Internet Protocol version 4 the fourth iteration of the Internet Protocol (IP), is one of standard internetwork-layer protocol used and the first version of the protocol to be widely deployed on the Internet. Going through the history during the early 1990s, it was clear that IPv4 was not a long-term protocol.
Its design did not anticipate a number of requirements that turned out to be crucial. Such requirements not only pertained to the proliferation of devices, but also the need for additional security, simpler configuration and better prioritization of some services, such as real-time services (often referred to as Quality of Service issues). IPv6
The deployment of a new architecture becomes a need as well as a necessity. The transition to IPv6 holds the future of the internet infrastructure. IPV6 ! the protocol is a robust technology designed as a successor to IP version 4 (IPv4), the predominant protocol in use today. The changes from IPv4 to IPv6 are primarily in the areas of expanded addressing capabilities; header format simplification; improved support for extensions and options; flow labeling capability; and consolidated authentication and privacy capabilities.
The kind of communication that will be enabled by the advent of IPv6 will be particularly useful in the embedded systems arena, as millions of new devices take advantage of Internet connectivity. Although IPv6 has been around for several years, there continues to be a debate about its value. But there are many ways in which IPv4 is not working, and there are good amount of reasons why the migration of IPv6 is not only desirable, but necessary.Some of the areas include reducing address space , Internet Security, Quality of Service, auto configuration, wireless, Wimax the list are endless.
One of the important aspects of implementation IPv6 is that it will remove any concern about the limitation of IP addresses. IPv6 uses 128-bit addresses, versus the 32-bit addresses used by IPv4. Compared to the total possible number of IPv4 addresses, 4.29 billion, IPv6 provides nearly 600 quadrillion addresses for every square millimeter on earth. That’s 6×1023 addresses for every square meter of the earth’s surface.
When each device has its own unique global IP address and NAT is no longer necessary, peer-to-peer communication will become much easier. Two devices will be able to establish direct communication without the need to translate between global and private addresses. Two-way applications such as IP telephony, video conferencing and gaming will be much simpler to develop. Routing tables will become far less complex, which will enable higher performance for Internet traffic and more bandwidth for additional communication.
The elimination of NAT, the enabling of peer-to-peer communication, the emergence of numerous new applications and the connection of billions of new devices are all advantages associated with IPv6. Yet such advantages raise serious questions about security: will tomorrow’s Internet, with so many more individuals and devices communicating, be a safer place to be with….The answer is it will be far much safer! The reason is IPv6 comes with its own security protocol, IPsec.
Standardized by the Internet Engineering Task Force (IETF) for IPv6, IPsec is optional for IPv4 systems but mandatory for IPv6-specified systems. The security offered by IPsec comes into play at the IP layer of the TCP/IP stack. Therefore, because IPsec is applied at such a deep or “low” level, there is inherent protection for all higher-level protocols, such as TCP, http, proprietary application protocols, etc. IPsec provides several security services, including encryption, authentication, integrity and replay protection. In addition, IPsec allows the encryption of only particular application protocols while others are simply authenticated. Furthermore, one can also specify that communication toward specific IP addresses will be protected, whereas unprotected communication can be used for other destination IP addresses.
The flexibility and transparency of the IPsec protocol makes it possible to tailor a security configuration for every need. Yet certain aspects of IPsec, such as using an Authentication Header and the Internet Key Exchange (IKE), are incompatible with NAT—another reason to move toward IPv6 and reduce (eventually eliminate) the use of NAT gateways. Let’s go ahead and analyse this a little bit more, IPsec encrypts each individual packet, so it can be applied to all IP traffic, unlike the widely used SSL, which only works on top of TCP.
In IPv6, IPSec is implemented using the AH authentication header and the ESP extension header. The authentication header provides integrity and authentication of the source. It also provides optional protection against replayed packets. The authentication header protects the integrity of most of the IP header fields and authenticates the source through a signature-based algorithm. The ESP header provides confidentiality, authentication of the source, connectionless integrity of the inner packet, antireplay, and limited traffic flow confidentiality.
The Internet Key Exchange (IKE) protocol is a key management protocol standard that is used in conjunction with IPSec.IPSec can be configured without IKE, but IKE enhances IPSec by providing additional features, flexibility, and ease of configuration for the IPSec standard.IKE is a hybrid protocol that implements the Oakley key exchange and Skeme key exchange inside the Internet Security Association Key Management Protocol (ISAKMP) framework. (ISAKMP, Oakley, and Skeme are security protocols implemented by IKE.)This functionality is similar to the security gateway model using IPv4 IPSec protection.
IPv6 IPSec Site-to-Site Protection using Virtual Tunnel Interface
The IPSec virtual tunnel interface (VTI) provides site-to-site IPv6 crypto protection of IPv6 traffic. Native IPv6 IPSec encapsulation is used to protect all types of IPv6 unicast and multicast traffic. The IPSec VTI allows IPv6 routers to work as security gateways, establish IPSec tunnels between other security gateway routers, and provide crypto IPSec protection for traffic from internal networks when it is sent across the public IPv6 Internet .This functionality is similar to the security gateway model using IPv4 IPSec protection.
Enhanced Quality of Service
Another new breakthrough and advancement is in Quality of Service. Tomorrow’s Internet will carry real-time traffic such as voice and video in addition to the multiple uses it serves today. IPv6 addresses the technical issues necessary to allow enough bandwidth for different applications and services, including voice and video. This capability, called quality of service (QoS), allows IPv6 routers to recognize certain types of traffic and give each type a specific amount of the available bandwidth. In this model, real-time traffic will command a higher priority than all other traffic. This addresses the quality of service issue for voice and video, ensuring that these services are relegated to highest-bandwidth networks in a manner that isn’t possible with IPv4. Unlike Y2K, IPv6 does not impose a specific deadline. Rather, IPv6 was designed to have a gradual, and therefore not disruptive, implementation.
Stateless Auto Configuration
This is an interesting aspect of IPv6.Although in most regards, IPv6 is still IP and works pretty much the same as IPv4, the new protocol departs from IPv4 in some ways. With IPv4, you need a DHCP server to tell you your address if you don’t want to resort to manual configuration. This works very well if there’s a single DHCP server, but not so much when there’s more than one and they supply conflicting information. It can also be hard to get a system to have the same address across reboots with DHCP.
With IPv6, DHCP is largely unnecessary because of stateless autoconfiguration. This is a mechanism whereby routers send out “router advertisements” (RAs) that contain the upper 64 bits of an IPv6 address, and hosts generate the lower 64 bits themselves in order to form a complete address. Traditionally, the bottom 64 bits of an IPv6 address are generated from a MAC address by flipping a bit and adding the bits ff:fe in the middle. So the Ethernet MAC address 00:0a:95:f5:24:6e results in 20a:95ff:fef5:246e as the lower 64 bits of an IPv6 address, called the “interface identifier” in IPv6 parlance.
This way, if all the routers send out the same prefix for the upper 64 bits, the host will always configure the same IPv6 address for itself. No configuration is required, either on the host or a DHCP server. Alternatively, a host may generate its IPv6 address using a random number so its MAC address remains hidden from the rest of the Internet. Windows uses this type of addresses for outgoing sessions to aid privacy. Other operating systems can also generate these temporary addresses (a new one is generated every 24 hours) but don’t do so by default. When a router sends out several address prefixes, or several routers send out different address prefixes, hosts simply create addresses from each of those prefixes. Routers can make the hosts connected to them renumber their IPv6 addresses by removing the old prefix and advertising a new one. When done right, this is completely seamless.
IPv6 & the Future of Home Networking
When IPv6 takes off, we’ll probably see a new class of home firewall products that allow more granular blocking of services and devices in a home IPv6 network than either block incoming sessions or allow everything, like we have in today’s first IPv6 home routers. The abundance of address space also makes it possible to have separate subnetworks for different purposes, which will be helpful as more and more devices connect to the network. And we still have a lot to look forward to: the IETF is currently working on mobility and multihoming extensions to IPv6. Mobility means moving from one network to another while keeping the same IP address. So a VoIP call could start on your home network, continue over wireless service and then finish at work. Multihoming means connecting to more than one ISP at the same time, so that when one fails, communication sessions automatically move over to the other.
IPv6 Migration and establishment of a Global Alliance
The deployment of IPv6 is the most trickiest part,as the entire internet infrastructure in place predominantly relies on the IPv4.IETF came up with a number of transition techniques to deploy the new infrastructure.Most important of them were the dual stack and tunneling. Since IPv6 is a extension of IPv4, it is relatively easy to write a network stack that supports both IPv4 and IPv6 while sharing most of the code, this concept is called Dual Stack. Tunneling means that when IPv6 packets must cross part of the network that only supports IPv4, the IPv6 packets encapsulated inside IPv4 packets, transmitted across the IPv4-only part of the network, and then the IPv4 part is stripped and the packets continue on their way over IPv6.
There are several tunneling techniques, but the most common ones are “manual” IPv6 in IP tunnels where the exact path of the tunneled IPv6 packets is set through manual configuration, and 6to4 automatic tunneling.In 6to4, a host or router can create a range of IPv6 addresses from its IPv4 address. 6to4 addresses are easily recognizable because they always start with 2002. Because every 6to4-derived IPv6 address maps to an IPv4 address, it’s easy for a system that understands 6to4 to tunnel the IPv6 packets to the right place over IPv4. Gateways make it possible for native IPv6 systems to communicate with 6to4 systems. 6to4 is easier to use because it doesn’t require any configuration, and has the added bonus that it comes with built-in IPv6 address space. However, only public IPv4 addresses can be used for 6to4, so hosts behind NAT can’t do 6to4 tunneling, and another limitation is the dependence on public gateways, which makes 6to4 slower and less reliable than other forms of IPv6 connectivity.
Systems with IPv6 connectivity decide whether to use IPv4 or IPv6 to reach a destination by consulting the DNS servers. Communication over the Internet requires addresses, but we generally work with domain names. The DNS takes care of the difference by having one or more A (address) records that contain an IPv4 address associated with a given name. If a system also has an IPv6 address, this is added to the DNS with an AAAA (quad-A) record. Hosts that only have IPv4 connectivity ignore the AAAA records, but dual stack hosts ask the DNS for both the A and AAAA records.
They will then generally prefer to connect to a destination over IPv6 if possible, and use IPv4 if there’s no AAAA record in the DNS or connecting over IPv6 doesn’t work. Another key element in all of this is the evolution of a global standard of some kind to enable, equipment manufacturers, component manufacturers, software developers and service level companies to work together. The objective of this standard is to drive the development and establishment of IP infrastructure. There have been other attempts to craft a standard; X10 was one such attempt. A new alliance has emerged to control and enable the creation of such a standard. This alliance is called the Zigbee Alliance; a verbatim piece from the Zigbee Alliance web site says:
“The goal of the ZigBee Alliance is to provide the consumer with ultimate flexibility, mobility, and ease of use by building wireless intelligence and capabilities into every day devices. ZigBee technology will be embedded in a wide range of products and applications across consumer, commercial, industrial and government markets worldwide. For the first time, companies will have a standards-based wireless platform optimized for the unique needs of remote monitoring and control applications, including simplicity, reliability, low-cost and low-power.”
Revolution in China and Japan
IPv6 is rapidly gaining momentum in many countries especially China and Japan, Projects are already taking place that rely on IPv6 technology and its ability to let devices keep their addresses as they travel from network to network.
China’s Next Generation Internet project, or CNGI, a five year plan initiated by the Chinese government with the purpose of gaining a significant position in cyberspace through the early adoption of IPv6. China has more high-speed Internet users than it does IP addresses. With the implementation of IPv6, China hopes to avoid this situation and to get a head start in relation to the rest of the world.
China plans to showcase their new CNGI and their new IPv6 networking at the 2008 Olympics in Beijing. Everything from the security cameras to the taxis to the cameras filming the Olympic events will be networked via IPv6; the events will be streamed live over the Internet while the networked cars will be able to grasp the traffic situation more readily.
- Move data at around 100 times current Internet speeds.
- Support online streaming video at unprecented levels.
- Allow the over 160 various departments and institutions on CERNET2 to set up experimental labs and conduct research into new applications that we may not have seen before.
- Position Chinese router companies like ZTE and Huawei in the forefront of producing 10-Gigabit core routers for IPv6 infra around the world. IPv4 system routers are what have made the fortunes of companies like Cisco and Juniper Networks.
- Drive new technology deals and innovations. For example, British company Spirent Communications was chosen by the Chinese as a provider of test solutions for the new routers.
- Allow China to develop new standards for the Internet Engineering Task Force (IETF), which develops and promotes Internet standards. The Chinese are hoping their standards will significantly shape the development of IPv6. China has already prepared a number of standards for the IETF.
- Position Chinese science and technology as a force to be reckoned with. It’s already (and rightfully so) a source of great pride to Chinese. As Cui Yong, assistant professor in the computer science department at Qinghua University, says in the Internet Society article: “We want to let [the IETF] see that Chinese technology indeed has a great deal of innovation and excellence, and irreplaceability, which will play a large role in furthering the progress of the global next generation Internet. At the last meeting when a[n IETF] Vice Director asked the 200 participants for their opinions on the blueprint that we have provided, the blueprint received widespread support. I have a vivid memory of the excitement and encouragement in the room.”
- Be unveiled at the 2008 Beijing Olympics, which will provide the world’s biggest marketing platform, letting foreign media and tourists experience IPv6 themselves.
- Support an infinite number of IP addresses, providing the platform for what many call The Internet of Things — a world in which objects have their own IP addresses and can share data.
Japan is also investing in the future of internet IPv6, One such project is going on in Yokohama, outside Tokyo. Around 300 vehicles in the city, such as taxis, service trucks and public buses, have been continuously connected to the Internet. The project is demonstrating “real world” networking — something that differs from cyberspace because users are able to connect through the network to devices that exist in their real space and not just out on the network.
The Yokohama trials allow users to monitor the traffic conditions by detecting their car’s speed, road conditions by how many times they used the anti-lock brake system and the weather by the movement of windshield wipers. This experiment using 300 internet cars was a big move. Without IPv6, and its much larger address space, giving each car its own unique address would not have been possible. The emergence of commercial switches and routers for IPv6 has started gaining and also that consumer electronics makers have started paying attention to the potential of networked products.
One such example is Toshiba Corp.’s “Smart Kitchen”. The concept is to connect all home appliances to the network. The company demonstrated a prototype IPv6 refrigerator and showed what household devices can do when each of them has an individual IP address. With such a refrigerator, a consumer can decide what to buy at the supermarket by looking at the refrigerator’s contents remotely using a cell phone connected to the Internet, according to the company. Each device, such as a microwave or an air conditioner, has a separate set of potential applications. When a customer requests maintenance, customer service engineers can detect what is wrong with a product via the Internet. If the fault is minor, it may even be possible to correct it over the Internet, removing the need for a house visit. When the concept such as Toshiba’s “Smart Kitchen” becomes the mainstream in Japan’s households, it will be the era of IPv6.
Although IPv6 age has not yet completely materlised, but the hardwork behind it has started paying off. It’s now showing up in more and more places, so you may actually run into it one of these days. We were accustomed to connecting desktops to the Internet. Now we will see embedded systems taking advantage of the Internet in innovative ways. By removing the limitation of IP addresses, IPv6 will enable a large number of devices and applications to benefit from the Internet. Many embedded systems will now have their own IP addresses, thus eliminating the need for NAT. This will enable direct peer-to-peer communication, unprecedented security with IPsec, Quality of Service, seamless connectivity and auto configuration. These developments would take the future of IPv6 and the internet beyond the boundaries.