Through the thorns to IPv6

This year, the tenth anniversary has passed quietly and imperceptibly

International IPv6 Day

… This event was more of a diagnostic nature of the readiness to launch and transition to IPv6 on a scale of the Internet. A year later, a more active and pompous

event

, which can be taken as a starting point and the beginning of a new era of global computer networks.


IPv6 launch day emblem.

Despite all these days and anniversaries, in practical terms, not much has been done for a full-fledged global transition to IPv6 and ditching IPv4. The infrastructure of the Internet mostly already supports and uses IPv6. So, all DNS root servers and, with a few exceptions, all top-level domains (TLDs) can work with IPv6. Their share is 98.4% according to the report… The same applies to autonomous systems (AS), as well as Tier-1 and Tier-2 operators.

However, many enterprises still operate on the old protocol, not only on internal channels, but also on the periphery. Fortune 500 companies are stuck somewhere halfway in the transition to the new standard. According to latest research The DNS Institute 270 Fortune 500 companies had at least one domain that was not responding to queries over IPv6. In addition, about 57% of domains did not contain all of the nameservers available for IPv6.

Meanwhile, postponing the transition to a new protocol is fraught with increased costs for companies. In particular, capital and operating expenses, a․k․a․ CAPEX and OPEX will increase over time due to the rising cost of solutions such as Carrier-Grade-NAT and Large-Scale-NAT. In addition, the baud rate in certain scenarios higher on IPv6 connections. In the same presentation, Paul Saab of Facebook said that one of the key barriers to IPv6 adoption is that Java code is often written exclusively to use IPv4.

Where does this performance gain come from? In theory, this can be understood by looking at the structure of the two protocols. For such a comparison, it comes in handy utility with a self-explanatory title:

|12:09:41|admin@redeye:[~]> protocol ip
 0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Version|  IHL  |Type of Service|          Total Length         |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|         Identification        |Flags|     Fragment Offset     |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|  Time to Live |    Protocol   |        Header Checksum        |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                         Source Address                        |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                      Destination Address                      |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                    Options                    |    Padding    |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

|12:09:45|admin@redeye:[~]> protocol ipv6
 0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Version| Traffic Class |               Flow Label              |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|         Payload Length        |  Next Header  |   Hop Limit   |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                                                               |
+                                                               +
|                                                               |
+                         Source Address                        +
|                                                               |
+                                                               +
|                                                               |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                                                               |
+                                                               +
|                                                               |
+                       Destination Address                     +
|                                                               |
+                                                               +
|                                                               |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

A quick look shows that IPv6 lacks some IPv4 fields, for example:

Header Checksum

,

Padding

and

Protocol

… Calculating the checksum of a packet on the network equipment takes a certain amount of time, and together with Network Address Translation, the calculation is performed twice. Since the number of IPv6 addresses is huge – 2128, there is no need for NAT. The rest of the improvements in the new standard may simplify the work of network engineers, but are unlikely to affect the data transfer rate.

Convert MAC address to Interface ID.

Other advantages of the new standard include ease of network configuration, as IPv6 supports automatic network address configuration. A node can create its own IP address by converting the MAC address to Extended Universal Identifier (EUI) format and writing it to the 64-bit interface identifier prefix. No broadcast ARP packets, DHCP optional.

Sometimes the benefits of IPv6 are mistakenly attributed to the higher level of security compared to IPv4 at the OSI network layer. A source of confusion may be the fact that IPSEC is part of the specifications of the new standard. Despite this, the presence of the IPSEC protocol not a prerequisite implementation of IPv6 connections.

To some extent, the widespread use of IPv6 addressing on the internal network could reduce the likelihood of scanning TCP / UPD ports, but for this the addressing scheme must be random and not have a DNS entry. However, the same condition makes the use of such addressing extremely inconvenient for system administration. In addition, the presence of IPv4 addresses negates even these advantages.

▍ The champions of IPv6 adoption

In the above event

World IPv6 Launch

large providers and IT companies took part:

  • Akamai
  • AT&T
  • Cisco
  • Comcast
  • D-Link
  • Facebook
  • Free Telecom
  • Google
  • Internode
  • KDDI
  • Limelight
  • Microsoft Bing
  • Time warner cable
  • XS4ALL
  • Yahoo!
Comcast IPv6 timeline.

Of these companies, some Tier-1 operators are quite successful in transitioning to new technologies.

T-Mobile’s IPv6 rollout timeline in the United States.

Behind the scenes of graphs with indicators going to the mountains, there remains a huge amount of painstaking work on replacing and setting up network and server equipment. The companies also had to modernize their subscriber access networks. In the case of Comcast, a large number of CMTS, while T-Mobile replaced 4G mobile systems.

▍ Russian realities

Not all countries have made the same progress towards implementing the new protocol. No one has yet a unified and accurate register of all IP addresses on all devices, but the statistics of the largest Internet companies may serve as some approximation. You can use the service

Google IPv6

for a quick acquaintance with the layout by country and IP version. The world champion in this category is India, where at the moment more than 62% of all connections to Google services use IPv6.

On the European continent, Germany (over 50%) and Greece (about 48%) are in the lead. Notably, there is no direct link between GDP per capita and IPv6 penetration. In Spain and Italy, the indicators are worse than in Russia. The founders of the Internet in the United States fulfilled their plan less than half (almost 46%).

World map of IPv6 implementation of Google statistics.

Approximately the same picture can be seen on Akamai charts… The same countries are among the leaders and outsiders in the implementation of the new protocol. It’s high time to ask the question why the transition to IPv6 is slowing down in Russia?

Akamai statistics IPv6 implementation world map.

The locomotive of the transition to the new protocol, in addition to government agencies, should be the largest telephony operators and Internet providers, which in the Russian Federation have begun to coincide for some time now. In addition, the giants of the domestic IT must have been among the pioneers. At one time, many wishes were expressed, but in practical terms, very little has been done so far.

MTS announced the transition to a new network protocol back in June 2017. service is available in most of Russia, and from 20.04.2020, Internet over IPv6 is provided automatically. However, such a connection will contain restrictions on well-known TCP / UDP ports, in order to get rid of them, you need to connect to the IPv6 + service. Lentel connects according to the new protocol of residents of St. Petersburg and the Leningrad region. Some regional ISPs only provide IPv6 connectivity in test mode.

As for the largest Internet resources of the Runet, not everything is rosy here either. Of the top ten, only support IPv6. Checking with a command from the bind-utils suite, for example:

|11:15:00|admin@redeye:[~]> host example.com
example.com has address 93.184.216.34
example.com has IPv6 address 2606:2800:220:1:248:1893:25c8:1946
example.com mail is handled by 0 .

and we see that

example.com

has an IPv6 address in the DNS database. Now the same for the Russian top internet resources:

So what is hindering the accelerated transition of Russian companies to the new IP protocol standard?

  1. High cost. Perhaps this is the main reason, because a huge number of switches and routers, originally designed only for IPv4, need to be replaced. You need to allocate a budget to replace all this, you also need to provide a justification for the replacement: and so, everything works.
  2. NAT saves. NAT is almost universally used, and everyone is so used to it that they even perceive it as part of the security architecture of the IT environment, although it is not. One of the challenges of moving to IPv6 will be replacing corporate NAT addressing with the new standards with direct TCP / IP connections.
  3. I’ll wait for the others. It is beneficial to switch to new standards not from the very beginning, but when the majority have already switched to it. This is true for one particular company, but for the industry as a whole, it is a dead end road. The instigators of the change are industry leaders, but so far Russians are being cautious.
  4. Censorship. The government of the Russian Federation, represented by the RKN, has not yet abandoned the dubious, in every sense, practice of introducing restrictions on access to Internet resources, on the contrary, new initiatives appear every day. The widespread adoption of IPv6 addressing and routing will complicate the work of Internet censors, and it is reasonable to assume that the state ․ the authorities, at least, will not be contributing to an accelerated transition to the new standard anytime soon.
  5. Complexity. The transition of an organization to a new protocol is troublesome. The lack of backward compatibility between IPv6 and IPv4 creates many problems. In a large company, such a transition can take more than one year and it is necessary that business processes are not interrupted all this time.

▍ Results and forecast

Despite its considerable age and undoubted advantages, both for users and for Internet service providers, the IPv6 standard has not yet become a ubiquitous phenomenon on our computing devices. In the past few years, however, the pace of growth has accelerated and in some countries the transition is proceeding without delay and will soon be completed. In Russia, for a number of reasons, the rate of spread is still low. Apart from Yandex, few people have started translating internal services and resources to IPv6.

Despite industry momentum and latent opposition from regulators, the situation will slowly but surely move towards the continuous substitution of IPv4 for IPv6. The process will propagate from the outer perimeter of the largest ISPs, DNS servers, firewalls and security devices to the internal structures and the level of user access. With the accumulation of experience and training of relevant personnel in consulting the largest system integrators, the pace of transition will grow.

Additional materials:

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *