There have been several calls to action for organisations to plan actively for the widespread deployment of the new version of the basic Internet Protocol, IPv6, which is designed to supplement and eventually replace the 25-year-old IPv4 protocol. The Internet Society strongly supports such calls for action.
If deployment is delayed, the future growth and global connectivity of the Internet will be negatively impacted. The information below is intended to assist in answering some of the frequently asked questions associated with exhaustion of the IPv4 address pool and the adoption of IPv6.
This list of FAQs is intended to be a “living document.” It will continue to be updated and expanded.
- Is the Internet about to run out of IP address numbers?
- What is IPv6?
- Who created IPv6 and how long has IPv6 been available? Is it new?
- What happened to IPv5?
- How does IPv6 solve the problem of IPv4 address exhaustion?
- What happens when IPv4 address pool is finally depleted?
- When will IPv4 addresses actually run out?
- What’s the difference between IPv4 and IPv6? Will users be able to tell the difference?
- Are there other advantages to IPv6 besides increased address space?
- I've heard some people say IPv6 is more secure than IPv4, while others say it is less secure than IPv4. What is this about?
- Is IPv6 ready for deployment now?
- So why has it taken so long for IPv6 to be implemented?
- Has IPv6 been added to the root servers yet?
- How much will the transition to IPv6 cost?
- I have enough addresses today. Why should I bother implementing IPv6?
- Is there a specific date when everything needs to be upgraded to IPv6?
- Will IPv6 addresses run out eventually?
- When will I need to turn off IPv4?
- What does the IPv4 address depletion mean for enterprises and users? Should they panic?
- Will IPv4 address depletion mean that services will get switched off?
- How long do you think we will have the IPv4 and IPv6 protocols active at the same time?
- Isn’t address sharing the answer? We introduced NAT last time addresses were becoming scarce.
- I've been using NAT on my home network for years and it doesn't give me any problems. What's different this time?
- Without NAT, won't my network be less secure?
- What, specifically, still needs to happen for the industry to effectively transition to IPv6?
- What’s going to happen on World IPv6 day?
- How will IPv6 Day impact Internet users?
- I run an ISP with a block of IPv4 address space. Can I just convert that into IPv6 space?
- I run IT services. What should I be doing now to get ready?
Yes and no. For the version of the Internet Protocol that underpins the Internet today (IPv4) there is a limited amount of unused space remaining. While estimates vary, based on recent trends it is anticipated that the current pool of unallocated IPv4 addresses will be consumed sometime around 2010 - 2011.
However, an enormous amount of IP address space exists under IPv6. IPv6, in fact, was specifically designed to fix the address limitations of IPv4. IPv6 addresses have been available for allocation since 1999 and the RIRs, ICANN, ISOC and others are encouraging network operators to apply for IPv6 addresses and implement IPv6 in their networks. Refer to the following announcements from:
IPv6 is the new version of the Internet address protocol that has been developed to supplement (and eventually replace) IPv4, the version that underpins the Internet today.
The Internet Engineering Task Force (IETF), an international group concerned with developing technical standards that make the Internet work better first published the basic IPv6 protocol in 1998. It has since seen a number of enhancements, such as the addition of mobile IPv6 specifications (in 2004).
Version 5 of the IP family was an experimental protocol developed in the 1980s. IPv5 (also called the Internet Stream Protocol) was never widely deployed. Since the number 5 was already allocated, this number was not considered for the successor to IPv4. Several proposals were suggested as the IPv4 successor, and each was assigned a number. In the end, it happened that the one with version number 6 was selected.
Simply by having a lot more address space to uniquely identify devices that are connected to the Internet. IPv4 has a theoretical maximum of about 4 billion addresses whereas IPv6 has an unthinkable theoretical maximum: about 340 trillion, trillion, trillion addresses. In actual use, IPv6 addresses are structured for routing and other purposes and as a result the number of addresses available is effectively less, but still extremely large.
For the end user, the large amount of IPv6 address space means:
- Home users will generally be given blocks of addresses sufficient to number multiple networks and thousands of devices. (In contrast, under IPv4, home users today typically get a single address.)
- Enterprises and small businesses will generally be given enough to number a substantial number of networks and tens of thousands of devices; while larger sites will get significantly more.
Existing devices and networks connected to the Internet through IPv4 addresses will continue to work as they do now. In fact, IPv4-based networks are expected to co-exist with IPv6-based networks at the same time.
However, for network operators and other entities that rely on Internet numbering allocations, it will become increasingly difficult and expensive (and eventually prohibitively so) to obtain new IPv4 address space to grow their networks. The cost and complexity associated with keeping track of and managing remaining IPv4 address space efficiently will also increase.
Therefore, network operators and enterprises will need to implement IPv6 in order to ensure long-term network growth and global connectivity.
The final allocations to the Regional Internet Registries (RIR) will soon be allocated. At current rates of consumption, the RIRs IPv4 address pools are likely to be depleted in approximately one year. The U.S. likely has less than a year left before *all* new networks will have to use IPv6 address space. Ahead of that date, the Internet Society and many global IT organizations are encouraging adoption of IPv6 and sponsoring World IPv6 Day in order to ready the industry for this necessary transition.
The key difference between the versions of the protocol is that IPv6 has significantly more address space. Users should not be aware of any difference.
The addresses do look different however. A typical IPv6 address has 8 groups of four letters and numbers separated by colons so it looks like this: 2001:db8:1f70:999:de8:7648:6e8
The expanded addressing capacity of IPv6 will enable the trillions of new Internet addresses needed to support connectivity for a huge range of smart devices such as phones, household appliances and vehicles.
IPv6 also brings enhanced quality of service that is required for several new applications such as IP telephony, video/audio, interactive games or ecommerce.
The main advantage of IPv6 is that it provides much more address space. Being a more recent protocol, IPv6 does have a few design improvements over IPv4, particularly in the areas of autoconfiguration, mobility, and extensibility. However, increased address space is the main benefit of IPv6.
I've heard some people say IPv6 is more secure than IPv4, while others say it is less secure than IPv4. What is this about?
Debates concerning IPv4 versus IPv6 security often focus on different aspects of network deployment.
It has been said that IPv6 supports improved security because the specifications mandate the inclusion of the IP Security (IPsec) suite of protocols in products. In IPv4, including IPsec is optional, but it is commonly available. Because the IPsec protocol suite is designed to be indifferent to IP versions, the technology works generally the same way in both IPv4 and IPv6. In this way, the benefits of using IPsec are similar in either environment.
The increased address space provided by IPv6 does eliminate the need to use NAT devices, which are pervasive in many IPv4 networks. Broadly speaking, security is harder to deploy and troubleshoot when NATs are present in a network as they disrupt IP layer traceability and therefore security audit trails. In addition, the address rewriting that NAT performs is considered by some security protocols to be a security violation. Thus, with the increased address space eliminating the need to use NATs, IPv6 potentially facilitates deployment of end-to-end security.
Many of the IPv6 security issues reported today have to do with vulnerabilities in individual products, not the IPv6 protocol. IPv4 is widely deployed and individual IPv4 products have gone through the recurring cycle of discovering and fixing security vulnerabilities and other bugs. Because IPv6 products are comparatively new, they have not benefited from similar experience. Consequently, security vulnerabilities in IPv6 products will need to be discovered and repaired, just like for other products.
Also, the operational practices built up over many years for IPv4 networks will have to be adapted for IPv6. New practices will need to be developed for the dual stack IPv4 and IPv6 environment. This will be accelerated as more network operators deploy IPv6 and continue to exchange information about experience and best practices through established operators groups, the IETF Operations area, and other forums.
Overall, maintaining network security will continue to be a challenging undertaking in both IPv4 and IPv6 contexts. Neither protocol provides a simple solution to the complexities associated with securing networks. Like with IPv4, network operators should become educated on IPv6 security practices and keep up-to-date with developments as they plan for and deploy IPv6.
There are three basic aspects involved in the deployment of IPv6: the protocol, the products, and the operational practices.
The IPv6 Protocol
IPv6 has benefited from over 10 years of development within the Internet Engineering Task Force (IETF). The core standards have been stable for many years and deployed in both research and operational contexts. In addition to the core specifications, IPv6 includes a large number of individual standards that have a more limited applicability and are only needed in specialised environments. Additional development work will continue in these areas as new issues are discovered in response to deployment-specific scenarios. Like the continuing evolution of IPv4, there will always be updates and additions to IPv6 in response to deployment experience. Thus, even though the core IPv6 specifications are stable, there will continue to be ongoing work on IPv6-related specifications.
The core IPv6 specifications are becoming increasingly available as a standard part of products and service offerings. However, not all products are fully IPv6 capable at this time and some significant upgrade gaps remain, especially in low-end consumer equipment. Similarly, while many software applications and operating systems (especially in open source code) have already been updated for IPv6, not all products (including some from major vendors) are fully IPv6 ready. It is best to check with specific vendors on the IPv6 readiness of their individual products and services. In addition, in-house application software or custom code that interfaces with the network will likely need updating for IPv6.
IPv6 Operational Practices
Operational practices built up over many years for IPv4 networks will have to be adapted for IPv6. There is growing experience in the deployment of IPv6 in research networks and R&D projects, while some production networks (primarily in Japan and Korea) have been running IPv6 for a number of years. IPv6 traffic today, however, remains small in comparison to IPv4. As more network operators deploy IPv6 and continue to exchange information about experience and best practices through established operators groups, the IETF, and other forums, the community knowledge level will grow.
In summary, IPv6 is ready for deployment, but additional effort is needed to make its use pervasive. The IETF, equipment vendors, application developers, network operators and end users all have roles to play in ensuring the successful wide-spread deployment of IPv6.
The imminent need to migrate systems to the IPv6 protocol does not exist the way we saw with Y2K. As a result, enterprises have frequently decided to postpone investment in the transition. One of the reasons is that IPv6 deployment is a necessary upgrade procedure that requires the investment of human and capital resources, but does not offer clear short-term return. There are also workarounds, such as the introduction of Network Address Translation (NAT) that allows organisations to extend their addresses to more devices. These workarounds are costly and not viable in the long-term. The only way forward is to adopt IPv6. The time to adopt is now - and many organizations have already initiated, and even completed the transition process. This is why many organizations have recently joined World IPv6 Day.
On 4 February 2008, ICANN announced that it had added IPv6 to six of the 13 root servers, namely A, F, H, J, K, M, thus allowing for a fuller IPv6 usage of the Domain Name System (DNS). Since then, the L root has also been added to the list.
Since network needs and businesses differ, IPv6 transition strategies and related costs will also vary between organisations. Hardware and software vendors are increasingly integrating IPv6 as a standard feature in products, allowing organisations to deploy IPv6 as part of routine upgrade cycles. For many organisations, operational costs, including staff training, and one-time administrative costs to add IPv6 to management databases and documentation, are likely to constitute the majority of the cost of upgrading to IPv6. Organisations that run in-house customised software will experience additional costs to upgrade these programs to IPv6, and enterprises that have test/release processes will see a marginal additional cost for the IPv6 configuration tests.
For end-users, operating systems such as Mac OS X, Windows, and Linux now incorporate IPv6 within their latest releases and will automatically use IPv6 if it is available. Applications are expected to follow as the global demand for IPv6 increases.
IPv6 is an important part of ensuring continued growth and accessibility of your services to the rest of the Internet and emerging markets in particular. As the Internet progressively becomes a dual IPv4/IPv6 network, ensuring that you are IPv6 enabled will be critical for retaining universal Internet connectivity for your clients, users, and subscribers, business partners and suppliers. Indeed, as the difficulty and cost of obtaining IPv4 address space increases, it is inevitable that some sites will only support IPv6. Connectivity with such sites (and customers) will require IPv6.
It is also worth considering what services and devices may need to be supported over the next few years as the remaining IPv4 pool become depleted. Your existing address allocations may be insufficient to support a sudden increase in the number of connected devices per person (as many organisations experienced with the rapid deployment of IP-enabled wireless handheld products and similar devices a few years ago).
No. There is no specific date when everything must be upgraded to IPv6 (although some organisations, including governments, have already identified target dates for their own IPv6 implementation. IPv6 and its transition mechanisms have been designed for a long period of co-existence with IPv4 and it is expected that IPv4-only systems and applications will survive for many years. However, IPv6-only systems are expected to arise and many of these users are likely to be in emerging business markets and developing countries.
Implementing IPv6 requires planning and with IPv4 address pool exhaustion expected around 2010-2011, planning needs to start now. Network operators and administrators should already be incorporating IPv6 into their network upgrade and procurement plans.
No. An enormous amount of IP address space exists under IPv6. IPv6, in fact, was specifically designed to fix the address limitations of IPv4. This addressing capacity will enable the trillions of new Internet addresses needed to support connectivity for a huge range of smart devices such as phones, household appliances and vehicles.
Possibly never. The purpose of deploying IPv6 is to ensure network growth and continued interconnectivity when IPv4 address space becomes depleted and difficult to obtain. In addition, as the global Internet continues to expand, it is likely that some Internet sites will only be available via IPv6.
To avoid problems, one should be fully IPv6-enabled by the time IPv6-only sites start appearing. However, in practice, it is only the public (or user) facing part of an enterprise's infrastructure that needs to be IPv6 enabled at the outset. The back-end infrastructure - which users do not interact with directly - can continue to be based entirely on IPv4, so long as that is the most cost-effective approach. (Enterprises may determine that it is more cost-effective to progressively turn off IPv4 in parts of their network once it is no longer needed or in significant use.)
One should expect, however, that it might never be cost-effective (or possible) to upgrade certain legacy systems. Thus, it will likely be a decade or more before enterprise sites find themselves in a position to consider completely turning off IPv4. In practice, there is no need to turn it off so long as IPv4-only applications still remain in use.
There is absolutely no reason to panic. The existing IPv4 Internet will continue to function exactly as it does today.
There has already been considerable progress made - we have seen concrete progress from service and content providers to support IPv6. They know they are the ones to lead the charge and they are setting a great example for enterprises and other entities. We anticipate that adoption of IPv6 will accelerate so users do not notice the impact of IPv4 depletion. If migration decelerates, U.S. users might notice the impact within 12-18 months, but again, the momentum around this indicates we are well positioned to embrace IPv6 going forward. You can test your IPv6 readiness.
No. Both IPv4 and IPv6 will run in parallel until there is no longer any need to do so.
No one will put a date on when IPv4 will be turned off. This will depend on market forces. When IPv6 becomes the dominant network it will draw more people in and less people will worry about IPv4. There will always be backwards compatibility for things like older network printers that cannot transition to IPv6.
Over the long term, deploying IPv6 is what we need to do. In the short term however, maintaining growth of IPv4 services will require address sharing which can only be considered a temporary fix.
The sharing will be implemented at the service provider level in the form of large scale NATs. This means that users will find that they are sharing their IP address with a few hundred of their network neighbours at the same time. This will result in reduced performance and capabilities for end users, and higher costs and management complexity for service providers. The wide range of issues that address sharing creates have been documented by the IETF here: http://tools.ietf.org/html/draft-ietf-intarea-shared-addressing-issues.
I've been using NAT on my home network for years and it doesn't give me any problems. What's different this time?
The big difference is that sharing is now across multiple subscribers, as opposed to across multiple devices belonging to a single subscriber. This has implications for advertisers, content providers, law enforcement and end-users themselves. NAT in residential cable modems and the like is often configurable by the subscriber. Service-provider NAT will offer less possibility for end-user configuration. This means the subscriber's ability to enable incoming connections for applications like VoIP or gaming may be curtailed.
Translating addresses does not provide any security benefits. In many cases NATs require an outgoing connection to be present before they will allow an incoming connection to succeed. This 'stateful packet filtering' can be enabled for IPv6 in the absence of any address translation. The security properties of IPv6 are no different than those of IPv4.
The transition to IPv6 will require collaboration across the Internet industry:
Internet service providers, Web companies, hardware vendors and operating system vendors.
All major industry players need to take action to ensure products and services are ready for the transition. For example, Internet service providers need to make IPv6 connectivity available to their users, Web companies need to offer their sites and applications over IPv6, operating system vendors may need to implement specific software updates, backbone providers may need to establish IPv6 peering with each other, and hardware and home gateway gateway manufacturers may need to update firmware.
Testing deployment readiness is a little bit of a chicken and egg issue – websites can’t test effectively without the networks and equipment vendors being ready and vice versa. World IPv6 day is the opportunity for the whole industry to test their readiness and to identify any areas for improvement during a 24 hour test flight.
IPv6 is extensively used in many large networks, but it has never been enabled at a global scale. IPv6 Day will help industry players work together to support the new protocol on an accelerated timeline. With major Web companies committing to enable IPv6 on their main Web sites, there are strong incentives for other industry players to ensure their systems are prepared for the transition.
The goal is to motivate organizations across the industry – Internet service providers, hardware makers, operating system vendors and web companies – to prepare their services for IPv6 to ensure a successful transition as IPv4 addresses run out.
Our goal with IPv6 Day is to ensure that the Internet continues to operate smoothly, allowing users to continue to access Web content and services quickly and easily. However, as IPv6 Day will be the first time the next-generation Internet protocol is used at a global scale, we anticipate there will be some hiccups. The impact will vary depending on the exact hardware, Internet service and Web services an individual is trying to use. In some rare cases, users may have broken IPv6 connectivity and thus may not be able to access services on IPv6 Day. This is often due to misconfigured or misbehaving equipment (e.g., home routers) or software (e.g., firewalls). This problem currently impacts approximately one Internet user in every 2,000. Operating system vendors, home router vendors, and ISPs are working together to substantially reduce the number of affected users before World IPv6 Day.
You will need to obtain new IPv6 addresses in addition to your existing IPv4 address blocks. IPv4 address space that you have today can still be used in a dual IPv4-IPv6 environment. The RIRs all have policies that make it straightforward for an ISP with IPv4 space to apply for and receive IPv6 address space. You should contact the RIR for your region or your ISP for more information on how to acquire IPv6 addresses.
It may also be good idea to use this opportunity to redesign your addressing plan, taking advantage of the greater flexibility of IPv6 to assign subscriber address blocks more optimally. Similarly, customer sites may use IPv6 as an opportunity to redesign and optimise their internal addressing plan. However, it may be possible to re-use an existing subnet addressing plan within the new IPv6 block, if that is preferred.
Plan for IPv6 as you would for any major service upgrade.
Do an audit of your current IPv6 capabilities and readiness. Assess the level of IPv6 technical knowledge within your staff and make plans for staff development and training that will support IPv6 implementation.
Think about which of your services will lose business if they are only accessible to IPv4-users and make them a priority for IPv6 capability. For example, you may plan to implement an IPv6-enabled front-end Web server immediately, before converting your internal network.
Remove obstacles to enabling IPv6 including identifying any legacy systems that can not be upgraded, and choose a solution for them (most likely, the solution will be an application level proxy that can support both IPv4 and IPv6 for the remaining lifetime of that system). Plan upgrades and purchases so that you don’t find yourself needing to deploy and enable IPv6 but discover at a late stage that you are not ready because a key system dependency is not IPv6 capable.
Contact your vendors to find out about IPv6 support in their current products and future releases and ask your ISP about their plans to support IPv6.