Read our other recent blogs:
8th December 2014
Blog: Whatever happened to IPv6 (Part 1)
Three years ago, we commissioned our book "Real World IPv6" which provided an overview and practical guide to IPv6 - the replacement for the current IPv4 numbering system used by every Internet-connected device. At the time, we were introducing IPv6 to most of our product range, so we also produced various other materials to help educate our user base.
The case for IPv6 is clear (summary here), but as the current IPv4 system seems, to most users, to be working, few are rushing to IPv6. If you believed some press, the running out of IPv4 addresses was imminent armageddon for the Internet. Well, the IANA did run out, having allocated all IP ranges to RIRs but the RIRs and ISPs do still have some so it 'appears' to be business as usual. Given that, you can see that the average user who just wants to buy socks on ebay or watch funny cat videos on YouTube has better things to worry about that IPv6. Let's be clear - we DO need to move to IPv6, but it's totally understandable that no-one's desperate to do so.
Next time, in part 2 we're going to consider what at the drivers and incentives are for moving to IPv6 and why we need to all implement IPv6 carefully now, not in a rush later. In this article, part 1, we look at some of the reasons for the current friction and the barriers to adoption:
Barrier : IPv6 Skills Shortage
Seeing as support staff have spent 20 years reliably telling people "to turn it off and back on again" it's hardly surprising that learning new skills has to have a really good justification. The same goes for your home network that you run yourself. Why make life complicated? We all know IPv4 like the back of our hand - we know 192.168.1.1 is the default address of a DrayTek router; what is it in IPv6 (answer : it depends!). There's a genuine skills shortage in IPv6 but it's not too difficult to learn; you can implement it yourself quite easily on any network, but only if you want to.
Barrier : No 'killer app'
The biggest incentive for people trying or using something new is that it provides something that you can't currently get. With IPv6, your YouTube cat videos aren't any funnier, your data doesn't go faster. If it's all working well, your users will get exactly the same experience as they do with IPv4. In the future, with universal IPv6 support, this will actually not be the case - there will be applications and features which will only be possible with IPv6, but as stage 1 will be to move all existing activities to IPv6, they will operate just as they do now. As time goes on, and the pressure on the finite IPv4 grows (and horrors like CGN - more on that in part 2), people will have more incentive to move.
Barrier : Fear, Uncertainty and Doubt
We depend on the Internet - what if your new IPv6 implementation doesn't work (answer - switch it off again until it's fixed - remember, IPv6 and IPv4 work in parallel) but even if your network is set up right, your hardware hasn't had the years of development and mass-market testing and evolution to iron out the bugs like IPv4 has. Hackers have a whole new playing field to exploit immature or buggy IPv6 stacks. That said, most vendors' IPv6 stacks are a lot more evolved and mature than when first introduced.
Barrier : Support from hardware/CPE
When we first introduced IPv6 into our products around four years ago, we felt a little bit lonely in the world of IPv6 - one of the reasons we put so much effort into documenting and promoting the topic (remember our video?). As time has gone on, more vendors and products support IPv6 and in fact, most new hardware does support IPv6 now in some form, including all modern PC, tablet and smartphone operating systems.
Barrier : Insufficient support from ISPs
This is the big one. Have you tried asking your ISP for IPv6? That's either the ISP who provides your Internet connection (broadband, leased line etc.) or the company hosting your servers or web sites.
In the UK, as of the end of 2014, most major ISPs still don't offer IPv6. Of those that do, often no-one in the sales department has heard of it so they have to speak to many people before finding out that they 'can' offer it, but no-one's asked for it before!
Some ISPs will offer IPv6 as part of business packages or on specific services (e.g. leased lines), but if you want IPv6, you will probably have to switch to a different ISP. Andrews & Arnold are an exception; they have offered IPv6, as standard, for no extra cost for many years. Embarrassingly for us, the very web site you're reading now is only available on IPv4, and it's hosted by one of Europe's largest hosting ISPs - they just don't offer IPv6 - and when we tried changing hosting ISPs last year we failed to find a suitable ISP who could offer us IPv6.
Barrier : ISPs treating IPv6 as a luxury
To add insult to injury, some ISPs are treating IPv6 as a premium or luxury service, rather than an eventual necessity. We , ourselves, needed an additional Internet connection, so we spoke to a popular UK based ISP - Easynet. They offered us a line, routed IPv4 subnet and also confirmed they could offer IPv6. Great... then they told us that there would be a £1000 (yes, £1000!) fee to enable IPv6 on the line. Yes, really, one thousand Pounds (Approximately US$1600). The world needs to move to IPv6 - ISPs should be at the forefront of promoting and encouraging that, not putting a £1000 tax hurdle in to discourage it.
Seeing as IPv4 subnets are a scarcity these days, it's ironic that the ISP happily gave us a /26 IPv4 subnet, but IPv6 (of which they have millions of subnets for every customer) has a £1000 surcharge for every user. To add injury to injury, 5 months in, having charged us £1000's of pounds having the line put in and the road dug up, we're still awaiting the IPv6 service. They haven't managed to get it working; we don't know if it's an infrastructure or skills problem. We mentioned Easynet because that's who we have personal experience of, but we expect that other ISPs are charging premium 'taxes' on IPv6 service too.
The state of IPv6 now
So, that's what happened to IPv6. It's still there, it's alive and well and coverage is increasing all of the time. Most people's own LANs and Internet-connected equipment is ready for it, the Internet can carry it but the biggest single factor holding it back are the ISPs.
The ISPs might argue that they are meeting customer demand - why implement IPv6 is no-one is asking for it (so do ask your ISP for it) and if no-one is asking for it, why introduce and run something that will need skills and possible expensive new equipment at their end.
You might draw a parallel with analogue and digital TV. That happened over a period of many years, allowing for people's natural replacement of their TVs rather than requiring us to suddenly replace our TVs. In the meantime, the broadcasters were required to start supporting digital broadcasts in parallel. Maybe we need European governments to do similarly - mandate IPv6 support. For example, the US government required all government departments to implement and support IPv6.
In the next part of this article (due soon!), we'll talk about the drivers, incentives and benefits of IPv6, why we need it and hopefully what will tip the balance in ISPs finally all providing it.
Please do follow us on Twitter (@DrayTekUK) or Facebook (DrayTekUK) for our latest articles or, if you're in the UK, join our mailing list.
First Published: 24/11/2014
Last Updated: 10/02/2015
From: Adrian Sankton
IPV6 is enable on my router as a native service from BT
I can think of a couple of killer apps for ipv6:
- facebook has found that its system is much more responsive for the user over ipv6 than over ipv4. They don't seem sure why. FB is now almost totally ipv6 (>99.9%, http://bit.ly/1Ml98cJ). This situation could drive ISP market share.
-IoT innovation involves communication between many end points (eg to identify the reliability of mobile phone location, wifi and zigbee signal strength changes as indications of human presence). If these are behind NAT barriers, then communications are more complex, error prone and slower. This issue requires the identification of market failures.
"z9zzzz" said "The issue I have with ipv6 is that it's traceable back to an individual device"
It's traceable in the same way that IPv4 behind NAT is... you can check existing DHCP tables. A specific IPv6 PC will get a different IP address each time it boots or refreshes (unless fixes) whereas with IPv4/DHCP it will often get the same address. With IPv6, it is possible to know that a specific PC visited one site and then another and trace it back if you do it in realtime, but once that PC is offline, rebooted, it will have a different IP address.
>> any hope of anonymity seems to vanish.
Why do you want to be anonymous? That normally means that someone wishes to act without taking responsibility, or (much more rarely) because they exist under a regime which would unduly take action against them for exposing a greater evil. So, you may be a troll, a thief, paranoid or a N.Korean dissident :-)
>> For people concerned about their privacy this at least provides a layer of plausible deny ability.
That doesn't make sense. As plausible deniability is a probability concept, it's unlikely to be much of a defence...
The issue I have with ipv6 is that it's traceable back to an individual device, any hope of anonymity seems to vanish. Behind a Natted firewall anyone could be using any device making it more difficult to trace. For people concerned about their privacy this at least provides a layer of plausible deny ability.
From: DrayTek UK
Robert. "The idea is good" - well, allowing more bits, yes. But it's like having an 8-digit calculator and wanting to calculate 9 digit numbers.... You can't without redesigning the calculator... If you enter a 9 digit number...it won't work... it will produce an error when you calculaye. "put the extra address bits into IPv4 option headers" but then legacy equipment will get confuse,d be unable to recognise/process or misroute. IPv6 datagrams are dropped by non-IPv6-capable devices, which is a good thing in that respect. To change IPv4 will make it incomaptible with old IPv4...so you might as well redesign it altogether. Don't get me wrong; IPv6 was designed years ago based on what the working group thought the future would be. If it was designed today, it would be designed differently.
Simon is attempting to increase the address space using a method that looks like it'll work, converting from using base10 to base26 or base36. As you said, it doesn't work exactly that way; but the idea is good. Further it is quite possible to put the extra address bits into IPv4 option headers and one of the possible IPng candidates did just that giving the merging of the IPv4 and IPng address spaces that Simon seems to be aiming for. But it leads to all sorts of nasty problems because IP is not connection oriented, so every node has to interpret the addresses and if some interpret them differently it leads to complete confusion and nasty bugs. This is the one of the major reasons that we got a distinct and independent IPv6 rather than an IPv4++. (The others include the fact that the IPv4 address space is a mess and that messing with IPv4 options is sloooow)
As for NAT; it actually works a lot like that IPng candidate I mentioned, except instead of storing the extra address bits in IPv4 options they're stored in "connection state". Because it does this, it has to some extent subverted efforts to get IPv6 out and moving. That's why that guy (whom I will not name because he did) apologised.
PS: You comment tool sucks; it eats my newlines and makes my essay really difficult to read!
From: DrayTek UK
Robert, I'm not sure why you say 'the idea was right' - the idea was to use letters instead of numbers, and, as we said, only 32 bits are allocated. If you added an extra bit, the header would be broken and not work... so the header had to be redesigned and the IPv6 designers took the opportunity to change/add some other things. NAT is a bit like a block of flats replacing a house. It's Flat 2, 12 DrayTek Avenu now... and that works because envelopes allow plenty of space for extra address subfields... IPv4 headers don't.
Actually, Simon is exactly right. That's exactly the difference between IPv4 and IPv6; the address has bigger numbers normally shown using letters too. There are no other differences (from a high level that is, a couple of useless things have been removed and other minor adjustments). Sure as Draytek said the actual representation decimal digits/hex digits/Hexavigesimal doesn't matter because the limit exists when you convert the numbers to bits but the idea is right.
The problem is most people don't understand how IPv4 works, they kind of think it's like a telephone system, where you build a connection from here to there and then send the bytes through that connection. That's an illusion; down at the level of IPvX connections don't exist, the connection is broken down into messages much like mobile phone text messages. Which means that every one of these messages must have the address it's going to attached to it; and that's the problem. IPv4 was the fastest protocol around and part of the reason for this was fixed sizes on all the numbers in the message these numbers were made huge, 4294967296 individual devices on the network; never happen, except...
In October 2010 the number of devices on the internet passed 5000000000. Luckily a lot of these devices can get by on a half broken internet connection or else we'd be in real trouble.
The IPv6 protocol still has the limit on the number of devices that can be attached. It was initially increased to 18446744073709551616 devices this is enough to cover the surface of the Earth with devices many times over ... but not enough to quiet the worries that we might have to go though this again. So they went for 340282366920938463463374607431768211456 addresses. That's enough for now.
PS: The guy who invented NAT as apologised for doing it.
From: Dave Robinson
I use a 6in4 tunnel from Hurricane Electric, which does the job fine. However, I have to point out that I had issues with trying to get the SPI firewall to work properly with IPv6 and my Draytek 2850n (basically, it was taking no notice of the order of the rules, and by default it was wide open - this could be a quirk of using a tunnel)
From: DrayTek UK
The IP addresses we're used to using, e.g. 220.127.116.11 (four decimal bytes - 8 bits each) are only written like that for our human convenience; in the network, they are binary, so that address is actually 11011001101010110101000110000011 in binary - that is 32 bits (zeroes or ones) and only 32 bits are allocated in an IPv4 header for the IP address. Every number between 00000000000000000000000000000001 and 11111111111111111111111111111111111111 can be represented by the decimal system using numeric digits.
From: Simon Murray
Being a complete novice at these things and not fully understanding IPv4 or 6 I can help wondering why if ipv4 has or will run out of numbers, introduce letters instead. Eg- xyz.abc.xyz.abc using base 26 instead of base 10 would negate the problem. I am sure its not that simple. But its worth thinking about.
I use BT as my isp and use sixxs tunnel broker for my IPv6 connectivity. I have one of my websites on dual stack IPv4 and IPv6 the host / ISP I use fix www.ovh.co.uk. You can find my site at www.mk-IPv6.com.
I have EntaNet as my ISP and had an IP V6 range allocated to me over 2 years ago. I find them one of the most helpful ISPs I have worked with and were quite happy to get it set up without any quibble. Unfortunately I haven't fully implemented it yet, as with the reasons you have stated above - there are almost no web hosters that have implemented it so there isn't that much of a benefit.
Add a comment to this article
NOTE : All comments are reviewed before publication and may not be posted or may be redacted if the editors do not consider them helpful. The use of offensive or obscene language, copyrighted material, or advertising or promotion or linking to any other product or service is prohibited. By submitting your comment, you confirm that you are the original author and assign copyright of the content to DrayTek indefinitely and irrevocably.