Some IPv6 RFCs:

  • 2492 - IPv6 over ATM Networks
  • 2467, 2019 - Transmission of IPv6 Packets over FDDI Networks
  • 2491 - IPv6 over NBMA Networks
  • 2466, 2465 - MIB for IPv6: ICMPv6 Group
  • 2454 - IPv6 MIB for UDP
  • 2452 - IPv6 MIB for TCP
  • 2375 - IPv6 Multicast Address Assignments
  • 1886 - DNS Extensions to support IPv6
  • 1682 - IPng BSD Host Implementation Analysis
  • 1683 - Multiprotocol Interoperability in IPng

The main feature of IPv6 is its extensibility. The current IP system will run out of addresses very soon, but IPv6 has so many combinations, it can support a few billion IP numbers per square meter of ground on the Earth.

IPv6, or Internet Protocol Next Generation (IPng), is the next protocol to be used for the Internet. The most noticeable, and widely touted, aspect of IPv6 is its huge address space compared to IPv4 (128 bits vs 32 bits); I'll go into the 32 vs 128 bit addressing in the second part of the writeup, since it's a bit detailed.

Along with a lot more addresses, IPv6 offers three new features over IPv4. One is security, through IPsec. Although IPv4 can use IPsec, it's not integrated, and not all machines will have it; IPsec will be a built-in part of IPv6. The two biggest features of IPsec are authentication and encryption. Authentication makes IP spoofing impossible, so that you can be sure which particular machine any piece of Internet traffic comes from; currently, IP spoofing allows attackers to hide where they are coming from, so that the source of an attack can't be found. Of course, an attacker could turn off the authentication of IPv6, but other people are free to reject Internet traffic that isn't authenticated.

The encryption part of IPv6 integrates encryption at the transport layer. Of course, it's currently possible to use encryption during communications, through the use of things like SSL, SSH, and VPNs. However, universal IPsec will make it easy for anything to use encryption on the net, without having to use anything special like SSL.

The second new feature is automatic configuration. With automatic configuration, you'll be able to plug your Internet aware refrigerator into the household net, and *blam*, it'll be on the Internet, without having to diddle with the refrigerator at all; automatic configuration is part and parcel of IPv6, so you don't have to have any sort of administration server to take care of things. This means that even the most technophobic person will be able to get their computers, refrigerators and toasters on the net without any problem.

Automatic configuration is also useful in a business setting. Let's say that a business wants to switch ISPs, which means that it's going to be getting a whole new set of IP addresses. Right now, this would entail a big pain since you'd have to reconfigure all of your computers to use the new settings. But with IPv6's autoconfiguration, the network will reconfigure itself to the new ISP without any effort.

The third new feature is QoS, or Quality of Service. This will let you tell the net how good a connection you need for each connection. For instance, if you're downloading a huge file, you can tell it low quality is OK; if part of the transmission gets messed up due to low quality, it'll take 5 minutes to download instead of 4, which is no big deal. But if you're doing voice over the Internet, you don't want any glitches or interruptions, so you tell it to use a high quality connection. QoS will make audio and video conferencing over the Net much more reliable.


IPv6 vs IPv4 addressing

Even with the 4 billion IP addresses provided by its 32 bits, IPv4 is slowly running out of room. Of course, things aren't as dire as people sometimes claim they are, because this shortage is staved off by two things. One is dynamically allocating IP addresses (DHCP); if you have 100 computers, but only 10 of them will be on at any one time, you can just pass around the same IP address from one machine to another. The other is NAT, or Network Address Translation. With NAT, you can have 100 ordinary machines sitting behind one machine that's physically connected to the outside world, and that does the NAT; outgoing connections get mucked with so that they all have (from the point of view of the outside world) the same IP address, and then they get translated back into internal addresses on the return trip.

There are two problems with this. One is that a computer that uses dynamic address allocation or NAT can't accept incoming connections, like for Internet telephony. The other problem is that, if you want every toaster and refrigerator to have an IP address, 4 billion addresses just isn't going to be enough, no matter what you do with it.

Of course, there's still the question of how long 128 bits are going to last us. To figure this out, we'll have to look at the structure of the IPv6 address.

So let's look at the structure of an IPv6 address:

  3    13    32 bits    16 bits              64 bits
+---+-----+-----------+---------+----------------------------+
|011| TLA |    NLA    |   SLA   |        Interface ID        |
+---+-----+-----------+---------+----------------------------+

The first three bits is for the type of service, so there's really only 61 bits for all the different addresses. Next comes the 13 bit TLA address, or Top Level Aggregator. A TLA is a company/entity that provides long distance (long haul) Internet connectivity; examples of TLAs would be UUNET, Sprint and MCI. TLA addresses would be parceled out by both company and geographic area, so there'd be, say, one for UUNET California and another for MCI California. 13 bits provides for around 8,000 TLA addresses, and since there don't need to be that many entities providing long haul data service, this will suffice for a long time.

After the TLA address comes the NLA address, or Next Level Aggregator. If UUNET were selling long haul service to a small, local ISP, it would give one NLA address to that ISP. MCI, which sells Internet connections directly, would give NLA addresses to its various local facilities. The NLA address is 32 bits, as large as the current IPv4 address, and each TLA has its very own NLA address space, so there's no danger of running out.

After the NLA address comes the SLA address, or Site Level Aggregator. The SLA is 16 bits long, so if, say, that small ISP has only one NLA, it will have about 64,000 SLA's to dole out among its customers. Larger ISPs will have multiple NLAs in any single geographic area. An individual SLA would be given out to an individual physical site.

After the SLA comes 64 bites of address information. This means that each individual physical site can use up to 64 bits worth of IP addresses. For example, MIT would get a single SLA address, and then on its campus have 16 billion billion (16 quintillion) different things connected to the Internet; every single refrigerator, toaster and light-bulb on the MIT campus could have its own address, and they wouldn't be close to running out. And above the Interface ID part of the address, there's 61 bits worth of higher-level addresses, so there can be up to 2 billion billion different physical sites, with each site having up to 16 billion billion different IP addresses. So, something majorly wrong or weird would have to happen for us to run out of IP address anytime within the next century with this scheme.


Some good sources of info for IPv6 are:

  • http://www.stardust.com/ipv6/documents/v6tech.htm
  • http://www.ipv6forum.com/
  • http://www.ipv6.org/
IPv6, the next-generation of IP addressing and its more relaxed side of things -

The second (actually third, read below) low-level protocol in existence to permit funny address-schemes unmeaningly. The other two are "Ethernet-addresses" a.k.a. MAC-addresses and the ridiculous IPv8-addresses introduced by a bizarre (although assumably serious) poster on the IPv6-users mailing-list.

How these addresses are funny, can be described as follows. Both, MAC and IPv6-addresses utilize a hex-base for normal pointers to end-sites (as opposed to decimal-base and "127.0.0.1" in IPv4).

Effectively "3ffe:8000:beef:dead:babe::0" is a completely logical address that could be seen being transmitted on the hardware-level. And! With all luck, such an address will even pop up at some point in your local neighbourhood. With a completely made-up ratio of 1:2, it's actually more likely than winning a medium-size lottery.

Internet2 overview

Introduction to the Internet2
Since the dawn of the “new age” internet, known as Internet2, several universities and government associations have begun using this as an alternate, high-speed method of data communication across the country and worldwide. Where as the more widely used version of internet that is easily accessible to the public uses the IPv4(Internet Protocol version4) standard, the Internet2 uses a more advanced protocol, IPv6(Internet Protocol version6). IPv6 was created by Steve Deering and Craig Mudge who were employees at XEROX. This protocol was the adopted by the IETF(Internet Engineering Task Force) and soon became the known standard for the Internet2.

The internet2 is expected to become the international standard of internet use in the future. As of now it only accounts for a small percentage of the actual internet use in the world. Since the Internet2 is known as a dual stack layered protocol, until the full transition of internet2, this technique allows for users using IPv6 to access information that is still based on the IPv4 technology. The benefits and technologies used by Internet2 far surpass IPv4’s current architecture and the following sections will describe in more detail, exactly how the IPv6 and Internet2 works.

General structure of the Internet2
The actual physical structure of the Internet2 is not all the different from that of the current internet. There is the user end computer which connects through a router which links to an IPv6 gateway and is then forwarded to the GigaPOP (Internet2’s high-speed Point-of-Presence). From here packets are pushed onto the Abilene backbone which is the high-speed fiber connection (10 Gbps) that links all Internet2 facilities together. IPv6 utilizes multicasting as a standard way of making information travel more quickly across the network. Multicasting is a protocol for efficiently sending data to multiple receivers at the same time on TCP/IP networks.

IPv6 Advantages
The primary benefit that IPv6 offers over IPv4 is its extensive capabilities in addressing. Where IPv4 supports up to 4.3 billion addresses, IPv6 can support an astounding 50 octillion address (5×10^28 ). This is capable through the use of using a 128bit long address which not only supports more addresses but makes administration easier and avoids fragmentation of the address space, which in turn leads to smaller routing tables; IPv4 uses only a 32bit long address.

Another advantage is the use of stateless auto-configuration of hosts, which alleviates some network overhead that would be seen on an IPv4 network. When a host first connects to the network, it sends a link-local multicast request for its configuration parameters. The local router will then respond with a router advertisement packet which relays Global prefixes to the host. The host receives this information and then creates an address based on the remainder of the 128bit IPv6 address received and its own MAC address.

The use of jumbograms in IPv6 is also a great advantage over IPv4. A jumbogram is packet that is much larger than that usually used by the specified technology. Since IPv6 uses a much larger addressing method along with higher speed bandwidth, it only made sense to make packet sizes much larger for increased network efficiency. A typical IPv4 packet consists of frames up to 1500 octets, IPv6 jumbograms allow for at least 9600 octets in its frames which allow for much larger packet transmissions. In turn, it optimizes the capacity of a 10 Gbps backbone with very little overhead than when trying to use larger packets on an IPv4 structure; IPv6 creates the best solution for highly-congested network patterns.

IPv6 addressing and Packets
The IPv6 packet consists of a header and payload. The header is in the first 40 octets of the packet and contains both the source and destination addresses. This is then followed by the 4-bit IP version, the 8-bit traffic class, the 20-bit flow label, the 16-bit payload length, and the 8-bit next header and hop limit. This allows for the total payload to have at least 64Kb or more using jumbograms.

In order to forward packets, there needs to be some sort of organization of addressing. In IPv6 these addresses are written as eight sets of four hexadecimal digits. A valid IPv6 address may look like the following:
2001:0db8:85a3:08d3:1319:8a2e:0370:7334. The advantage to this method is that if there is a set in which all 4 digits are 0, that set may be omitted to shorten the address. For instance an address such as 2001:0db8:85a3:0000:0000:0000:0000:7334, may be re-written as the address 2001:0db8:85a3::7334, they are both valid and equivalent addresses. The use of the double colon indicates that the address had been shortened; leading zeros from a set may also be omitted (e.g 032a = 32a).

IPv6 Security
In this growing age of global data communications, the key ingredient to it’s success has been the implementation and design of some of the most sophisticated security systems and software. The main method of security for IPv6 is similar to that of IPv4 using IPsec (IP Security) with ICMPv6 (Internet Control Message Protocol), the underlying idea is that both end systems use the same type of ‘key’ to decrypt the coded messages sent back and forth. One of the main issues that is being seen in regards to IPv6 security is using it as a method of breaking into IPv4 enabled networks. What an attacker could do is enter to a network that supports IPv6 and then enable tunneling through that yet still use the IPv4 interface; this is known as a tunneling attack. Now since the rest of the network is operating on IPv4, everything the attacker does is encrypted in a matter that a Network Security Administrator would not be able to stop and the attacker would get away completely free with what he/she wishes.

Several secure measures are being undertaken to prevent attacks. The main methods that are currently being taken to prevent the tunneling attack are to only allow authorized endpoints to establish tunnels, enabling less scalable but more secure static tunnels, and not allow all workstations with tunneling to enable automatic tunneling as it can be susceptible to packet forgery. The use of current IPv4 network scanning technologies and virus protection methods are being practiced on IPv6 networks as well. There are however some significant differences in viruses between to the protocols which calls for extensive research and updates to ensure that new vulnerabilities in the IPv6 infrastructure, don’t last for long.

Transition between IPv4 and IPv6
Plans for the initial transition to IPv6 are currently underway, but the process itself is lengthy and the world will probably not see a complete transition for many years to come. The three main methods that are used in this process are network tunneling, translation, and dual-stack support. The idea of network tunneling is to allow a type of remote connection to an IPv4 network from an IPv6 network and vice versa. The primary method behind the scenes is that a ‘smart’ router picks up the IPv6 packet and removes the IPv6 type header and replaces it with an IPv4 header using the protocol number 41, and forwards the packet to its destination network.

Another method to be used is the dual-stack approach, the most common tactic utilized. Dual-stacking means that a router or server can support both IPv4 and IPv6. The device will receive incoming packets and check to see which protocol version the packet is running. Based upon that initial information, the device can properly process the packet and forward it on to its destination in the correct protocol type. Using this method however requires the use of much of the devices resources which can cause some slight overhead to the network.

The final method is network translation, a more efficient and straight to the point type of system. The underlying idea is to install some sort of gateway device between the two different types of networks. The gateway can be a device that translates IPv4 and IPv6 addresses and protocols; a process known as Network Address Translation - Protocol Translation (NAT-PT). A good example of such a device would be a dual-stack application-layer proxy, like a web proxy server. The major problem with this method however is the NAT-PT device serves as a single point of failure to disrupt the entire system.

The Abilene Backbone
The term backbone in laments simply means the supporting structure of an object or a life form. In this case, Abilene is the supporting structure for the communication purposes of the Internet2. Abilene is a vast array of Giga-bit linked fiber optic connections linking Internet2 networks from different cities across the nation with speeds of 10 Gbps; the fastest of which being the starlight exchange point operating and 2x10Gbps. Abilene is also set up in a dual-stack for support with IPv4 as well.

The ultimate goal is to have the Abilene network reach to every city in America and eventually do away with the current internet infrastructure; which isn’t expected to happen for at least another 10 years. Abilene currently has 32 peers as well as 17 connectors that utilize this highly sophisticated networking system. There are some issues related to the last-mile connections using IPv6 including those of application server time-outs, protocols not supporting IPv6, hardware not supporting IPv6, and the assurance that security is not breached.

The structure and layout of Abilene is very complex and requires constant monitoring and testing of new technologies to be deployed. The backbone itself is monitored 24/7 by the Abilene NOC(Network Operations Center) at the University of Indiana. Research and testing technology for deployment occurs at the ITECs(Internet2 Technology Evaluation Center) which are stationed in Ohio, North Carolina, and California. These facilities are operated to ensure the needs and requirements for the Internet2 are met; currently in North Carolina they are testing aspects of the IPv6 multi-casting technique for full functionality.

Log in or registerto write something here or to contact authors.