines to access certain other machines, something impossible in an IPv4 NAT environment. People using IPv6 can use protocols like Bittorrent and SIP without having to concern themselves with convoluted firewall configurations.

On the other hand, these advantages suffer from the relatively small size of the network right now. But there's one advantage you can see immediately: you'll be ahead of everyone else in understanding the technology and the steps needed to migrate to it.

The problems you encounter will almost all center around one thing: apps. While efforts have been made to make adding IPv6 compatibility to existing applications extremely easy, the reality is that many have not been made compatible for a variety of different reasons. This is being worked on, but it does mean that in the short term, you'll be forced to use both IPv4 and IPv6, even if the only people you're interested in communicating with use IPv6.

Try it though, it's the future, and quite honestly, the future should have been here a long long time ago.

No comments: