【CSDN Editor's Note】IPv6 is a globally recognized next-generation Internet business application solution, and the next-generation Internet protocol version developed to solve IPv4 address depletion. At the beginning of this year, developers paid special attention to the development of IPv6 after the giant companies announced a fee for IPv4 as it ran out. The author of this article, Sedat Kapanoglu, is no exception, and although he has known IPv6 for more than two decades, he has been understanding it as "an over-engineered solution designed to address the lack of IPv4 address space."
Recently, he studied the working principle of IPv6 in depth, and found that there is a lot of interesting knowledge that he wants to share with you, and he said that he is not an expert in IPv6 and network engineering, if you are also interested in IPv6, let's see if what the author said is right?
Original link: https://ssg.dev/ipv6-for-the-remotely-interested-af214dd06aa7
Reproduction without permission is prohibited!
作者 | Sedat Kapanoglu 责编 夏萌
译者 | 伍杏玲出品 | CSDN(ID:CSDNnews)
IPv6 vs. IPv4
I've always been confused by the name IPv6 because I feel that the IPv4 name comes from the four bytes it uses to represent 32 bits, so IPv6 should be called IP16. But in reality, this is just the version number of the protocol.
Before IPv4 was introduced, there were IPv1, IPv2, and IPv3, which were mainly used to study IP protocols internally, and were later replaced by what we now call IPv4. In the 80s, there was also a proposal for IPv5 to optimize real-time communication, but after it was discovered that IPv6 could solve the address space problem, the proposal was abandoned, hence the name IPv6, which stands for Internet Protocol version 6. Later attempts were made to create later versions such as IPv7, IPv8, etc., but they were either abandoned or shelved.
Like IPv4, IPv6 has its own addressing scheme, but it uses 128-bit addresses instead of IPv4's 32-bit addresses. The difference between the two protocols is not only reflected in the size of the address space, but also in the unique characteristics of IPv6 compared to IPv4, such as:
IPv6 does not have a subnet mask
IPv6 and IPv4 also support CIDR (Classless Inter-Domain Routing), but from a user's perspective, IPv6 addresses are much simpler: the first half is the global Internet address, and the second half is the local address. This is the recommended way to use IPv6 addresses. When you visit a website that displays an IP address such as WhatismyipWhatever, it will display your IPv6 address in the form of the following:
1111:2222:3333:4444:5555:6666:7777:8888
However, your Internet Service Provider (ISP) only knows that your prefix part is 1111:2222:3333:4444 and assigns this /64 block to you. The remainder of the address is unique to each device in your network. The ISP will only forward all packets starting with 1111:2222:3333:4444 to your router, which will then further deliver the packets to the destination device. So, the second half of the address (5555:6666:7777:8888), which we can call INTERFACE_ID, is unique to your device. This means that every device you own has a unique IPv6 address that can be accessed individually from anywhere in the world because:
IPv6 does not use NAT technology
In fact, there is no public standard specification for Network Address Translation (NAT) for IPv6. Although there is a draft proposal called NAT66, it has not yet been translated into a realistic standard.
The reason why NAT is not required in IPv6 is that theoretically every device on Earth can have a separate, globally accessible address. I was surprised at first, because while we often hate the inconvenience of NAT when playing online games, it gives people a sense of security that your local device will never be directly accessed by the external network unless you explicitly allow it via UPnP or port forwarding.
The brutal truth is that NAT is not a security barrier, it is just an alternative packet forwarding mechanism. By default, your IPv6 router shouldn't be willing to forward connections from outside to the local device. As a result, you get the same level of security in an IPv6 environment, even without using NAT. In fact, with IPv6 addresses, you don't have to go through a router or configure a VPN to access every device on your local network directly: you just need to authenticate.
While IPv6 brings the convenience of assigning a unique IPv6 address to each device, there is also a security-related problem: since each device has a unique address, they can be identified and tracked individually, which poses a threat to our privacy protection. For this purpose, modern operating systems have introduced the concept of a temporary IPv6 address, the INTERFACE_ID of which changes periodically. This way, you can use a permanent IPv6 address to receive external connection requests, and when you establish a connection, you will be presented with a frequently changing second-level temporary address as your IPv6 address.
Let's move on to IPv6 features:
IPv6 addresses are automatically configured
IPv6 does not need to rely on a Dynamic Host Configuration Protocol (DHCP) server or manual network configuration to determine IP addresses, subnet masks, and gateway addresses. A device can obtain an IP address on its own without asking a central server. This process is implemented through a protocol called Stateless Address Autoconfiguration (SLAAC) with the following steps:
- The operating system (specifically the IPv6 stack of the operating system) generates a 64-bit device identifier, usually randomly generated, such as 5555:6666:7777:8888, which forms the INTERFACE_ID part of your IPv6 address.
- The operating system precedes the INTERFACE_ID with fe80, which is an IPv6 network prefix for local use only. So the IPv6 address you get now is: fe80::5555:6666:7777:8888. (Note that the "a::b" syntax here means "there is a segment with all zeros between 'a' and 'b'.") We'll talk more about this later. )
- Your device sends a packet to a designated neighbor multicast group on your local network to ensure that no other device uses the same IPv6 address, which is known as duplicate address detection (DAD). And the chances of being assigned to a duplicate address are slim.
- The device sends the local address it obtains to the router (unlike IPv4, in IPv6, the router can always be reached via the multicast address ff02::2) and requests the actual prefix of the router by sending an RS (Routing Request) ICMPv6 packet. When the router receives the request, it responds with an RA (Route Advertisement) packet and replaces the fe80 with the actual prefix of the reply, and the device then starts using the new address as its permanent address. This is your IPv6 internet address now.
In this way, stateless configuration has the advantage of reducing the management overhead on the router: the router does not need to maintain the IP configuration information for each device in the network separately. This means that this will lead to better performance, especially in large networks.
The "myth" of IPv6
IPv6 also has some exaggerated claims, let's sort out and clarify together:
Your device has only one IPv6 address that can be used everywhere
Indeed, you will use the same IPv6 address for both local and remote connections. However, the statement that "the IP address that dominates the world, the IP address that searches all things" is not accurate. As I mentioned earlier, your device will declare multiple IPv6 addresses for different range purposes, such as link-local (fe80::) and the Internet. In addition, your device may also get two different public IPv6 addresses: a permanent address and a temporary address. Temporary IPv6 addresses are designed to protect your privacy, and they are rotated regularly. Whereas, a permanent IPv6 address is mainly used for servers that must have a static IPv6 address.
An IP address is assigned to each atom in the universe
It's not enough. There are about 2²⁷² atoms in the universe and about 2¹⁶⁶ atoms on Earth, so we need at least 168 bits (octa-aligned) address space to accommodate them. In fact, the address space for IPv6 is slightly less than 128 bits: the first 16 bits are reserved by IANA. Therefore, you can only identify the device with the remaining 112 bits. While that's a lot, far more than all the devices we're likely to build on Earth in the next few thousand years, it doesn't assign a single IP address to every atom. However, we can assign IPv6 addresses to every grain of sand on the planet, and we can even fit them all into a single /64 prefix. In conclusion, the IPv6 address space is extremely large.
Universal connectivity for every device
That's right, IPv6 doesn't have a NAT mechanism, which means that port forwarding or maintenance of address space is no longer necessary. However, if you want to establish a direct connection, there still needs to be a mechanism that allows the remote host to connect to your device. By default, your router/firewall blocks any connection attempts. What would you do?
Just like in the UPnP/IGD era, today's applications still need to work with protocols like PCP (Port Control Protocol) to programmatically open port access. So, it's not like you're suddenly going to be able to get a universal connection with a global + local IPv6 address. While you don't have to manually set up port forwarding, the app still needs to work with the router to make itself accessible.
From what I see, in some cases, IPv6 doesn't even perform as well as IPv4:
IPv6 shortcomings
Some of the features we take for granted in an IPv4 environment may be nostalgic for you when you transition to IPv6, such as:
Rely on ISPs to provide subnetting services
Because IPv6 doesn't use NAT technology, many US ISPs only forward a 64-bit prefix (often called "/64") to your router by default. This means that the router cannot embed subnet information in the IPv6 address. Keep in mind that IPv6 addresses are automatically configured by devices, so routers can't force these devices to use a local address that is less than 64 bits, which makes it impossible for the router to know which subnet to forward packets to.
You'll have to rely on your ISP to provide prefixes shorter than 64 bits so that your router can use the remaining bits to identify which subnet the packet should be destined for. Theoretically, by assigning a 60-bit prefix, ISPs are actually more than capable of providing at least 16 subnets to home users, but for some reason they didn't. Maybe it's because of the psychological trauma of their time of scarcity of IPv4 address space that they became greedy? Or maybe they want to make money by charging extra: "Hey, if you want a shorter prefix, pay us a little more." "As far as I know, both Comcast Xfinity and AT&T offer a simple /64 prefix for home users: a single subnet.
You might say that home users may not need subnetting at all, but with the proliferation of IoT devices and our increasing reliance on network security, the importance of isolating untrusted devices is becoming more and more important. RIPE, the European IP address allocation authority, recommends a 56-bit prefix for residential ISP customers so that each customer gets 256 subnets, which is the most voracious and conservative option proposed in Europe, while in the United States, it is almost an unattainable dream.
Of course, you can manually configure the IPv6 address of each device and give them a subnet identifier in this way, but this can be a huge undertaking, especially given the administrative burden that comes with adding new devices. Do you want to retire and become a manual DHCP server?
IPv6 addresses require additional encoding in the URI
We've probably all tried typing "http://192.168.0.1" into our browser and accessing the router settings. In the URI specification, the ":" character is reserved for the port number, so the IPv6 address cannot be accessed in the same way without additional encoding. If you want to use an IPv6 address to access a web page hosted by a device, you must use the following format: http://[aaaa:bbbb:cccc:dddd:eeee:ffff:1111:2222]/path/?query", note the square brackets on both sides of the address. But that's not the worst part, because:
IPv6 addresses are difficult to remember
Theoretically, we shouldn't remember the IP address, but that's not the case. For IPv6 addresses, I still can't be sure of the addresses I use to reliably and consistently access my routers. Exactly, I can't note down its full IP address. mDNS helps with this, but it's not always stable and effective either.
Hexadecimal numbers are also more complex than decimal numbers. It's as difficult as trying to memorize a Windows XP product activation code.
Remember that IPv4 addresses are a universal skill, and due to the ubiquitous NAT technology, "192.168.1.1" will come in handy in most cases, and we don't need to look it up. Finding the IPv6 address of a router on any device requires different tricks.
On the positive side, now you know that the rightmost 64-bit portion of an IPv6 address is always randomly generated, so at least you can avoid the misconception that it's fixed or meaningful. You could call this part BLABLA instead of INTERFACE_ID. You can remember your /64 prefix and at least find the address of the router, usually something like 1111:2222:3333:4444::1.
IPv6 addresses are complex
Of course, IPv4 addresses are just as complex. Did you know that 2130706433 is a valid IPv4 address? Or to put it another way, 0x7F000001, 0177.0000.0000.0001, and 127.1 are actually the same thing? If not, you can try ping them in the terminal. It's hard to believe, but they're all the same as the address 127.0.0.1.
IPv6 addresses have a similar diversity in their representation. Here are some of its characteristics:
The representation of IPv6 addresses is relatively complex, consisting of 8 hexadecimal groupings, which are called "hextet" (in fact, "hextet" is a misnomer for hexadectet, but it is now conventional). In this way, a similar hexadecimal expression technique may appear:
The zero-value prefix in the IPv6 address is not displayed, so 2600:00ab actually appears as 2600:ab.
As mentioned earlier, if the value of a hexadecimal quadrugram is zero, it can be removed from the address altogether and replaced with a double colon. So, 2600:ab:0:1234:5678:90ab:cdef will appear as 2600:ab::1234:5678:90ab:cdef. See the double colon? It should be noted, however, that this simplification can only be applied to the first set of consecutive zero-value quadrugs in the address. So 2600:ab:0:0:1234:0:0:cdef still shows up as 2600:ab::1234::0:cdef. Also, you can't just simplify a hexadecimal quadruple with a single zero value. Therefore, the zero value in 2600:0:1234:5678:abcd:ef01:2345:6789 remains as it is and is not omitted.
You can specify the region ID: specify which network interface you want to access the address through by adding the "%" suffix and the region ID to the end of the address. For example, when you're connected to the same network via both WiFi and Ethernet, you may want to ping your router over a LAN. In this case, you'll need to append the "%" symbol to the address and add your region ID (i.e., network adapter identifier), e.g. fe80::1%eth0 or fe80::1%3. The problem is that in addition to the square brackets you need to use in the IPv6 URI, you have to escape "%" to "%25" in the browser address bar or anywhere else where you need to use the region ID in the URI.
IPv6 addresses can also be used to represent IPv4 addresses. So, you can ping 127.0.0.1 using the IPv6 address syntax by adding an IPv4 translation prefix to it, and it will be treated as an IPv4 address, i.e. ::ffff:127.0.0.1. But this doesn't mean that your IPv4 requests will travel over the IPv6 network, but rather that the underlying network stack is told to use IPv4 connections. If you choose a prefix different from ::ffff, the IPv4 portion will be merged into the last two hexadecimal bytes and a connection to that IP address will be established over an IPv6 network. For example, the IPv6 address 2600:1000:2000:3000::192.168.1.1 is considered 2600:1000:2000:3000::c0a8:101, where the last two hexadecimal bytes are equivalent to the hexadecimal representation of the IPv4 address 192.168.1.1.
These are valid IPv6 addresses:
:: represents all zeros, i.e. 0:0:0:0:0:0:0:0:0.
2600:: equivalent to 2600:0:0:0:0:0:0:0:0.
::ffff:1.1.1.1 等同于IPv4地址1.1.1.1 。
2607:f8b0:4005:80f::200e is the address I get when I ping google.com, which is equivalent to 2607:f8b0:4005:80f:0:0:0:200e. It can be seen that, like Facebook, Google has chosen the difficult path and decided to manually assign specific INTERFACE_ID to its IPv6 addresses.
Eventually, the IPv6 address entered into the address bar may look like the following artificially constructed example:
https://[542b:b2ae:ed5c:cb5a:e38b:2c49:123:192.168.1.1%25eth3]
I can't remember such a long address.
Through this study, I have a clearer understanding of IPv6 related knowledge. For example, I didn't know that IPv6 addresses are automatically configured via stateless protocols, that there is no NAT technology in IPv6, and that the address space happens to be conveniently divided in half.
I wish we could have a quick IPv6 address pointing to the default gateway, I propose to use fe80::1. The International Internet Engineering Task Force (IETF), consider this proposal!
I remember when Windows 2000 announced support for IPv6, it was a major step forward, and we all thought that IPv6 would be widely adopted in a decade or so. I didn't expect us to be so wrong! However, it was only through learning IPv6 that I understood why the technology was not gaining popularity so quickly.
IPv6 does not provide substantial benefits to end users
Although IPv6 is technologically advanced, IPv4 is simple and practical, and even after NAT (Network Address Translation), and even in multi-layer NAT environments, IPv4 can still operate normally under the conditions of extremely tight address space, cumbersome DHCP configuration, and complex port forwarding. Whenever something goes wrong, someone always finds a solution to keep it working.
Theoretically, IPv6 may have the advantage of lower latency due to the need for NAT, but this improvement is not enough to significantly improve the user experience and make users strongly want to switch to IPv6.
Because IPv6 doesn't bring tangible benefits, users don't ask for it, and are often pushed to IPv6 without their knowledge, just as we now use IPv6 almost by default on mobile networks.
This means that ISPs will switch to IPv6 as soon as they feel the pressure of IPv4 restrictions.
I hope that IPv6 will open up some unique features that IPv4 can't do, so that users can actively demand IPv6 because they want to use these features. Still, I love the IPv6 nature and look forward to the day when we ditch IPv4 altogether and build all our network services around IPv6.
What do developers think?
As the author says at the beginning that he is not an expert in IPv6 and network engineering, after reading his article, some developers put forward their opinions:
According to the developer@9dev the real benefit for the end user is that the entire Internet protocol stack returns to the state of full transparency it deserves. Users shouldn't have to worry about IP addresses anymore; IPv6 enables devices to be truly plug-and-play, that is, devices can obtain addresses and negotiate connections on their own. Ideally, users would never have to worry about this part of the connection again. It is true that IPv6 introduces complexity to network operators, but it is also the complexity that it deserves.
@lxgr After studying this article, there are different opinions on some of the opinions mentioned by the author:
In response to the claim that "IPv6 does not have a subnet mask", he believes that there are definitely subnet masks, but in IPv6 they are called prefix lengths. The /64 prefix is just right for use with SLAAC (Stateless Address Auto-Provisioning).
In response to the claim that IPv6 does not have NAT, IPv4 does not come with a NAT. NAT is a technology that routers can choose to implement, but it is also possible in IPv6. For example, the Linux operating system implements NAT for IPv6, and if you only have one IPv6 address, such as getting one address from your local network and running a virtual machine on your machine, IPv6 NAT may be essential.
This is sometimes true but sometimes not the case for "IPv6 addresses are self-configuring", as well as DHCPv6 and static configurations.
What about the "IPv6 address can't remember" claim? He wasn't interested in remembering IPv4 addresses, phone numbers, etc., anyway.
In response to the statement that "IPv6 is not good for end users", as an end user, he found that IPv6 has brought me many benefits:
- Firewall traversal is more predictable and has a higher success rate than NAT traversal. Services such as VoIP and Tailscale have a much higher success rate than spanning one or more layers of NAT in an IPv6 environment.
- All devices in the home can obtain public addresses, and they can selectively open inbound connections through firewall rules on the router.
- Routing on the mobile network is more straightforward, which reduces latency (IPv4 is often avoided in regions where IPv6 is deployed by the mobile network service provider through a series of expensive and stateful CG-NAT devices).
What are your insights on IPv6? Feel free to leave a comment below.