A little while after I got my first modem, I was told that the Internet protocol was going to be replaced by a new and much better one soon. The person explaining this didn't really know why it was better, but was certain it was going to be great and everyone would be using it soon. Almost two decades later, we're mostly still using IPv4, the same protocol that I used with my first modem.
The new protocol, now called IPv6, is now finalized and is supported by most modern operating systems, but is still not widely used. In this article, I'll look at some of the benefits it provides and how to support it in your own applications.
The Point of IPv6
The most advertised feature of IPv6 is the larger address space. If you've read anything about IPv6, then you probably know that it increases the address size from 32 bits to 128. This is more than enough for every person ever born to have a private network bigger than the current Internet. Even if everything you own (including things that don't contain any electronics) had its own IPv6 address, then you would still not be using more than a tiny fraction of the address space.
This is quite important because it can make routing easier. Routers typically connect a relatively small number of networks together. The simplest case is your home router, which connects your local network to the Internet. For every packet that it receives, it must do one of three things: drop it, forward it to the internal network, or forward it to the external network.
For a typical home network, this is quite an easy decision: If the destination address is in one of the reserved private ranges, send it inside; otherwise send it out. Big commercial routers have to make much more complex decisions. Since the mid '90s, when IPv4 addresses started to be seen as a scarce resource, they have been allocated in 8-bit ranges. This means that you may get three adjacent blocks on completely different networks. With this allocation scheme, there are 2^24 possible networks, and a router needs to be able to decide which connection along which a packet destined for any of them should be sent. 2^24 is a little less than 17 million. Fortunately, a lot of these will be simpler, so you can combine their entries, but it's still difficult to make routing decisions.
With IPv6, there are enough addresses now that every country or major network can be assigned a large range. It can then assign subranges within that to networks that it connects to, and so on. This hierarchical assignment (in theory, at least) simplifies routing decisions.
One of the major complaints about IPv6 comes from people who think NAT is security and confuse “routable” with “accessible.” With IPv4, most home users (and almost all mobile users) use network address translation (NAT). Your computer has a private IP address, and the router has a public one. Every connected port on your private IP is mapped to a port on the public IP address. This does not provide any security. Most NAT implementations also default to denying connections originating outside, while some will forward these to a designated default host.
The policy of denying externally-originating connections provides security, but that is provided by the firewall part of the router and is not intrinsic to NAT. Most non-NAT firewalls will do the same.
Just because your computer has an externally routable IPv6 address does not mean that it's accessible. The firewall device that you plug in to your Internet connection still defines the policy of who can connect. Given the number of hacks used to penetrate NATs to make things like Voice over IP work, it's surprising that anyone still thinks it adds security, but apparently some do.