IPv6 – What is it and why do we need it?

Robert Czechowski

November 15, 2021

IPv4 and IPv6

IPv4 address

87.79.238.188

IPv6 address

2001:4dd0:2426:0:4cca:dd0:7570:f476

Why do I talk to you about IPv6

  • Not an IPv6 expert
  • Involved in introduction of IPv6 in my student dorm
  • Made everything IPv6 capable at my previous employer
  • Like to develop things IPv6-first

Motivation

Motivation

IPv4 Problems

IPv4 Adress exhaustion

Available IPv4 ranges (/8) [Wikipedia]

IPv4 Adress exhaustion

Price per IPv4 address [ipxo.com]

NAT

Network address translation

  • Hosts behind NAT not directly reachable
  • Bad replacement for a firewall

Host IP configuration

  • Either fixed IP addresses configuered on each host
  • Or DHCP
    • Either non-deterministic
    • Or configured on a per-MAC basis

IPv6 to the rescue!

Understanding IPv6 addresses

Helpful tools

IPv4 IPv6
ip addr ip addr
dig y27.de dig y27.de AAAA
ping -4 y27.de ping -6 y27.de
dhcpcd -T eth0 -t 5 dhcpcd -T eth0 -t 5

Lets look into it

$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state…
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: enp0s25: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdis…
    link/ether 28:d2:44:d8:c6:f9 brd ff:ff:ff:ff:ff:ff
    inet 172.27.27.8/16 brd 172.27.255.255 scope global dyn…
       valid_lft 86395291sec preferred_lft 86395291sec
    inet6 2001:4dd0:2426:0:4cca:dd0:7570:f476/64 scope glob…
       valid_lft 6899sec preferred_lft 3299sec
    inet6 2001:4dd0:2426:0:8284:9fef:358e:915b/64 scope glo…
       valid_lft 6899sec preferred_lft 3299sec
    inet6 fe80::b6e2:f8fb:ee5a:ca2c/64 scope link noprefixr…
       valid_lft forever preferred_lft forever

Lets look into it (pi edition)

$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state…
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc …
    link/ether b8:27:eb:aa:16:31 brd ff:ff:ff:ff:ff:ff
    inet 172.27.0.2/16 brd 172.27.255.255 scope global nopr…
       valid_lft forever preferred_lft forever
    inet6 2001:4dd0:2426:0:ba27:ebff:feaa:1631/64 scope glo…
       valid_lft 7119sec preferred_lft 3519sec
    inet6 fe80::ba27:ebff:feaa:1631/64 scope link
       valid_lft forever preferred_lft forever

How does IPv6 work

IPv6 [RFC 2460 8200]

  • Uses 128 bit addresses instead of 32 bit addresses
IP packet structure [HP]

Notation of IPv6 adresses

  • Eight blocks of four hexadecimal figures

    2001:00d0:0000:0000:0000:005a:008e:915b

  • Leading zeros can be left out

    2001:d0:0:0:0:5a:8e:915b

  • A single group of zero blocks can be replaced by ::

    2001:d0::5a:8e:915b

Notation of IPv6 adresses

  • The last two blocks can be written in v4 format

    2001:d0::5a:10.142.145.91

  • What to add a port / protocol? Brackets!

    http://[2001:d0::5a:8e:915b]:8080

Thinking about IPv6 adresses

2001:4dd0:2426:0:8284:9fef:358e:915b

  • 64 bit network part, 64 bit interface identifier

    Rationale:

  • Have enough networks to give every site its own network

  • Have enough interface identifier to fit every device in a single one network

Subnetting in IPv6

IPv4 IPv6
10.0.0.0/8 2001:1337::/40
16M addrs 16M subnets with 2^64 addrs each!
10.7.0.0/16 2001:1337:7::/48
65k addrs 65k subnets with 2^64 addrs each!

Subnetting in IPv6

  • In IPv4 the more you build subnets the fewer addresses you have left
  • In IPv6 any /64 still gives you enough addresses for any device in this world!
  • ISPs are recommended to give you a /48
    • 65k subnets for you!
    • Netcologne does this!

Typical types of IPv6 addresses

  • Link local:

    fe80::b6e2:f8fb:ee5a:ca2c

  • Global routable:

    2001:4dd0:2426:0:8284:9fef:358e:915b

  • Localhost:

    ::1

Typical types of IPv6 addresses

Other

  • Multicast

  • Anycast

  • Unspecified:

    ::

Typical types of IPv6 addresses

Want to listen on IPv4 and IPv6 both?

  • Just listen on ::
  • On Linux bind() by defaults listens
    • on IPv4 and IPv6 on ::
    • on IPv4 only on 0.0.0.0

SLAAC [RFC 4862]

Stateless address autoconfiguration

  • Propagate network information via Router Advertisments (RAs)
  • Generate interface identifier from MAC address

MAC:

01:23:45:67:89:ab

Interface identifier:

…:0323:45ff:fe67:89ab

PE [RFC 4862]

Privacy extension

  • Generate random interface identifier
  • Switch interface identifiers randomly
  • Make end users not as easily identifiable by handing out their (never changing) MAC address everywhere

Why should we be IPv6 ready

More and more traffic is becoming IPv6

IPv6 traffic [Google]

More and more traffic is becoming IPv6

IPv6 traffic [Google]

More and more traffic is becoming IPv6

IPv6 traffic per country [Google]

More and more traffic is becoming IPv6

IPv6 traffic per country [Google]

More and more traffic is becoming IPv6

IPv6 traffic per country [Google]

IPv6 only services

First services start to appear that are IPv6 only.

  • https://loopsofzen.uk
  • https://clintonwhitehouse1.archives.gov/
  • https://clintonwhitehouse2.archives.gov/

Those are currently not reachable from our office because we don’t have IPv6 enabled.

What we’re missing out on!

Archived website of the white house

DOD and chinese government pushing for IPv6

DOD requiring IPv6 only networks

DOD and chinese government pushing for IPv6

DOD requiring IPv6 only networks

DOD and chinese government pushing for IPv6

CCP requiring IPv6 only networks

How to be prepared?

  • IPv4 and IPv6 can be used in parallel (dual stack)
  • No reason not to make everything IPv6 ready

To do? Make …

  • … the office IPv6 capable! (Creative friday?)
  • … code-intelligence.com reachable with IPv6
  • … www.code-intelligence.com IPv6 reachable
  • … platform frontend IPv6 ready
  • … internal components IPv6 ready
  • … app.dev.code-intelligence.com IPv6 reachable
  • … app.code-intelligence.com IPv6 reachable
  • … ? (what am I missing?)

And finally …

… The end

Thanks for listening!

Questions?