IPV6 Part 2 – Formats and special addresses
IPV6 Reduced Complexity
IPV6 networking reduces the complexity of address planning and assigning addresses to networks. Instead of using a wide variety of IPV4 subnet lengths, it is best practice to use some standard prefix lengths to simplify things. IPV6 should be a breath of fresh air to those who toil with the scarcity constraints of IPV4 addresses.
With IPV6, it will be common to use a single hex digit to represent some part of your addressing hierarchy. Furthermore, your addressing plan will use common prefix lengths, such as /40, /44, /48, /52, /56, /64. Standardizing some simple prefix lengths will make things easier. Unlike IPV4, you are no longer restricted to allocate an IP subnet with the closest match to the number of hosts you have on that subnet. The de facto IPV6 prefix length is a /64, which allows for plenty of addresses for any sized network.
This addressing simplicity means we may never actually need an IPV6 subnet calculator, as previously thought. With IPV4, a subnet calculator is required because we are using a variety of subnet lengths and striving for maximum host efficiency. With IPV6, using a subnet calculator isn’t even a consideration because we will use the standard /64 prefix length for all networks. This will make using a subnet calculator obsolete when it comes to IPV6.
Dual IP stack implementation
Dual-stack IP implementations provide complete IPV4 and IPV6 protocol stacks on the same network node. This permits dual-stack hosts to participate in IPV6 and IPV4 networks simultaneously. The method is defined in RFC 4213.
Dual-stack configuration is the most desirable IPv6 networking implementation during the transition from IPV4 to IPV6. It avoids the complexities of tunnelling and security considerations, increased latency, management overhead, and a reduced path MTU. However, it is not always possible when outdated network equipment may not support IPV6.
Dual-stack configurations, however, might introduce additional security issues as hosts could be subject to attacks from both IPV4 and IPV6 networks. It has been argued that the dual-stack architecture could ultimately overburden the global networking infrastructure by requiring routers to support IPV4 and IPV6 routing simultaneously.
Dual-stack implementation still requires an IPV4 address on every node. This is limited by IPV4 address exhaustion, one of the main motivations for IPV6 networking. To address this, Dual-stack Lite or DS-Lite was introduced. DS-Lite uses network address translation and tunnelling to encapsulate IPV4 packets in IPV6 transport, then deliver them to their final destination.
IPv4-mapped IPv6 addresses
Hybrid dual-stack IPV6/IPV4 implementations recognize a special class of addresses, the IPV4-mapped IPV6 addresses. These addresses consist of an 80-bit prefix of zeros, the next 16 bits are one, and the remaining, least-significant 32 bits contain the IPV4 address. These addresses are typically written with a 96-bit prefix in the standard IPV6 format. The remaining 32 bits are written in the customary dot-decimal notation of IPv4. For example, ::ffff:184.108.40.206 represents the IPV4 address220.127.116.11. A deprecated format for IPV4-compatible IPV6 addresses is ::18.104.22.168.
Because of internal differences between IPV4 and IPV6, some lower-level functionality in the IPV6 networking stack does not work the same. Some common IPV6 stacks do not implement the IPV4-mapped address feature. On these operating systems, a program must open a separate socket for each IP protocol it uses. On some systems, e.g., the Linux kernel, NetBSD, and FreeBSD, this feature is controlled by the socket option IPV6_V6ONLY, as specified in RFC 3493.
The addition of nodes having IPV6 networking enabled by default may result in the inadvertent creation of shadow networks. This causes IPV6 traffic to flow into networks having only IPV4 security management in place. This may also occur with operating system upgrades. When the new operating system enables IPV6 by default, while the older one did not, security rules need to be updated. Failing to do this can lead to IPV6 traffic bypassing it. Some IPV6 stack implementors have recommended disabling IPV4 mapped addresses.
IPV6 networking is not as complicated as what it seems. With some proper research and preparation, one can implement IPV6 effectively and future-proof your network.