Ethan Banks Getting work done in a world of distractions.

IPv6 Q&A For The Home Network Nerd

I

I was a guest on the Daily Tech News Show, episode 2957A. We chatted about the news of the day, then had an IPv6 discussion aimed at folks who are curious, but haven’t had a chance to work with v6 yet. My goal was to dispel FUD and spread the gospel of IPv6 to the nerdy public.

For those of you that listened to the show, here’s the text I’d prepped. We didn’t get to all of this when recording, so you might find more information here to inspire your IPv6-related Google-fu.

What are the benefits to me as a general consumer of IPv6? (beyond having fifteen bajillion addresses)

In a certain sense, there is little tangible benefit for consumers. Addressing is largely transparent to general consumers. I think many consumers don’t know or care about the IPv4 address assigned to their gear. They care whether or not they can access the Internet resource they are trying to access.

For the more tech savvy, IPv6 does indeed bring fifteen bajillion addresses, so to speak. And while that doesn’t seem like a big deal, it is. For example, most of us at home have gear obscured by NAT. This makes us feel more secure — all these addresses hidden behind a single address feels like a bit of anonymity, and we like that. But private address space and network address translation are features that were created because the Internet was quickly running out of address space. Not because the powers that were felt that a layer of indirection was required to make us more secure.

IPv6 gives us back the address uniqueness we and many of our apps need going forward. This will allow carriers to do away with carrier grade NAT, a system of hierarchical double-translation that has been problematic for certain Internet applications, including some games. NAT and CG-NAT is fine for outbound, client-side traffic, but painful for inbound server-side traffic, when a home consumer is acting as a source of traffic, such as happens in gaming and voice apps.

IPv6 also means that the world can remain in contact with one another everywhere. There are parts of the world, Asia most notably, where new public IPv4 address space has been unavailable for some time. That means certain new network segments have been and are being deployed as IPv6 only. This is perhaps less interesting to the home user, but increasingly interesting to the business user who does global commerce.

Performance is another interesting issue. As a side note, IPv6 has done away with header checksum calculations, presuming them to be redundant, since other parts of the network stack perform checksums as well. More interestingly, when performing an address lookup, hosts with IPv6 capability will query the DNS system for an IPv6 address, the quad-A record specifically, before a regular IPv4 address. With many operating systems that are IPv6 enabled, you’ll find that the OS will try to do whatever task it’s doing via v6 first, falling back to v4 only if v6 fails. So going all IPv6 can, in certain circumstances, result in better overall performance for a complex transaction, such as retrieving a busy web page over HTTP.

Can IPv4 and v6 coexist peacefully on the Internet (can both parts talk to one another)? What about for a single device like a phone or laptop?

IPv4-only hosts and IPv6-only hosts don’t talk to each other without a translation of some kind. There are schemes that perform v4 to v6 address translation and back. There are devices that can act as a proxy between v6 clients and v4 servers. However, those sorts of schemes are usually confined to the enterprise or service providers, where network operators could implement such a scheme if appropriate.

I think the real-world answer is that the global Internet, for the most part, runs dual-stacked. That is, there are both IPv4 and IPv6 addresses that allow both kinds of traffic to access hosts. The coexistence is not only peaceful, but very real, as it is going on today.

A different way to answer the question is that no, the two address systems don’t talk to each other directly, but most devices speak both languages, so it’s okay.

This is also the case for a phone or laptop. For example, on your iPhone, you can download the Hurricane Electric HE.net app from the app store. It’s free. This tool will tell you the IPv4 and IPv6 addresses assigned to your iPhone underneath the “Interface Information” section. You’ll find that you’ve got not only IPv4 addresses, but also several IPv6 addresses as well. On your Mac, you could type “ifconfig” and get a report of your interfaces. You’ll see IPv4 and IPv6 addresses, even if you haven’t rolled IPv6 out to your network. “Ipconfig” on Windows offers the same sort of information.

These days, dual-stacking is the rule, not the exception. Coexistence is expected. Communication between IPv4 and IPv6 is managed in this manner, where for now, most systems speak both languages.

What do I need to know about the transition for my end-use devices? Do I need to do anything?

If you’re a home user, the answer is most likely very little. There are a few things to keep in mind, however.

1. Your ISP needs to support IPv6. A call to their tech support should answer that question. In the US market, more and more providers are supporting IPv6 all the way to the home. The largest national carriers especially support IPv6. Smaller regional carriers might not yet support IPv6, meaning that if you were to send IPv6 traffic towards the Internet, you won’t get an answer back.

2. Your Internet gateway needs to support IPv6. The vast majority do, and have for some time. However, you will likely need to enable it.

3. From there, assuming you’ve got a flat home network (i.e. you haven’t broken your network up into routed segments, something you’d have to do on purpose), your local devices should start picking up routable IPv6 addresses from your gateway using the neighbor discovery and router advertisement processes. This serves the purpose of providing IPv6 addresses to your end-use devices, and also lets them know where to send their traffic headed for the Internet.

4. Realize that your operating systems are already using IPv6, unless you’ve gone out of your way to shut it all off.

5. Even if you don’t think you’re running IPv6 at home, fire up a packet sniffer like Wireshark, let it run for a minute or so, and take a look. You’ll see plenty of IPv6 traffic on the wire, guaranteed. It’s very possible that you’ll have devices on your network talking to each other with non-routable local use only IPv6 addresses without you having configured a thing!

6. Another important point to realize is that your devices will have multiple IPv6 addresses assigned to them, even on the same interface. This is normal in the IPv6 world. Different addresses are used for different purposes. This is different from IPv4, where you more typically see a single IPv4 address assigned to an interface.

For an enterprise, many of the same ideas hold true, only you’re going to want to do a bit of address planning. Your enterprise will have multiple segments of IPv6 addresses, a more complex firewall configuration, etc. But you want to take control of that environment, own it, and then maintain it.

Do I get any immediate benefits from making sure all my devices support IPv6?

This is hard one for me to answer. On the one hand, I want to say not really, in the sense that so much trouble has gone into making sure that IPv4 and IPv6 co-exist. There is also a presumption on the part of the industry that IPv4 is around for the long haul. We’re planning a period of co-existence as opposed to a transition. There is no roadmap for sunsetting IPv4. Therefore, if you have some older devices hanging around that only support IPv4, you’re going to be okay for a while. In fact, there are still a few vendors making networking products today with limited or no IPv6 support at all, using the excuse that customers aren’t asking for IPv6.

On the other hand, the global Internet has deployed IPv6. IPv6 is the new normal. IPv4 might be around for a long time simply because it’s so entrenched, but that doesn’t mean it’s better. All of us, both consumers and manufacturers, should be making an effort to get IPv6 done. There isn’t any reason not to.

That’s not an answer to the question exactly, but I think that’s because the IPv6 benefits that end users will appreciate are elusive. Yes, IPv6 is the right thing to do. But the clear & obvious motivation to get it done, i.e. immediate benefits that the average person will care about, isn’t so clear and obvious. The end result is roughly the same as IPv4 today. Your address talks to some other address, which is really pretty boring.

Is there a downside to moving all my devices to IPv6? (maybe some devices won’t work as well together if one is v4 and the other v6?)

I guess it depends on what you mean by “moving,” as what you’re more likely to be doing is enabling IPv6 alongside of IPv4 as opposed to doing a hard cut. In that context, there is no obvious downside, no. This goes back to my earlier points about dual-stacking, quad-A DNS records, and Happy Eyeballs. (Did I mention Happy Eyeballs?) These mechanisms have been in place for a long time now. Many operating systems will choose to communicate via IPv6 by default anyway, given a choice.

I, personally, am on a broadband provider that does not offer IPv6 as yet. Rumors are they are in beta. And yet, inside my perimeter firewall (the gateway router I run at my house), I see IPv6 traffic all the time. For example, my Mac was performing a Time Machine backup to a Synology disk array. With no configuration on my part, the two machines were using locally scoped IPv6 addresses to get the job done.

Again, the mechanisms are in place, and have been, for a dual-stacked Internet.

Let’s not forget that IPv6 itself has been around for a long time now. The first IETF RFC for IPv6 was number 1883, published in December 1995. That document is obsoleted by other RFCs now, but my point is that we’re dealing with an addressing system that has had over 20 years to bake. Although Internet engineers keep making minor tweaks and adding features here and there, IPv6 isn’t cutting edge technology in any way. Global adoption is, depending on your point of view, either complete or long overdue. The barriers to adoption have been largely financial ones as opposed to technical ones.

In summary, there’s no real downside. Using IPv6 has been largely de-risked.

What about NAT? Can ISPs now charge me per device if they want to?

Assuming NAT goes away in an IPv6 world, which I strongly advocate, then sure, it becomes easier for ISPs to charge you by device for network access if they want to. And cynics are fair to point out that service providers have a track record of charging for anything that they can think of. But I don’t think charging per device is likely to happen.

My opinion is that individual devices are not interesting metrics when compared to bandwidth utilization. Bandwidth consumption has been the hot button, and will continue to be. Bandwidth monitoring is a way to control what you are doing on the Internet, specifically about what you are watching. I believe streaming is the big thing here. Entertainment is the big game in town.

Bandwidth is what large network operators have finite amounts of. Bandwidth is the thing that’s precious. In a sense, they want as many of your network devices consuming the network as possible, chewing up that bandwidth…which they meter…and then can charge you for. Or give you free amounts of, assuming you’re watching streams they control and are able to make advertising revenue from in some way. Net neutrality, anyone?

Notice all the press lately about unlimited data plans – they are going away, and grandfathered plans are becoming more costly. And then big providers are getting more serious about enforcing data caps. You know how easy it is to blow through a terabyte of data in a month if you’re a cord cutter who streams a lot of HD content? No problem at all.

A better question is ask is what good comes from doing away with NAT. I think there are benefits here.

1. Doing away with address obfuscation means that compromised hosts can be clearly identified. Security is an increasing problem on the Internet, and IoT devices are shipping with awful security. IPv6 deployed without NAT makes it easier to pin down these compromised hosts.

2. When bandwidth charges are assessed by an ISP, they should be able to point to exactly the IPv6 addresses that were consuming the network. That takes the guessing out of whether it was the teenager’s tablet or Dad’s Roku.

In conclusion…

For those uber-nerds who really want to get into the nuts and bolts, IPv6 is a big topic. There are some behind-the-scenes protocols you can learn. There are different behaviors when compared to IPv4. For instance, did you know there’s no such thing as broadcast traffic in IPv6? There are the different types of addresses and their uses to learn. There are IPv4 to IPv6 transition technologies, such as IPv6 over IPv4 tunneling.

A great place to learn about IPv6, especially if you are a v6 “have-not” is through Hurricane Electric’s free TunnelBroker.net service. Hurricane Electric can get you connected to the IPv6 Internet, assign you a block of your own v6 addresses to work with, and help you learn by giving you educational tasks to perform.

Another good jumping off point is ARIN’s IPv6 Info Center. And then, of course, just Google around as you run into terms you’re not familiar with. There’s tons of great information out there.

By Ethan Banks
Ethan Banks Getting work done in a world of distractions.

You probably know Ethan Banks because he writes & podcasts about IT. This site of his covers personal productivity.

Get the details on his about page.