Even though IPv6 has been around since the late 1990s and is now actively used on the Internet, I still meet people who are just beginning to learn about IPv6. Myself and others at the Infoblox IPv6 Center of Excellence (COE) have been teaching IPv6 for well over a decade. Recently at Cisco Live, Ed Horley and I, along with our friends Tim Martin, Denise Fishburne, and Jim Bailey, presented the TECRST-2166 “An Immersive Journey into IPv6”. In our class, there was a broad spectrum of IPv6 expertise, from those who have it deployed who want to learn deep technical details, to those who had never attended an IPv6 class before.
We are often surprised when someone asks a very fundamental question about IPv6. Having worked with IPv6 for so many years, we take for granted how we ourselves originally learned about IPv6 and the basic questions that we asked at first.
The Infoblox IPv6 COE has started to offer podcasts (Podcast #1, Podcast #2). If these were more like a live broadcast call-in radio show, we would likely be receiving some of these questions. We thought it would be beneficial to compile some of the basic questions we are often asked and our typical responses and resources we reference.
Do I need to migrate completely to IPv6?
When people are first learning about IPv6, they are often confused about how multi-protocol environments work. We have operated in an IPv4-only environment for so long, we have forgotten those days long ago when our networks ran AppleTalk, IPX, and IP side-by-side. Some people get the false impression that you must completely switch directly from IPv4 to IPv6.
It would be infeasible to switch the entire Internet and all private networks to using a new protocol all at the exact same time. That is why the dual-stack transition strategy is the dominant IPv6 deployment plan. We will make our networks and hosts “bilingual” so that they have the option to communicate with other systems. Applications will choose the best protocol for a given session based on what the end nodes can support. Over time, IPv6 takes over as the dominant protocol.
Can an IPv4 host communicate with an IPv6 host?
For two nodes to communicate they must support one common protocol. While IPv4 and IPv6 have many common traits, they are completely separate network-layer protocols with different addressing and packet header formats. Therefore, an IPv4-only node cannot communicate with an IPv6-only node. Following is a table that illustrates if nodes can communication and shows why the dual-protocol strategy provides the most options for communication.
In the spirit of full disclosure, there are other transition methods that allow for translation between the IPv4 and IPv6 protocols. However, translation technologies often have side-effects that may not agree with all applications. Techniques like NAT64/DNS64 (see RFC 6144), MAP-T (RFC 7599) and 464XLAT (RFC 6877) are among those frequently used by service providers to connect IPv6-only subscribers to the IPv4 Internet and for offering IPv4 as a Service. You can think of these as bilingual on-demand language translators that an organization like the United Nations might use for their meetings. They are pretty good, accurate most of the time but there are always going to be cases where the translation doesn’t work and having a conversation in a native language is going to be the better way to communicate.
Which web sites use IPv6?
There are now numerous web sites that are connected using IPv6. If you are looking for a web site to test your IPv6 connectivity to or just curious about which sites you may already be visiting over IPv6 transport, there are many to choose from. The most popular IPv6-connected web sites are Google.com, YouTube.com, LinkedIn.com, Facebook.com, Instagram.com, Wikipedia.com, Netflix.com, Blogspot.com, Apple.com, among many others.
Hurricane Electric’s Global IPv6 Deployment Progress Report, by Mike Leber, provides statistics on the current state of IPv6 adoption. Their measurements show that of the Alexa 1M raw domains, 119,435 have direct IPv6 addresses (~12%) and of the Alexa 1M using www, 136,409 have IPv6 (~14%).
The Alexa one million has now changed to be the top 500 sites. Dan Wing has also created a site that is updated daily that shows the percentage of these top sites that use IPv6 and currently the percentage of sites with an AAAA DNS record is over 21%.
The World IPv6 Launch site is a great resource to find out which organizations are extensively using IPv6.
We must also mention that there are still a few popular web sites that are not yet using IPv6. Those include twitter.com, wordpress.org, pinterest.com, among others.
How does a computer choose whether to use IPv4 or IPv6?
The choice of which network-layer protocol to use for connections depends on the connectivity between two hosts, the host operating systems and the application’s connection algorithm. In the above-mentioned situation where both end nodes are dual-stack, the network between them is dual-protocol (and there are fully-functional dual-protocol DNS servers able to handle IPv4 and IPv6 address queries) then the operating system and the application get to decide. The DNS response to a DNS query is the trigger that indicates to an application that the destination has an IPv6 address. The next step is to verify that IPv6 end-to-end connectivity exists.
One of the most popular algorithms for determine which IP version to use is Happy Eyeballs (RFC 6555). This is implemented in Chrome browser and other applications. However, Microsoft operating systems use their Network Connectivity Status Indicator (NCSI) method, and Apple products implement these algorithms in the OS rather than in the applications.
Depending on how the application is written and if there is robust IPv6 connectivity, it is possible that IPv6 performs better than IPv4 (part 1, part 2). In these situations, end-user-experience would be best when using IPv6 for the transport.
Where do I get my IPv6 addresses and how much should I get?
To properly answer this one, we’ll separate this question into its two distinct parts.
The first part of the question can be answered by contacting either your Regional Internet Registry (RIR) that services your local continent or your upstream Internet Service Provider (ISP). If you use Border Gateway Protocol (BGP) and are multi-homed to the Internet, then you likely meet the requirements of a direct allocation of Provider-Independent (PI) IPv6 addresses from your RIR. However, if you are using a single ISP for Internet connectivity then you may request Provider-Assigned (PA) IPv6 addresses directly from your ISP. Each RIR has their own policies and procedures for requesting IPv6 address resources. For example, in the North American region, the American Registry for Internet Numbers (ARIN.net) has some great resources to help you make your IPv6 address request.
The amount of address space to request from an ISP or an RIR depends on the size of your organization. If you are requesting PA IPv6 addresses from your ISP, then they will likely allocate your organization a /48 prefix from their IPv6 block. If you qualify for a PI IPv6 allocation from your RIR, then the RIR’s policies may state that a /48 is the smallest allocation you will receive. You may be able to receive a /48 for each of your sites, depending on the RIR’s policies, such as ARIN’s Number Resource Policy Manual (NRPM).
Putting together an IPv6 addressing plan will help you determine how much IPv6 address space to request and what to do with it once you receive your allocation. Infoblox’s free 6Map utility is a good place to get an initial idea of how IPv6 address allocations are carved up. For more information on IPv6 Address Planning, please consult this fine manuscript on the subject.
Can I simply use IPv6 Unique Local Addresses (ULA) and NAT?
Some people have a difficult time overcoming the legacy thinking that NAT is a security feature. Because organizations have relied on stateful firewalls performing NAT for IPv4, they get the impression that these two functions are inseparable. These people get the impression that they must use these same perimeter network functions with IPv6. The reality is that IPv6 offers an abundance of addresses and there is no reason to use NAT to handle any addressing shortage.
Furthermore, there really isn’t NAT for IPv6 in the way you use NAT for IPv4 today. Today you are likely using Port Address Translation (PAT) where you overload a single IPv4 address on the external interface of your perimeter firewall. The firewall translates the internal host’s IPv4 address and the source TCP/UDP port number to a new source port and the firewall maintains a state table of these translation. There is no equivalent of this function in IPv6. In other words, there is no official IETF RFC for NAT66 for IPv6. However, there does exist an IETF standard for Network Prefix Translation (NPT) (RFC 6296), but it doesn’t perform PAT, but rather 1:1 stateless mapping.
There is a useful IETF RFC 4864 titled “Local Network Protection for IPv6” that delves into all the reasons that you do not need NAT for IPv6.
When people first learn about Unique Local IPv6 Unicast Addresses (RFC 4193), they get the impression that it is required to use these for their IPv6 deployment in the same way they use RFC 1918 IPv4 addresses for their internal private networks. The preference is for all organization to use global IPv6 addresses (e.g. 2000::/3) and sparingly use ULA only for specific isolated networks. If you still aren’t convinced, then I refer you to read “3 Ways to Ruin Your Future Network with IPv6 Unique Local Addresses” (Part 1 and Part 2).
As the adage goes “there’s no such thing as a stupid question.” Rather, the stupid behavior is to not seek out knowledge and fail to ask the important questions.
We hope that these fundamental questions and answers helped you understand some key concepts of IPv6. If you are new to IPv6, a great book that you might like is the latest edition of Rick Graziani’s book “IPv6 Fundamentals: A Straightforward Approach to Understanding IPv6, 2nd Edition”.
If you have been reading Infoblox COE blogs and attending their web seminars and listening to their podcasts for the past five years, then you already know the basics and are well on your way to successful IPv6 adoption. If you have a question about IPv6, regardless of now “newbie” you think it might be, please ask it and we will work to get you the information you need.
This post originally appeared on Infoblox community: https://community.infoblox.com/t5/IPv6-CoE-Blog/Common-IPv6-Newbie-Questions/ba-p/10337
Scott Hogg is the Chief Technology Officer (CTO) for GTRI.