IPv6 to the rescue!

Intrinsec recently implemented a functional IPv6 infrastructure; to further this goal, I am working on IPv6 security and its integration into our audit and penetration testing services. This first article focuses on presenting the main differences between IPv4 and IPv6.

The number of IPv4 addresses still available was estimated at fewer than 10% at the end of January, according to the NRO (Number Resource Organization). This address shortage should accelerate the adoption of the new generation of the internet protocol, which offers several improvements: a large address space, required IPsec support, and improved quality of service management.

IPv6 should thus meet the strong demand from emerging countries, particularly in Asia where the internet market has enormous potential, boosted by mobile telephony and 3G. Indeed, the number of 3G subscriptions in Asia-Pacific is expected to reach 561% of global subscriptions in 2013, according to [source missing]. RNCOS, which would represent an average annual growth rate of 13% (CAGR*).

The table below summarizes the main differences between IPv4 and IPv6:

 

IPv4	IPv6
Length of an address: 32-bit (4 bytes). Total 4.3 × 109 addresses	128 bits (16 bytes) Total of 3.4 × 1038  addresses
Support for’IPsec optional	Support for’IPsec required
Using addresses of broadcastto communicate with all the nodes of a subnetwork	No more broadcasts. Using an address multicast ‘'all stations' having a defined range: (FF02::1 for local scope/ FF05::1 (for local site coverage…)
Fragmentation which can be carried out by the station source of the package or by the router	Fragmentation carried out by the sourceof the package only. Performance improvement of the routers.
Manual address configuration or via a DHCP server	Manual configuration, DHCPv6 or autoconfiguration possible (will be the subject of an upcoming article!)
ARP broadcasts for resolving IP addresses to lower layer physical addresses	NDP (Neighbor Discovery Protocol): Multicasts for resolving IP addresses to physical addresses
IP address public / IP addressprivate	Each address has a scope defined: local, site-local, global… (an interface can have multiple addresses)

 

 

* CAGR = (Final value/Initial value)^1/number of years – 1

 

 

Read also:

• http://infogerance.intrinsec.com/2009/07/compatibilite-ipv6-des-infrastructures-cloud-intrinsec.html
• http://lab.intrinsec.com/2009/07/ipv6—on-arrete-de-jouer-c.html
• http://lab.intrinsec.com/2009/10/www6intrinseccom-en-ligne.html