Why do we need IPv6?

Question

This will be a kind of newbie question but I am not quite sure why we really need IPv6. AFAIK, the story is as follows:

In the olden days, when computers were not plentiful, 32 bit IP addresses were enough for everybody. At these times, the subnet mask was implicit. Then the number of computers have increased and 32 bits started to become insufficient.

So the subnet mask started to become explicit. Essentially the size of an IP address has increased.

My question is, what is the downside of continuing the addressing with the subnet masks? For example when they become insufficient as well, can't we continue with using "subnet-subnet masks" etc.?

I understand that it consumes more space than the original IPv4 (and maybe not much different than using IPv6) but aren't explicit subnet masks a sufficient solution? If not, why are they an insufficient solution?

Answer 1

Two things are getting confused here:

• classful addressing vs CIDR
• Masquerading / NAT

Going from classful addressing to Classless Inter Domain Routing (CIDR) was an improvement that made the address distribution to ISPs and organisations more efficient, thereby also increasing the lifetime of IPv4. In classful addressing an organisation would get one of these:

• a class A network (a /8 in CIDR terms, with netmask 255.0.0.0)
• a class B network (a /16 in CIDR terms, with netmask 255.255.0.0)
• a class C network (a /24 in CIDR terms, with netmask 255.255.255.0)

All of these classes were allocated from fixed ranges. Class A contained all addresses where the first digit was between 1 and 126, class B was from 128 to 191 and class C from 192 to 223. Routing between organisations had all of this hard-coded into the protocols.

In the classful days when an organisation would need e.g. 4000 addresses there were two options: give them 16 class C blocks (16 x 256 = 4096 addresses) or give them one class B block (65536 addresses). Because of the sizes being hard-coded the 16 separate class C blocks would all have to be routed separately. So many got a class B block, containing many more addresses than they actually needed. Many large organisations would get a class A block (16,777,216 addresses) even when only a few hundred thousand were needed. This wasted a lot of addresses.

CIDR removed these limitations. Classes A, B and C don't exist anymore (since ±1993) and routing between organisations can happen on any prefix length (although something smaller than a /24 is usually not accepted to prevent lots of tiny blocks increasing the size of routing tables). So since then it was possible to route blocks of different sizes, and allocate them from any of the previously-classes-A-B-C parts of the address space. An organisation needing 4000 addresses could get a /20, which is 4096 addresses.

Subnetting means dividing your allocated address block into smaller blocks. Smaller blocks can then be configured on physical networks etc. It doesn't magically create more addresses. It only means that you divide your allocation according to how you want to use it.

What did create more addresses was Masquerading, better known as NAT (Network Address Translation). With NAT one device with a single public address provides connectivity for a whole network with private (internal) addresses behind it. Every device on the local network thinks it is connected to the internet, even when it isn't really. The NAT router will look at outbound traffic and replace the private address of the local device with its own public address, pretending to be the source of the packet (which is why it was also known as masquerading). It remembers which translations it has made so that for any replies coming back it can put back the original private address of the local device. This is generally considered a hack, but it worked and it allowed many devices to send traffic to the internet while using less public addresses. This extended the lifetime of IPv4 immensely.

It is possible to have multiple NAT devices behind each other. This is done for example by ISPs that don't have enough public IPv4 addresses. The ISP has some huge NAT routers that have a handful of public IPv4 addresses. The customers are then connected using a special range of IPv4 addresses (100.64.0.0/10, although sometimes they also use normal private addresses) as their external address. The customers then again have NAT router that uses that single address they get on the external side and performs NAT to connect a whole internal network which uses normal private addresses.

There are a few downsides to having NAT routers though:

• incoming connections: devices behind a NAT router can only make outbound connections as they don't have their own 'real' address to accept incoming connections on
• port forwarding: this is usually made less of a problem by port forwarding, where the NAT routed dedicates some UDP and/or TCP ports on its public address to an internal device. The NAT router can then forward incoming traffic on those ports to that internal device. This needs the user to configure those forwardings on the NAT router
• carrier grade NAT: is where the ISP performs NAT. Yyou won't be able to configure any port forwarding, so accepting any incoming connections becomes (bit torrent, having your own VPN/web/mail/etc server) impossible
• fate sharing: the outside world only sees a single device: that NAT router. Therefore all devices behind the NAT router share its fate. If one device behind the NAT router misbehaves it's the address of the NAT router that ends up on a blacklist, thereby blocking every other internal device as well
• redundancy: a NAT router must remember which internal devices are communicating through it so that it can send the replies to the right device. Therefore all traffic of a set of users must go through a single NAT router. Normal routers don't have to remember anything, and so it's easy to build redundant routes. With NAT it's not.
• single point of failure: when a NAT router fails it forgets all existing communications, so all existing connections through it will be broken
• big central NAT routers are expensive

As you can see both CIDR and NAT have extended the lifetime of IPv4 for many many years. But CIDR can't create more addresses, only allocate the existing ones more efficiently. And NAT does work, but only for outbound traffic and with higher performance and stability risks, and less functionality compared to having public addresses.

Which is why IPv6 was invented: Lots of addresses and public addresses for every device. So your device (or the firewall in front of it) can decide for itself which inbound connections it wants to accept. If you want to run your own mail server that is possible, and if you don't want anybody from the outside connecting to you: that's possible too :) IPv6 gives you the options back that you used to have before NAT was introduced, and you are free to use them if you want to.

Answer 2

The Internet Protocol (IP) was designed to provide end-to-end connectivity.

The 32 bits of an IPv4 address only allow for about 4.3 billion unique addresses. Then you must subtract a bunch of addresses for things like multicast, and there is a lot of math showing that you can never use the full capacity of a subnet, so there are a lot of wasted addresses.

There are about twice as many humans as there are usable IPv4 addresses, and many of those humans consume multiple IP addresses. This doesn't even touch on the business needs for IP addresses.

Using NAT to satisfy the IP address hunger breaks the IP end-to-end connection paradigm. It becomes difficult to expose enough public IP addresses. Think for a minute what you, as a home user with only one public IP address, would do if you want to allow multiple devices using the same transport protocol and port, say two web servers, which by convention use TCP port 80, to be accessed from the public Internet. You can port forward TCP port 80 on your public IP address to one private IP address, but what about the other web server? This scenario will require you to jump through some hoops which a typical home user isn't equipped to handle. Now, think about the Internet of Things (IoT) where you may have hundreds, or thousands, of devices (light bulbs, thermostats, thermometers, rain gauges and sprinkler systems, alarm sensors, appliances, garage door openers, entertainment systems, pet collars, and who knows what all else), some, or all, of which want to use the same specific transport protocols and ports. Now, think about businesses with IP address needs to provide their customers, vendors, and partners with connectivity.

IP was designed for end-to-end connectivity so, no matter how many different hosts use the same transport protocol and port, they are uniquely identified by their IP address. NAT breaks this, and it limits IP in ways it was never intended to be limited. NAT was simply created as a way to extend the life of IPv4 until the next IP version (IPv6) could be adopted.

IPv6 provides enough public addresses to restore the original IP paradigm. IPv6 currently has 1/8 of the IPv6 addresses in the entire IPv6 address block set aside for globally routable IPv6 addresses. Assuming there are 17 billion people on earth in the year 2100 (not unrealistic), the current global IPv6 address range (1/8 of the IPv6 address block) provides over 2000 /48 networks for each and every one of those 17 billion people. Each /48 network is 65,536 /64 subnets with 18,446,744,073,709,551,616 addresses per subnet.

Answer 3

Simply put, there are no more IPv4 address available. All (or nearly all) the available IPv4 addresses have been allocated. The explosion of IP devices, laptops, phones, tablets, cameras, security devices, etc, etc, have used up all the address space.

Answer 4

First of all the variable subnet mask technique did become insufficient. That is why people invented the Network address translation technique where you can use public IP to mask multiple private IP's. Even with this technique, we are almost out of IP's to allocate. Also NAT breaks one of the founding principles of the Internet: the end to end principle.

So the main reason for using IPv6 is that everyone will have available as many public IP's as they need and all the complexity of using NAT will disappear.

IPv6 also provides other functionality that I will not go into detail:mandatory security at the IP level, enables Stateless address auto configuration, no more broadcasting only multicasting and provides a more efficient processing by routers by simplifying the header. Also in this age of mobile devices it has explicit support for mobility in the form of mobile IPv6.

Regarding your proposal of using subnet/subnet masks:it does not sound feasible since its implementation would break all existing applications and it is not really elegant. If you have to change things why not go for something new and well thought.

Answer 5

The major organization that distributes IP's to the regional orgs is completely exhausted. ARIN - the regional org in the US has been exhausted for the past few months. The only regional org that still has some IP's left is AfriNIC.

There are a lot of companies/orgs, like Ford, MIT, etc that have full Class A IP ranges. Back when they acquired them, no one thought we would run out so quick.

At this time, to buy IP's, you either wait for a company to go out of business and buy it on the gray market, or you try to buy unused IPs from another company.

IP's designed for a region, cannot be used in another region. Well they can, but it is highly discouraged (geo-IP).

At this time, a lot of companies are getting ready for IPv6. The switch isn't easy as its very expensive to buy new equipment that supports full IPv6 for those who have 10s of thousands of servers.