Document Links

Contents Overview Technology Potential Addressing Installation Maintenance Conclusion

IPv6 Perspectives: The Next Generation of the Global Network

Overview

The networking community has recognized the need to replace the current Internet Protocol version 4 (IPv4) for a long time. Although IPv4 has emerged as "the" protocol replacing Appletalk, IPX and other potential competitors, its shortcomings increasingly limit its utility. In 1993, RFC 1453 started the examination of proposed replacements, but it wasn't until the closing months of the twentieth century that IPv6 was established as a replacement and widespread research testing began. In the intervening years, IPv4 became much more conservative with its address space and ideas that were considered key features of IPv6 like security and Quality-of-Service became available for IPv4. IPv4 will never overcome its limited address space, though, and will eventually be replaced by IPv6. This paper examines the IPv6 protocol and provides information useful for those looking to adopt the standard.

As part of the research for IPv6, MOREnet established a small test network. The network consists of a router, a nameserver, a switch and two IPv6 workstations. The workstations are exclusively IPv6, but the router and server run both the IPv6 and IPv4 protocols.

Back to top

Technology

IPv4 vs. IPv6

Address Space

The IPv4 address space is large enough to give every adult in the world his or her own IP address, yet the scarcity of IPv4 addresses has been accepted fact for years. What happened? A combination of difficulties in uniformly distributing addresses as well as address waste inherent in the protocol itself has limited IPv4's potential. IPng (IP-next generation or IPv6) was developed to alleviate the address crunch as well as provide better efficiency, security, Quality-of-Service and utility. The IPv6 address space is large enough to give everyone in the world their own subnet large enough to contain every computer in the world.

Multiple Assigned Addresses

The IPv6 address space is large enough to allow network devices to use multiple addresses. The use of secondary addresses was possible but discouraged under IPv4 in order to simplify routing and conserve address space. Many of these IPv6 secondary addresses have specific functions such as address assignments for multicast packets. Multicast is a way to minimize network traffic by sending a single packet to multiple machines. Another secondary address type allows multiple machines that provide the same function to have the same advertised address. This address type is called anycast and will be useful for distributed servers. Packets sent to an anycast address will automatically be routed to the nearest server using that address.

The most commonly used address type is called a unicast address. These addresses must be globally unique, but because workstations and routers may be attached to several networks, the IPv6 standard allows multiple unicast addresses on the same machine so that they can function directly on the multiple networks. Because machines can carry multiple addresses the renumbering (or re-addressing) of networks will be easier on IPv6 networks. On workstations, IPv6 software (sometimes called an IP stack) is built to use some of these different types of addresses to establish communication with a local router and generate its own initial address on the IPv6 network. Most workstations will not need a network administrator to assign an address when initially connected to the network or when the network is being renumbered.

Over time IPv4 network administrators found they could conserve address space by establishing firewalls and sharing addresses through NAT or DHCP. Firewalls are still useful for security, but NAT will not be needed and DHCP functions will be handled by IPv6 autoconfiguration.

Back to top

Potential

In real estate, value is location, location, location. Any piece of property can have its topology, function and ownership changed, but it can't be larger or placed somewhere else. In computer networking, value is addressing, addressing, addressing. New protocols, hardware, routing changes or Quality of Service (QoS) handling can enhance a computer network, but address size limitations have few work-arounds. It is easy to see that having 32 bit IPv4 address space and 48 bit MAC address space means that not all network-capable devices can be globally connected. This difference in address size has become unworkable in this era of everything-over-IP devices and protocols. The 128 bit IPv6 address space can incorporate a 48 bit MAC address and allow the host portion (called Interface ID) of the address to expand from 48 bits to 64 bits. The 64 bits that are not part of the Interace ID provide three bits of format information and 61 bits of routing information. Here is the current breakdown of IPv6 128 bit addresses:

Designation	FP	Top LA	Reserved	Next LA	Site LA	Interface ID
Bits	3	13	8	24	16	64
Set By	Service Provider				Site	Machine

In the table above "LA" stands for Level Aggregator. Level aggregator simply means that the designated part of the address space is designed to "aggregate" or group sets of networks. Individual machines on LANs are grouped into a routed site where each site has a unique identification (Site-Level-Aggregator or SLA) of up to 16 bits. An SLA would typically represent an enterprise network. The routed sites are grouped into WANs designated by a unique Next Level Aggregator (NLA) of up to 24 bits. This level would typically represent the intermediate Internet Service Providers (ISPs) like MOREnet. The WANs are grouped into sets designated by 13-bit Top Level Aggregators (TLAs). The TLAs are global or "Tier-1" ISPs. Each of the Level Aggregator sections can be broken out into smaller aggregations as needed. Thus, the 24-bit NLA could actually be three 8-bit hierarchical steps. The Format Prefix (FP) defines the type of packet and provides some bits for further expansion. Currently an FP of 001 designates unicast (individual machine to individual machine) packets. An FP of 001 can also designate an anycast address (which will be explained later). An FP of 111 usually designates link-local, site-local or multicast packets. An FP of 000 can designate non-IPv6 routed packets such as NSAP, IPX or IPv4. The other five Format Prefixes are currently unassigned and thus available for future expansion and definition. The Reserved bits between TLA and NLA provide for a new aggregation level or expansion of the TLA and NLA sections as needed.

Address Form

http://www.internet2.edu/resources/infosheetIPv6.pdf

Large addresses are difficult to numerically or textually present. IPv4 addresses are usually given in what is called the dotted decimal form. The IP address 207.160.1.254 is a compact form representing the binary value 11001111101000000000000111111110. IPv6 address are four times as large as IPv4 addresses and, in the near future, will likely have extensive fields of binary 0. To make them compact to write and easier to interpret, hexadecimal form was chosen rather than IPv4's decimal; the hexadecimal digits are grouped into sets of four digits separated by colons; leading zeros in each group may be omitted and one field of zero-digit groups may be represented by a double colon. Here is an example:

Binary Value:

0010000000000001000001000110100000000000100000000000000000000000
0000000000000000111100000011001000000000000000000000000011111110

Separated into groups of four binary digits:

0010 0000 0000 0001 0000 0100 0110 1000
0000 0000 1000 0000 0000 0000 0000 0000
0000 0000 0000 0000 1111 0000 0011 0010
0000 0000 0000 0000 0000 0000 1111 1110

Hexadecimal representation:

2 0 0 1 0 4 6 8 0 0 8 0 0 0 0 0 0 0 0 0 F 0 3 2 0 0 0 0 0 0 F E

Grouped by colons (sometimes called Colon-Hex notation):

2001:0468:0080:0000:0000:F032:0000:00FE

Leading zeros removed:

2001:468:80:0:0:F032:0:FE

Compact form:

2001:468:80::F032:0:FE

The double colon can be used only once in the compact form. The address above can also be written 2001:468:80:0:0:F032::FE without confusion, but 2001:468:80::F032::FE would be incorrect. The double colon can also be used at the start or end of the address such as ::DEAD:BEEF or BEEF:E::.

The compact form may also be used to denote subnets. The subnet for address 2001:468:80::F032:0:FE could be 2001:468:80::/44 which means that the network consists of all addresses which have hexadecimal 20010468008 as their first 44 bits. Subnets do not have to be on even four-bit boundaries. The subnet 2001:468:80::/43 consists of all addresses starting with 20010468008 or 20010468009. 2001:468:80::/42 denotes all addresses starting with 20010468008, 20010468009, 2001046800A or 2001046800B.

Special Addresses

Site local

Within the IPv6 specification, the FEC0:: address block is reserved for site-local addresses. These addresses can be compared with the IPv4 private network addresses like 10.0.0.0. The full form of the address keeps the SLA and interface ID parts of the address and would look like: FEC0::sla_address:interface_id. Normal IPv6 form for the address is still applied so the SLA and interface ID sections of the address are still broken into four-character pieces separated by colons.

Link local

Within the IPv6 specification the FE80:: address block is reserved for link-local addresses. Because this block is reserved and not routed, any IPv6 enabled device knows a valid address for initial connection. The address is simply FE80::their_MAC_address. Normal IPv6 form for the address is still applied so the MAC address is still broken into four-character pieces separated by colons.

Multicast

Like IPv4, the IPv6 address space has reserved an address block for multicast traffic. Unlike IPv4, the IPv6 address space is large enough for all machines to have a unique multicast address. The IPv6 multicast address starts with eight binary ones (11111111) and in simplest form is FF00::interface_id (eight binary ones, followed by 56 binary zeros, followed by the interface ID of the machine). There are provisions to use the first eight binary digits following the leading ones to encode whether the multicast address is fixed or temporary and whether it only applies to the local node, local link, site, NLA group or global scope. Instead of using the interface ID, the 112 final bits could be used to designate a multicast group ID. All machines are required to receive packets addressed to FF02::1 (fixed link-local broadcast) and all routers are required to receive packets addressed to FF02::2 (fixed link-local router broadcast). These multicast addresses substitute for local broadcasts used in IPv4.

Solicited node

The two Solicited-node addresses are a subset of multicast addresses that are used where IPv4 would use an ARP or reverse-ARP. The first address starts with FF02:0:0:0:0:1:FF and ends with last 24 bits of the machine's IPv6 address. The second solicited-node address starts with the same FF02:0:0:0:0:1:FF and ends with the last 24 bits of the interface's MAC address. Using an IPv4 ARP requires all machines on the local link to accept and process the request. In IPv6 the solicited-node address can be generated and used for an address or MAC address request, and it is unlikely that any other machine will be disturbed.

Anycast

If a unicast address is assigned to multiple interfaces, perhaps even on multiple machines, it is called an anycast address. Packets sent to an anycast address are routed to the closest interface that responds to that address. This address duplication can be convenient for providing the same service, such as Network Time Protocol, from multiple identical servers. The interface carrying an anycast address should be specifically configured for it and will generally have an additional unicast address because anycast addresses should not be used to originate a packet.

The wide variety of address types underscores one truth about IPv6. Not only will machines be allowed to use multiple addresses of multiple types but machines will be required to maintain and correctly use multiple addresses. The minimum IPv6 configuration will be one unicast address and several multicast addresses.

Problems with Large Addresses

As of December of 2002, the Tier-1 ISPs work with about 140,000 routes to IPv4 networks (see BGP Table Data at http://bgp.potaroo.net/). The larger size of the IPv6 address space can expand the number of routes beyond any current router's capacity. To keep the size of routing tables under control IPv6 routes are being forced into easily summarized groups by the TLA, NLA and SLA schemes and address allocation policies (See IPv6 Address Allocation and Assignment Policy - June, 26 2002 at http://www.arin.net/policy/ipv6_policy.html). In practice, very few blocks of addresses will be directly assigned by Internet addressing authorities. In general, a site or enterprise is required to obtain addresses from its upstream ISP. The upstream ISP is required to obtain addresses from the next level up, etc., and only the Top Level Aggregators get addresses assigned by an addressing authority. This practice allows routers at each aggregation level to represent their full address assignments as one summary entry in the routing table of the next higher level. When enterprises or intermediate ISPs switch upstream providers then they may be required to change addresses to a block assigned by the new provider. Features of the IPv6 protocol make changing address blocks easier, as shown in sections below.

As mentioned previously, a second problem with large addresses is simply the mechanics of remembering them and correctly transferring the address from interface configuration to network documentation and back. The use of hexadecimal, the double colon and dropping leading zeros can make addresses more memorable but cut-and-paste techniques, host files and DNS should be used when possible to avoid mistakes.

A unique challenge for larger address spaces is that they are easy to waste. The IPv6 address specification currently "wastes" the 16-bit difference between MAC addresses and the EUI address. Compared to IPv4 networking where an interface ID is not part of the address, IPv6 only has 64 bits of routing potential and 11 bits (FP and Reserved) are either pre-set or reserved. There is already serious discussion that the routing space is too limited to be useful long-term (http://www.ipv6.btexact.com/presentations/presentations/pw-challenges-200109.ppt). Almost every IPv6 routing strategy gives two-station router-to-router hops more address space than is currently allotted to the entire IPv4 network. Multi-homing can give hosts two or more unicast IPv6 addresses each although this is a routing issue and does not really consume the address space. Expect time and additional standardization to both reduce the available address space and also provide more efficient address usage.

Increasing the size of the addresses also forces a redesign to every database which has the address fields restricted to 32 bits or the dot-decimal format. While databases may have to change in part, the size of the addresses has the greatest impact on one structure where correct addressing is absolutely critical- the IP header. A following section details the changes in the header.

Accomodations for IPv4

The IPv6 addressing specification accommodates legacy IPv4 traffic in three ways. An IPv4 host address can be incorporated into an IPv6 address when the IPv4 host is directly attached to an IPv6 network. The IPv4 address is preceded by 80 zero bits and 16 one bits. So an IPv4 address of 150.199.8.1 can be represented by the IPv6 address 0::FFFF:96B7:80/1. The address may also be represented as ::FFFF:150.199.8.1 but this form may not be supported by all IPv6 devices. This IPv4-mapped IPv6 address allows network designers to keep isolated IPv4-only machines on an IPv6 network. This form of address represents a local IPv4 node to IPv6 nodes and is not considered a routable IPv6 address.

An IPv6 node on an IPv4 network may be given an address that is 96 zero bits followed by 32 bits of IPv4 address. Thus the IPv6 host at ::96B7:80/1 (or ::150.199.1.8) can interact with IPv4 routers and nodes on the 150.199.x.x network using an IPv4-compatible IPv6 address.

The third accommodation uses the 2002:: block of reserved addresses. These address are set aside for use in "6to4" tunneling (connecting two IPv6 networks over an IPv4 network). Routers that are the interface between IPv4 and IPv6 networks can connect to each other over an IPv4 network by using their IPv4 address as the Reserved and NLA fields in an IPv6 address. The total form of the address is 2002:32_bit_IPv4_addr:SLA:interface_ID. Note how this address incorporates both an IPv4 address and 80 bits of an IPv6 address. In practice, the router regards the IPv4 network as a TLA/NLA. Originally, an administrator would be required to know a pre-existing 2002:: address to initially create a tunnel, but RFC 3068 sets aside an anycast address for general use. Thus, if the IPv4 address is 164.113.235.201 then the 2002:: prefix is 2002:A471:EBC9::/48 and may connect to the IPv4/IPv6 gateway at 2002:c058:6301::/48.

Configuration Example:

interface Tunnel2002
 no ip address
 no ip redirects
 ipv6 address 2002:A471:EBC9::1/128
 tunnel source ATM6/0.101
 tunnel mode ipv6ip 6to4
! 
interface ATM6/0.101 point-to-point
 ip address 164.113.235.201 255.255.255.252
 atm pvc 101 188 981 aal5snap 10000 5000
 ipv6 address 2001:468:1FF:80::2/64
!
ipv6 route 2002::/16 Tunnel2002
ipv6 route ::/0 2002:C058:6301::
!

IPv4 Header

The protocol header field for IP also must change to accommodate the larger address size. The header specification for IPv4 was last set in RFC 791. The RFC proposed a header consisting of the following fields:

IPv4 Field	Size	Changes for IPv6
Version number	4 bits	Kept in IPv6, value set to 6
Header length field	4 bits	Dropped
Type of service	8 bits	Modified into Traffic Class
Total length of packet	16 bits	Modified into Payload Lenght
Identification	16 bits	Dropped
Flags	3 bits	Dropped, partly into Traffic Class
Fragment offset	13 bits	Dropped
Time to live	8 bits	Modified into Hop Limit
Protocol	8 bits	Moved to extended header
Header checksum	16 bits	Dropped
Source address	32 bits	Expanded to 128 bits
Destination address	32 bits	Expanded to 128 bits
Options and padding	varies	Possible in extended header

The IPv4 minimum header size is 20 bytes. This structure obviously will not work for IPv6 because just a source and destination address is a total of 32 bytes.

Simplified Headers in IPv6

The IPv6 header removes several little used fields of the IPv4 header and eliminates the need for another. The header is a fixed length of 40 bytes and thus doesn't need the four bit header length field. No packet fragmentation is allowed which eliminates the need for the 13-bit fragment offset and the three bits of fragmentation flags settings. Experience indicated that the header checksum was of little value so it was removed. Lack of a header checksum saves processing in routers because IPv4 required the checksum to be recomputed at every hop due to decrementing the Time to Live value.

IPv6 Field	Size	Usage
Version	4 bits	Value set to 6 to indicate IPv6
Traffic class	8 bits	Used for Quality of Service tag
Flow label	20 bits	Identify the "flow" or conversation
Payload length	16 bits	Indicates the size of the data only
Next header	8 bits	Indicates the type of following header
Hop limit	8 bits	Sets maximum number of router hops
Source address	128 bits	IPv6 address of origin
Destination address	128 bits	IPv6 address of target

Expandable Headers in IPv6

IPv4 headers can be anywhere from 20 bytes to 60 bytes long. IPv6 headers are 40 bytes. The IPv6 standard header length is fixed but it does contain a pointer to one or more extension headers before the start of the payload. The extension headers, if used, form a linked list- each extension header will point to the next one in the series. Proposed uses for the extension headers are protocol specification (TCP, UDP, etc.), source routing information, authentication, security encryption, higher level fragmentation and other options. One expansion header type requires processing by every router. It is called the hop-by-hop option header.

Fragmentation/MCU Discovery

Note that the IPv6 header does not include fields to flag fragmentation or specify an offset. IPv6 packets are not allowed to be routinely fragmented. Some network equipment may have to fragment packets (such as ATM routers/switches) but the packets must be reassembled to reenter the IPv6 network. The minimum packet size for IPv6 is 1280 bytes. Because IPv6 routers cannot fragment packets even though it is more efficient to use larger packet sizes, an MTU discovery protocol is included within the IPv6 protocol so that end stations can determine what the maximum packet size for the path.

Back to top

Addressing

Neighbor Discovery

IPv6 uses a process called neighbor discovery to find local routers, determine link parameters (like local MTU size) and facilitate address resolution and autoconfiguration as needed. The neighbor discovery protocol defines five ICMP packet types specific to the protocol. The local-link addresses and link-layer multicast addresses are used in neighbor discovery. The discovered elements are kept in a Neighbor cache similar to an ARP cache. See http://www.faqs.org/rfcs/rfc2461.html and http://www.faqs.org/rfcs/rfc3122.html for more information.

Workstations

IPv6 easily generates a globally unique address for workstations. This address uses the interface ID of the network interface card in the workstation. Under normal circumstances it is best to accept the generated address. In some cases the network administrator may wish to assign addresses that will not change with a change of interface card or machine. Some networks may not wish to use the MAC address as the interface ID because of potential security vulnerabilities (attackers can decode the type and model of interface card from the MAC address) or they may wish to establish a numbering structure to ease the DNS configuration. While the IPv6 specification allows multiple unicast addresses per workstation it is recommended that workstations not have multiple unicast address unless necessary. Eventually multi-homing will require many workstations to intelligently use multiple unicast addresses but it is best to keep the practice to a minimum. In addition the workstation will have temporary or permanent multicast addresses as needed.

Servers

In IPv4 addressing, servers are usually assigned a publicly known static address. This method is also the simplest and easiest configuration for IPv6 also but many other options are possible. Servers performing identical functions in the network may be assigned anycast addresses to match the function. Servers may also be assigned multiple unicast and multicast addresses as needed.

Dual Protocols

Most workstations, servers and other network equipment will be able to support both IPv4 and IPv6 operation at the same time. This dual protocol operation allows network administrators and designers to slowly convert from IPv4 to IPv6. Initially low-end devices may not be able to support IPv6, and eventually there will be low-end devices that will not support IPv4. These single protocol devices have their place but limit the transition between protocols. Network designers will need to determine if workstations or servers cannot support dual protocol operation before committing to a transition to IPv6.

Dual protocol operation has the potential to make network operation and troubleshooting difficult. Servers could operate in one protocol and not be able to communicate with workstations operating in the other protocol. Ensuring that IPv6 is functional in the network can be complicated because IPv6 name servers prefer doing zone transfers through IPv4. Experience with mixed IP, Appletalk and IPX environments shows the potential for confusion in dual or multi-protocol operation. However the transition can and will proceed just like many networks have slowly moved from IPX to IP networking.

Connection

Direct

As always it is best to directly connect to the IPv6 network. Direct connection ensures an address block that is stable and a place in the growing IPv6 hierarchy of networks. Direct connections are one enterprises IPv6-capable router connected by a single link to the provider's IPv6-capable router. In the IPv6 design enterprise (or site) networks should directly connect to NLA providers. NLA providers should directly connect to TLA providers. However, other connections through various switched or routed networks are possible.

Tunnels

6to4 tunneling is automatic. If a site makes a DNS request that returns a 6to4 address (addresses starting with 2002:) then the earliest possible dual protocol router will encapsulate the packet for IPv4 transit. Thus a site that consists of only one IPv6/IPv4 router as well as some IPv6 servers may wish to advertise only their 2002: addresses. Sites that have slow or circuitous IPv6 connections but fast and robust IPv4 connections may also choose to advertise only their 2002: addresses. For sites with a few IPv6/IPv4 routers, the advertised names should be customized so that the IPv4 address of the dual stack router closest to the server is used in the 2002: address. Optionally, the local IPv6 network could statically route the non-local 2002::/16 addresses to a preferred exit router for IPv4 encapsulation. Below is a Cisco configuration for an IPv6/IPv4 router taken from - http://www.cisco.com/univercd/cc/td/doc/cisintwk/intsolns/ipv6_sol/6b624tnl.htm:

interface Tunnel2002
 description 6to4 tunnel to 6bone ISP
 no ip address
 no ip redirects
 ipv6 address 2002:C0A8:6301::1/128
 tunnel source ethernet0
 tunnel mode ipv6ip 6to4
 
ipv6 route 2002::/16 Tunnel2002
ipv6 route ::/0 2002:C0A8:2101::1

The 2002:: address that results becomes the site's assigned address block. Thus using a 6to4 tunnel as well as having a directly assigned IPv6 address is dual-homing. Once established, the 6to4 tunnel end can be used by any other 6to4 tunnel end out in the IPv4 network.

Other, more established, tunneling strategies may be used for more natural and less haphazard routing. However, unless multiple tunnels are established the routing may be inefficient and prone to failure. Here is an example from a Cisco router of a tunnel to a small private IPv6 cluster:

interface Tunnel3
 description Connection to Private IPv6 Network
 no ip address
 ipv6 address 2001:1468:1FF:FE::1/64
 ipv6 enable
 tunnel source 64.13.238.109
 tunnel destination 64.13.215.18
 tunnel mode ipv6ip

Unlike 6to4 tunneling, this method of connection requires the site to negotiate a static tunnel end from another party. It is not a case of dual-homing.

Back to top

Installation

Workstations

IPv6 is available for a wide variety of workstations. Not all IPv6 installations support the full IPv6 specification so completeness and usability should be tested on each workstation type after installation. With some workstations IPv6 is an add-on, with some it is a version-change upgrade.

Windows

Windows 2000 can be upgraded to add support for IPv6. The operating system should have the latest service packs installed and installation instructions will vary by the service pack. Check the Microsoft website for download and installation instructions. As of this writing, the upgrade was labeled for research purposes and an edit of the system registry is required for the latest service packs.

For Windows users that connect by Trumpet Winsock, version 5.0 of the software supports IPv6. See http://www.trumpet.com/winsock for more information. Hitachi has released an add on for IPv6 for Windows versions 95, 98 and NT. See http://www.hitachi.co.jp/Prod/comp/network/pexv6-e.htm for more information.

Microsoft included IPv6 support for Windows XP and various CE and server releases. The latest software and service packs in these series include "production" (rather than research) releases. See http://www.microsoft.com/windowsserver2003/technologies/ipv6/default.mspx for more information.

Game Consoles

Microsoft Xbox has IPv6 integrated into the software code, and reports indicate that Sony and Cisco have worked together to develop IPv6 code for the Sony PlayStation2.

Macintosh

IPv6 support is a feature of Mac OSX v10.2. See http://www.apple.com/macosx/jaguar/morefeatures.html for details.

Linux

Linux and other Unix varieties were some of the first operating systems to include IPv6 support. Along with workstation code many distributions include code for using the workstation as a server or router. Various installations exist and support varies. See http://www.bieringer.de/linux/IPv6, http://www.linux-ipv6.org/ or http://staff.csc.fi/~psavola/ipv6/ for typical Linux installations.

Unix

Sun Solaris version 8 and above, AIX version 4.3, FreeBSD version 4 as well as others offer IPv6 support. The Unix varieties are also often used for IPv6 web service and name service. Like Linux, the Unix varieties are also noted for performing as workstations, routers and servers. Several Unix varieties may be set up for standalone workstations with 6to4 tunneling so a single workstation with an IPv4 connection can participate in the IPv6 network. See http://www.kame.net for one overview of what is available.

Routing

Routers

The differences between IPv6 and IPv4 require routers to dedicate more storage to routing and forwarding tables but in many cases the differences decrease the processing requirements. In addition the initial demand is for dual protocol routers where the operation is more complex than for single protocol IPv6 routers. The address allocation procedure gives ISPs an incentive to put IPv6 on their high-speed backbone in order to get an address block for customers. This combination of circumstances makes it likely that router manufacturers will not release IPv6 on all models at the same time. IPv6 and additional IPv6 features are likely to be released on high-end routers first, then mid-range routers, but releases may be delayed on low-end IPv6 routers. Cisco released IPv6 on the 12000-class router in IOS version 12.0(21) where most other models waited for 12.2(2).

Protocols

Because of the change in address size routing tables had to be redesigned for IPv6. Routing tables carry the information needed for a router to correctly forward a packet. IPv6 does not change the logic of routing. By address assignment practices, IPv6 simplifies routing by establishing a more hierarchical distribution of address blocks. The protocol also simplifies the determination of broadcast addresses. IPv4 had a different broadcast address per subnet; IPv6 can use a fixed set of multicast addresses for broadcast information. As of early 2003 the RIP, BGP, OPSF and IS-IS protocols are common among IPv6 routers.

Due to the hierarchical nature of IPv6, static routing is a viable alternative for many more networks than IPv4. Even in multi-homed networks the workstations may carry addresses for each upstream provider and static routing is workable. In such cases the decision of which network to use will be up to the workstation or software application. Such an arrangement, however, may result in routing that is not optimum.

RIP (Routing Information Protocol)

IPv6 has a well-developed RIP (sometimes called RIPng) based on IPv4's RIPv2. The major operational modification is that RIPng uses IPv6 packets for transport between the router multicast addresses. The same distance-vector logic applies and configuration is basically the same as for RIPv2.

BGP (Boarder Gateway Protocol)

The top-down address allocation policy of IPv4 required that BGP be the first widely used routing protocol for IPv6. The version used is multiprotocol BGPv4 (RFC 2283 and RFC 2545). Unlike other routing protocols, multiprotocol BGPv4 carries on IPv6 routing as an additional protocol type. The same BGP that handles IPv4 also handles IPv6. The same options are available and the same configuration style is used with few exceptions. Here is an example of a working BPG configuration on a Cisco router:

ipv6 unicast-routing
router bgp 2572
 no bgp default ipv4-unicast
 bgp log-neighbor-changes
 neighbor 2001:468:1FF:80::1 remote-as 11317
 !
 address-family ipv6
 neighbor 2001:468:1FF:80::1 activate
 network 2001:468:180::/43
 exit-address-family
!
ipv6 route 2001:468:180::/43 Null0
ipv6 route 2001:468:1FF:80::/64 ATM6/0.101
ipv6 route ::/0 ATM6/0.101
!

OSPF (Open Shortest Path First)

Because of their wide usage OPSF and IS-IS were the first link state protocols to be ported to IPv6. Like RIPng, OSPFv3 is an IPv6-updated version of the second version of the protocol. The changes for the IPv6 version are documented in RFC 2740. Those experienced with OSPF will find it easy to configure the new version. One primary difference is that OSPFv3 makes use of IPv6 local-link addressing and thus does not need to address individual IP subnets.

IS-IS (Intermediate System to Intermediate System)

IS-IS is an ISO (ISO 10589) standard while IPv6 is an IETF standard. The difference in standards organizations makes documentation on running IPv6 with IS-IS routing hard to find. Currently, there is a draft of the IPv6/IS-IS interaction at http://www.ietf.org/internet-drafts/draft-ietf-isis-ipv6-04.txt. The difficulties in standards, however, have not slowed implementation by router manufacturers. Some vendors have more mature IPv6 IS-IS support than IPv6 OSPF support. As with RIPng and OSPFv3, those experienced with IS-IS configuration will find it easy to configure the new version. Check with the router manufacturer for details on their specific implementation with configuration examples.

Connection

DNS

The size and new format for IPv6 addresses will require changes to databases that track addresses. One key database/protocol that must adapt quickly is the DNS. Name servers simply cannot handle the new addresses in the same way that they handle IPv4 addresses. IPv6 extensions must be made to DNS servers. The new address type has required a new "direct" record type - the "AAAA", often called quad-A, record. The new record type looks very similar to the old direct record. Here are a couple of examples of AAAA records:

rtr	IN	AAAA	2001:0468:0180:0001:0000:0000:0000:ffff
dns	IN	AAAA	2001:0468:0180:0001:0000:0000:0000:fffe

Note that the compact form of the address is not used; every zero must be shown.

The reverse mapping shares the same format as the old IPv4 PTR record. While the records look the same, the new form must only be used with DNS versions that support IPv6 addressing. Here is an example of an IPv6 PTR record:

$ORIGIN 1.0.0.0.0.8.1.0.8.6.4.0.1.0.0.2.ip6.int.
f.f.f.f.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR  rtr.ipv6.more.net.
e.f.f.f.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR  dns.ipv6.more.net.

Again, the compact form is not used. In this case the reverse address must be spelled out with "nibbles" (four bit segments) in hexadecimal separated by periods. The zone records for the reverse addresses also are given in the same form:

zone "1.0.0.0.0.8.1.0.8.6.4.0.1.0.0.2.ip6.int"

Zones are required to break on a nibble boundary for IPv6 just like they are required to break on a byte boundary for IPv4.

As noted earlier, good DNS configuration is needed to avoid transcription mistakes. DNS best practices will continue to stress the concept of configuring the address once only and using symbolic names to represent the address other places in the configuration and throughout the network.

Dual Protocol

A particular challenge to name servers will be the requirement to act appropriately in a dual protocol environment. For the near future the DNS machines will be a single repository for both IPv4 and IPv6 addresses and will respond appropriately to requests from either network. Up to date DNS software has been shown to do a good job of handling the dual protocol demands, but it is still good practice to make changes slowly, deliberately and verify changes by direct testing. In accord with the slow, deliberate transition, zone transfers between name servers should be conducted over the IPv4 network, if possible.

Back to top

Maintenance

If anything is holding up the adoption of IPv6 it is the availability of network management and maintenance tools. Workstation software generally comes with IPv6 versions of Ping and Traceroute and can do name lookups. The popular graphing software MRTG can collect the status of physical ports independent of IP version on IPv4/IPv6 dual stack routers. But activity and protocol analysis software for IPv6 is lagging behind. Some national and international ISPs have converted to dual stack backbones to make IPv6 networks available, especially in Europe and Asia. Network administrators should check the availability of IPv6 versions of their common tools in order to determine whether they can manage and maintain an IPv6 network. Most tools designed for maintaining the physical or link layers of the OSI model will work with both IPv4 and IPv6 but analysis at higher layers may fail. Because of multicasting and multiple addresses, even the typical traffic on an IPv6 network may not be what a tool designed for IPv4 would expect.

Back to top

Conclusion

IPv6 is available now and parts of Europe and Asia have production networks using the protocol. As a whole, North America has not had critical IP address shortages and, as a result, has not established production IPv6 networks. This situation is likely to change in the next two to ten years. Many of the benefits originally proposed for IPv6 such as security (IPsec) and autoconfiguration have worked their way into IPv4. But eventually, the inherent address space limitation in IPv4 and the benefits that remain part of the IPv6 standard will lure networkers into adopting the new protocol. Older networking equipment and tools will not be able to make the transition and there will be great deal of confusion about what services will be available during the transition. This paper has presented some IPv6 perspectives to consider as we get ready enter the next generation of the global network.

Back to top