IPv6 – Making the Internet End-to-End Addressable Again
dotmagazine speaks to Klaus Landefeld from the eco Association about why IPv6 adoption is so slow, and why it's imperative for IoT.
dotmagazine: What are the main differences between IPv4 and IPv6?
KLAUS LANDEFELD: The main difference between IPv6 and IPv4 is that v6 is just the opposite of being address constrained. This means that your carrier will typically give you a whole prefix to use at home, so that each device can have its own global unique address which can be accessed – if you allow it in your firewall – even from the outside. You can talk to your sensors, talk to your heating system, you can access all the data you hold at home even from the outside while you're on the road. Individually. Which is very difficult nowadays with v4, if even remotely possible given the scarcity of v4 addresses.
In principle, what IPv6 allows is a global IoT population of tens of billions of devices to be able to talk to each other, in theory without limitation on the number of devices. It doesn't matter if it's 20 billion or 50 billion: the amount of IPv6 address space is so huge that each and every conceivable device can get its own IPv6 address.
So what the Internet was originally supposed to be – which is end-to-end addressable – can become a reality again. With v4, there are just 4 billion theoretical addresses, and the actual amount of usable space – given that some space is still blocked and there is unusable space, reserved space and so on – is something close to 2.5 billion which can actually be used. Compare that to the population of Internet devices today, which is about ten times that amount. So of course it's not working anymore with v4, and there is a growing number of workarounds in use today. If we switch this over to v6 – which we desperately need to do – then this becomes viable again. And I think that's really the imperative for encouraging IPv6 adoption.
dot: Why is IPv6 adoption so slow?
LANDEFELD: For the network administrator, IPv6 is quite a bit harder to administer. You'll really have to work with it for a while and get used to it, and it is a bit obscure because IPv6 has a lot of options which were put in there to make things easier, at least in theory. Take local addresses with only a local scope, auto-configuration, router advertisements to configure your devices, etc. – most are just too complex or require a different thinking than the classical v4 deployment.
I am quite positive that the transition would have been completed 10 years ago if v6 had just been v4 with a broader address field – in other words, if aside from the extended address field, we were just to use the same systems and methods and everything that we used in the past. As it stands, you have to have more knowledge, you need additional firewall rules, and you need to have special protocols deployed in order to make it work. While individually these might be great features, it's always a hassle for a transition. This is why a lot of network administrators are not eager to adopt it, and are not really working with it. It goes without saying that this hinders acceptance.
Because of this reluctance and a lack of know-how, it's still not default nowadays. Funnily enough, this is primarily the case with home routers. If you look at local devices – mobile phones, notebooks, tablets, and so on – every single one of these support IPv6 natively. If IPv6 is available on the network, they will get themselves a v6 address and will use it not only as default, but as the preferred address. Only if they cannot access a host through v6 will they then use v4.
So what's the problem then? Typically all home routers nowadays will support v6 if you look under the hood – because almost without exception, they're all running on Linux, which has native support for v6. If you have an appropriate front end, if your web interface supports it and enables it and if it's enabled in the operating system, they will support IPv6. But although most home routers nowadays do support it, it's typically disabled by default.
This has a lot to do with firewall rules; with the question of how to secure the network. And due to the lack of know-how amongst users – and even a lack of know-how in the support hotlines of the carriers – most administrators don't want it enabled by default. Period. In most access networks today, it's as simple as switching it on in your home router to get an IPv6 address assigned from your carrier and simply use it. However, the rate of home users doing this is negligible – around five to ten percent. If, as a carrier, you advertise the option of IPv6 to your customers by sending informational emails or letters to your customers explaining that they can simply switch it on – and yes, I’ve tried it, challenging “Why not just give it a try??” – then you have a jump in usage for a couple of weeks, but with the next system update on the router, where it's no longer enabled by default, it's gone again.
So it's really a question of local devices. It's typically just one click, one checkbox somewhere in the configuration options and you will have IPv6 enabled in your home network. This is really what is needed – for the default configuration to be “on”. And I am quite sure that then we'll have a very quick, permanent jump in adoption. I don't know of a single major Internet service that does not support v6 and will be accessed via v6 once it is enabled at the user side. It's typically smaller companies which might not have this support today, but that's not a problem, as IPv4 will be available in parallel. So you can use the major services and the major networks you're talking to over v6, and use v4 as a fall back for the time being.
dot: What has been done recently to improve adoption rates for IPv6?
LANDEFELD: Well, that's really the kicker. As I said, it needs to become the default protocol and a lot of user interfaces have become v6-capable by now. Looking at the home router again, we face the question of whether, in the web interface, we have a page where we can say: What about v6? What are my supported options? How can I configure a local prefix? Can I get this delegated from my carrier? Can I simply assume a prefix? Can I derive a prefix from my v4 address? Things like that. That was typically missing, or it wasn't possible to enter the required configuration. But this has now become possible in a lot of the more recent models of routers.
Historically there were also some services, demons, etc., which did not support v6. Most of at least the public domain servers have v6 support now. There have been a significant number of changes and adoptions in the last 10 years, so there really is no reason not to enable v6 today.
It's more a question of a lack of awareness and a lack of urgency – the realization that it makes sense to enable v6. But that's on the supplier side – as in, people offering an online service.
dot: Can you envisage any kind of positive incentive for IPv6 adoption?
LANDEFELD: The best incentive is a lack of reachability, both in- and outbound. On the operator side, in Asia – more specifically Japan – there are already a significant number of web services which are exclusively available via IPv6, and this number will quickly grow and be adopted in other regions of the world very soon.
More and more inbound services will no longer work for your home account using traditional v4, and that's different with v6. With v6 you typically have a globally routed address, and you can have the full range of inbound services. So if you have a home gateway, and if you want to access your home router data that you have stored at home, if you want to access data stored at home on your hard drive rather than in the cloud while you’re on the road, that's all possible again with v6. You can also have individual devices within your home network addressable from the outside, which I believe will become very important again in the future.
This is where we come back to the topic of IoT. In IoT, v6 adoption rates are not as high as with other devices yet. This has to do with the fact that a lot of them are very limited in their resources, they have very low-powered CPUs, and not much thought has been given to the design of their user interfaces. Again, these devices almost exclusively run on Linux as an operating system, so in theory they can do v6. But the web interface needs to support it as well, and we need configuration – if you cannot enter a v6 address, or you cannot at least find out from the web frontend which v6 address is used, then you cannot really use it as an IPv6 device.
With IoT, it's really a problem that the developers of the software for the IoT devices need to be v6-aware, and more often than not, they are not. The majority of IoT devices currently don't have IPv6 support. The high-end ones do, but the low-end ones don't. It is the same problem we see with security in general. If there is just no budget to develop a secure solution, to make a good web frontend, to have a processor which can support it properly because you design it to sell for 15 Euros or so, then don't expect a lot of work on supporting IPv6 either. It's just the same story all over again. You do the bare minimum, and the bare minimum nowadays is still having a web frontend which is accessible over v4 only.
Klaus Landefeld is Vice-Chair of the Board and Director of Infrastructure & Networks at eco – Association of the Internet Industry.
Since 2013, he has served as Chief Executive Officer of nGENn GmbH, a consultancy for broadband Internet access providers in the field of FTTx, xDSL and BWA. He also serves as network safety and security officer as well as data protection officer for several German ISPs.
Before establishing nGENn, Mr. Landefeld held a number of other management positions, including CEO at Mega Access and CTO at Tiscali and World Online. He was also the CEO and founder of Nacamar, one of the first privately-held Internet providers in Germany.
Mr. Landefeld is a member of a number of high-profile committees, including the Supervisory Board of DE-CIX Group AG, and the ATRT committee of the Bundesnetzagentur (BNetzA - German Federal Network Agency).