January 9th 2002 Mauro Tortonesi Deep Space 6

mauro@deepspace6.net

This article is a brief introduction to the new IPv6 protocol. As everyone of you knows, TCP/IP is the communication protocol of the Internet. To be precise, TCP/IP is a suite of protocols. The TCP (Transmission Control Protocol) provides a reliable bidirectional connection between two hosts, using the communication facilities provided by the IP (Internet Protocol). In fact, IP is a network layer protocol and its task is to deliver packets of data from a source host to a destination host. IPv6 is the new version of the Internet Protocol, that is meant to replace IPv4 (which is the version currently in use) in a few years. IPv4 has been used since the Internet was born and has worked very well until now, but it has many serious limits that IPv6 has been designed to overcome. As you may guess, there have been many changes from the definition of the IPv4 protocol to the one of the IPv6 protocol. First of all, IPv6 provides a larger address space than IPv4. As many of you know, IPv4 supports about 2.000.000.000 addresses. You may think that such a large number of addresses should be more than enough for the actual size of the Internet. This is partly true. In fact, until recent times, IPv4 addresses have only been allocated in blocks of 254, 65534 or 16777214. This has lead to an enormous waste of usable addresses, since many organizations have been forced to ask many more addresses than the ones they really needed. The waste of IPv4 addresses has been of such an order of magnitude that the whole address space will be soon completely exhausted. Now the IETF has developed a wiser address allocation policy: CIDR (Classless Inter-Domain Routing). However, while CIDR has been designed to achieve the minimum waste of the remained IPv4 addresses and to minimize the growth of the routing tables (due to the non-hierarchical organization of the IPv4 address space), it does not solve the problem of the upcoming exhaustion of the IPv4 address space. Here comes IPv6: it provides more than a billion of billions addresses per square meter on the Earth! Besides, IPv6 uses a CIDR-style architecture for address allocation that prevents a big waste of addresses and an uncontrolled growth of the routing tables. So, while CIDR partly addresses the problem, IPv6 represents the long-term solution. Furthermore, IPv6 has been designed to satisfy the growing need of security experienced by the Internet community. The authentication header mechanism allows the receiver to be reasonably sure about the origin of the data, and the IPSEC privacy facilities provide end-to-end encryption of data at the network layer. IP spoofing attacks and eavesdropping of data will be much more difficult in the Internet of the next millennium. However, as Wietse Venema points out, network-level encryption poses new security problems. In fact decryption puts a considerable overhead on the CPU and this may eventually leave the host more vulnerable to flooding-type DoS attacks. To reduce these risk, a careful implementation of the networking protocols is required. Moreover, IPv6 has many improvements for mobile networking and real-time communication. In particular, unlike IPv4, IPv6 has robust autoconfiguration capabilities that simplify the system administration of mobile hosts and LANs. Although IPv6 is superior to IPv4 in everything, it is a common opinion that the transition from IPv4 to IPv6 will be long (perhaps more than a decade) and difficult. In fact, many organizations have made an enourmous investment in IPv4 technology and are not ready nor willing to speed up the transition yet. IPv4 is a well-known, and thoroughly-tested technology; its reliability and its widespread use represent a major slowing-factor in the development of IPv6. Today, there are only a few working IPv6 implementations. The most complete seems to be the *BSD one from the Kame Project. For a precise point on Linux IPv6 compliance visit Peter Bieringer's pages. Although Linux is a bit late on his *BSD cousins, we really hope that our modest effort may contribute to speed up the porting process of old IPv4 software to IPv6 and the development of a fully IPv6-enabled Linux distribution.