Every network-connected device—including the one you’re reading this on—has a unique identifier on the network. Back in the 80s (when computers became a common household device), every device was assigned a unique internet protocol (IP) address. This address would identify the source or destination address for data communications in the TCP/IP stack.
The first type of IP address was developed in 1981, and is known as “IPv4,” or “Internet Protocol Version 4”. Because of the way IPv4 addresses were created (we’ll go over this in a moment), there can only be 4.3 billion total unique IP addresses. Fast forward to 2015, and we’re officially beyond that point. With over 7 billion people on the planet, and more than 2 billion of them connected to the internet, you can imagine how quickly these IP addresses were swept up.
Eventually when it became obvious that IPv4 addresses were going to run out quickly, the concept of Network Address Translation (NAT) was introduced. This is why most devices on a home network have a "192.168.X.X" address. The router has an IPv4, but assigns a “fake” NAT address to all the devices on the local network.
Then roughly 20 years ago, the Internet Engineering Task Force (IETF)—a non-profit organization tasked with creating new internet technologies—came up with a better solution to this problem: Internet Protocol Version 6 (IPv6). The first IPv6 address was put into place in 2008, and they have been slowly integrating these new protocols ever since.
It’s been established that IPv6 isn’t a brand new concept—so why are we talking about it? Well, many people don’t understand it, or what it means for the future of their organization. To address this, we’re writing a three-part series on IPv6, and this introduction acts as the first installment.
What Is IPv4?
Every IPv4 address is 32 bits long. An example is:
Each of these sets of numbers, known as dot-decimal notation, is a number from 0-256. Each of those dot-decimal notations is made up of 8 bits—represented by a series of zeros and ones. For instance, “132” is represented by “100001002.” So, in total, you end up with an IP address that is 32 bits, or 232. You can only have this combination 4.3 billion unique ways before every possibility has been exhausted, as mentioned above. That’s where IPv6 comes in.
What Is IPv6?
An IPv6 address has 128 bits, like in this example:
This address has eight hexadecimal groups of four. So, when broken down like above, you’ll end up with an IP address of 128 bits, or 2128. There’s no easy way to express how many possible unique IP addresses this system can create, but it is somewhere around 340 trillion, trillion, trillion! Information from the IETF (and common sense) tells us that the world won’t be running out of IP addresses using IPv6 anytime soon—or maybe ever.
This is made up of three parts:
- A routing or network prefix. This prefix makes up the first 48 bits. One of the things that IPv6 improved was the ability to set new IP addresses without having to reconfigure a device or network. Network prefixes can expire, allowing administrators to set new ones. This makes renumbering much easier, as it was almost impossible with IPv4.
- A subnet ID. This section of the address is made up of the next 16 bits. It acts as a way to distinguish the network from the host.
- An interface or device identifier. This is the final 64 bits in an IPv6 address, and is used to distinguish the device itself.
Keep in mind that you can condense the address using the following two steps:
- If you have a block of four zeros followed by a colon, you can drop the three zeros before the colon to condense the address. You’ll see this written as dropping “leading zeros.”
- You can condense groups of adjacent zeros together by putting two colons together (i.e., ::). So, in the example above, the address would become: “2001:0DB8:AC10: FE01::”
What Sets IPv6 Apart
One of the main things that makes IPv6 addresses unique is that they can be created automatically by your host, from your system’s media access control (MAC) network.
This means that the unique address needed for routing on the internet can be "self-generated" by the hardware-specific address the device was given when it was made. This is important, because it eliminates both Network Address Translation (NAT)—i.e., hiding a bunch of devices behind one internet address—and Dynamic Host Control Protocol (DHCP), which is the process for assigning the NAT addresses. Many people in network security falsely assume that firewalls are better with NAT and DHCP. This simply isn’t the case, because the gateway still assigns the routing prefix, and handles the LAN to WAN interface, where the firewall sits anyways.
IPv6 is certainly the future of internet protocol addresses, and will eventually take over, but it’s going to be a slow process. There is a great deal of legacy hardware out there that still uses IPv4—in fact, most of the internet is still running on this protocol. Routing for IPv4 will most likely be supported for the next 20 years, or longer. That aside, your organization needs to be prepared and optimized for handling both IPv4 and IPv6 as the latter becomes more regularly adopted.