netnix.org
Networking and Unix


The Long Road to IPv6

 September 22nd, 2013Sep 22nd, 2013      

There is a transition happening, albeit slowly, from IPv4 to IPv6, that is going to have an impact, but mostly on online gaming and other peer to peer services. Ever since the introduction of the Internet as we know it today, we have been using public IPv4 addresses to talk to people and to access content online. Unfortunately we have run out of IPv4 addresses as there weren’t enough to go around. An IPv4 address is a 32-bit number which is represented as 4 numbers separated by a dot (e.g. 192.168.0.1) – this provides roughly 4.3 billion addresses. In comparison, an IPv6 address is a 128-bit number which is represented as 8 groups of 4 hexadecimal digits separated by a colon (e.g. 2001:0db8:85a3:0042:1000:8a2e:0370:7334) – this amounts to approximately 48,000 quadrillion addresses (4.8 x 10^28) for each of the seven billion people alive in 2011.

Development of IPv6 started a long time ago and has been in use for a long time in some networks – IPv4 exhaustion was predicted to occur a long time ago, but wide IPv6 adoption was temporarily avoided through the introduction of NAT (Network Address Translation). Unfortunately, IPv6 doesn’t inter-operate with IPv4 – it’s like running two different protocols on the same network (ships in the night). This produced a chicken and egg scenario where people didn’t see the benefit of moving to IPv6 as all the content was on IPv4 and the content providers didn’t see the benefit as all the users were still using IPv4. Without the use of some form of translation, an IPv4 host can’t talk to an IPv6 host and an IPv6 host can’t talk to an IPv4 host.

The transition to IPv6 is also a painful one and will involve extensive use of NAT until everyone and everything is on IPv6. This is a pain that most Service Providers keep putting off, but more and more have been forced to start the transition due to IPv4 exhaustion.

In the past, a typical dial-up setup would look as follows:

dsl-setup

All the networked peripherals in your home use a private IPv4 address (e.g. 192.168.0.7), which aren’t allowed on the Internet. Your Residential Gateway or Router has the public IPv4 address facing your ISP and it’s job is to translate the private addresses into your one public address when you talk to things outside the home. This is a well understood setup and works well (a public IPv4 address per home) – if you setup port forwarding or DMZ mode on your Router then you should be able to achieve a Moderate or Open NAT type on your PS3/XBox.

The issues arise when your ISP doesn’t have enough public IPv4 addresses to give one per home – this is a situation which has been brought about by a lack of forward planning by ISPs. We knew this day was coming and if they had taken action 5 years ago, we wouldn’t be in the mess we are today. They should of forced the adoption of IPv6 many years ago as we are now fighting two battles at the same time: 1) the exhaustion of IPv4 and 2) the transition to IPv6. In an ideal world to cause the least disruption, the transition from IPv4 to IPv6 should of occurred through the use of Dual Stack where an ISP allocates each customer a public IPv4 address and an IPv6 address. You would use the IPv4 address to access legacy IPv4 services and the IPv6 address to access services which have been migrated. Once all services are available on IPv6 you remove IPv4 support.

We are where we are. If an ISP has run out of public IPv4 addresses then they will most probably deploy a technology called “Carrier Grade NAT (CGN)” or “Large Scale NAT (LSN)” or sometimes “NAT444”, which uses a public IPv4 address per group of people instead of per home. This will always result in a Strict NAT type and there isn’t really a lot you can do about it.

We will start to see more and more ISPs adopt the following model:

nat444

In this setup your home doesn’t change, but the IPv4 address that your ISP allocates to your Router does. IANA (Internet Assigned Numbers Authority) recently assigned some unallocated public IPv4 address space (RFC6598) for the use of “IPv4 Shared Address Space” – similar to private address space (RFC1918) but for use by ISPs in a Carrier Grade NAT environment. Under this setup your Router is allocated an address from 100.64.0.0/10 which isn’t allowed on the Internet – your Router will NAT your network peripherals to this address and then your ISP will NAT multiple 100.64.X.X addresses to a single public IPv4 address. This will always result in them using PAT (Port Address Translation) which will change your source port and will result in a Strict NAT type.

The disadvantage of the above approach is that it doesn’t get you any closer to IPv6 and this is where technologies like Dual Stack Lite (DS-Lite) and NAT64 come into play. These two actually assign your Router an IPv6 address, which allows you to access IPv6 services natively, but will result in extra levels of NAT for IPv4. Out of the two, DS-Lite will probably become the more popular as it provides better support for legacy IPv4 hosts within the home, but would most probably require updated Router firmware by your ISP to support.

A typical setup under DS-Lite is depicted in the diagram below:

800px-DSLite.svg_

Under DS-Lite, communication between your Router and your ISP is always via IPv6 with IPv4 services being tunneled inside IPv6. This is favoured by many as it gets you closer to the end architecture and provides the most optimal IPv6 experience. As services are migrated to IPv6 you will rely less and less on IPv4 until it can be removed leaving a clean architecture. However, during the transition, it will mean lots of Carrier Grade NAT for IPv4 where multiple users will all share the same public IPv4 address. This will result in a Strict NAT type as it is impossible for two users to use the same source port for the same public IPv4 address.

General IPv6 NAT