IPv4 in numbers
In November 2019, RIPE allocated the last addresses in their available pool. Recently RIPE recovered some ip addresses from the IANA pool. As you can see in the image, the address-space is exhausted quite some time now. The official date of exhaustion was 31 January 2011, when the last reserved /8 block was assigned and IPv6 was proposed in December of 1993. How does it come that we are still relying this hard on IPv4 up until today? We used a lot of methods to increase the life-span of IPv4. We added NAT to isolate all the devices and only need one ip address for a whole network. We looked into NAT64, which uses IPv6 to transport IPv4 packages. ISP's sometimes use ISP-level NAT. This means that there are less IP addresses needed to fulfil the needs of public IP addresses.
What about IPv6 then?
Google has a nice tool where you can see the adoption of IPv6. The data is from everyone that use Google services (which is frankly almost everyone). In this first chart, you clearly see that there is IPv6 adoption. It would be a shame that since 1993, no one used IPv6 yet. Despite being around for so long, only 30% of the world's population uses IPv6. Eric Vyncke's has a website with numbers for every country
This other image shows a card with the adoption of IPv6.
Why is adoption so slow?
ISP's, mobile providers and cloud-providers are largely responsible for adoption of IPv6. This new version of the IP standard is not compatible with IPv4. Because of this reason, if a service has only an IPv4 networking stack, persons with IPv6 only cannot access the service and vice versa. Most of the time, a service will have an IPv4 and v6 stack to make sure that everyone can access the service, except of course if there are no more IPv4 addresses. The problem in having a dual stack network is that it will inevitably slow down the adoption of IPv6, since everyone can still use IPv4 for almost everything. There are projects in place to send IPv4 network traffic over IPv6, but we still have a long way to go. My DNS-server keeps track of what kind of requests I do at home, as you can see only 50% of requests is IPv6.
There are other reasons we are hesitant
There is no NAT
There is no NAT for IPv6. Many people are thinking that this is a big security risk. With IPv4, you don't have a public identifiable IP-address inside your network. The edge-router replaces the internal network address with a public address and keeps track of the translations. With IPv4 and NAT, every device in your network is isolated from the internet. Everything in your network needs to pass trough your main router and there is just one (or more, depends on the size of the network) IP-address for one network. There a network administrator can block outgoing traffic to malicious IP-addresses and can do packet inspection and other security-related stuff, if your router/ firewall supports this. With IPv6, your device itself gets a public routable address. This address is unique per device in the network. Every packet still needs to pass the main edge router at your network. It just does not handle NAT anymore. It is still possible to block incoming traffic to the network as well as do packet inspection on outgoing traffic.
The Human element
We all know, we are humans and we don't like change. Why would we even try to roll out IPv6 further than now, we can access every website since we have a double stack. If a service only uses IPv4, we just use the IPv4 stack and for a service with IPv6, we use the IPv6 stack, it's that simple right? Well of course not! We have so many 'hacks' in place to make IPv4 work with so many devices, this method of working is unbearable.
Why we need to switch
there are in total 4,294,967,296 IPv4 addresses (32 bits), including reserved addresses. The total of public IP-addresses is a bit lower: 3,706,452,992. We are with 7.8 billion people on this planet. When everyone has 2 devices, we would need 15.6 billion IP addresses if we want to give every device a unique address, we are short a good 3 billion addresses. IPv6 is a 128 bit address, so doing the math 2^128 gives us a gigantic number of addresses. These are not all valid addresses and there are are reserved blocks for internal communication, but with this large address-space there are enough addresses to give every device a unique address and have addresses left over to use for future use. In short: We cannot continue to find 'hacks' to keep IPv4 alive. There are just too little addresses for everyone.
I am stoked, tell me more fancy IPv6 stuff!
IPv6 can function without a DHCP server, a device gets its addresses from the router where SLAAC is enabled. With SLAAC, the router will propagate the subnet that a device is in using router advertisements and this device will generate the full address and checks if there is no IP conflict. For privacy reasons (to make it harder to track phones and laptops) the address will change roughly every day and will be generated randomly. The device will stop responding to the old address after a week. The device will also get a DNS server advertised with router advertisements to resolve names in IP addresses (try to remember an IPv6 address). It is still possible to use a DHCPv6 server if you really want to, it is supported with IPv6.
IPsec was originally developed for IPv6 but was re-engineered for IPv4 where it found a widespread deployment. The Authentication Header (AH) and Encapsulating Security Payload header (ESP) are implemented as IPv6 extensions headers
IPv6 header is easier
Many rarely used fields have been moved to optional header extensions. Because of this, routers can simplify the the forwarding process. I hear you thinking, the forwarding process is easier but how can this be faster? The packet is at least double the size then IPv4?! Well, the IPv6 header does not include a checksum which needs to be recalculated every time the TTl is reduced by 1. IPv6 relies more on the end-to-end internet design (there is no NAT, so more end-to-end, yay!). Here the sender and receiver will do the most processing with error-detection in higher-layer protocols, like TCP. This means that there is less processing time wasted when the packet is travelling.
The transmission of a packet to multiple destinations in a single send-operation is a part of the IPv6 specification. In IPv4 this is an optional feature which is commonly implemented.
IPv6 does not implement a traditional IP broadcast. To achieve the same goal, IPv6 sends a packet to the link-local all-nodes multicast group:
Different kinds of addresses
To conclude, there are 3 different kinds of addresses. A device can have more than one IPv6 address unlike IPv4 whom can just have one IP address.
The first address I want to cover is the Global Unicast address. This address is the equivalent to a public IPv4 address. These addresses are globally identifiable and uniquely addressable.
This address exists out of 3 parts. The Global routing prefix exists out of the 48 most significant bits. The three most significant bits out of this prefix are always
001. The subnet ID exists out of 16 bits and indicates the subnet. The last 64 bits are generated by the device itself trough SLAAC.
These addresses are used for communication on a link only. These addresses are not routable.
The address-block for these addresses is:
The last 64 bits is reserved for the interface ID, the device will also generate these 64 bits itself and check if there are no conflicts.
This IPv6 address is globally unique but is only used in internal communication. The address-block for this type of addresses is:
This last picture gives a nice overview how the IPv6 address-space works.
What can I, myself do?
Check if you have IPv6 from your ISP, you can check this with going to https://ipv6.google.com. This is just Google but it only works with IPv6. If you don't have IPv6, ask your ISP about it, play with it and learn how it works! If you are managing a business/ service, see what you can do to implement IPv6 in the workflow!
I hope you had a good read about the state of IPv6 in 2020.