Problems with IPv4 and the IPv6 Solutions

"IPv4 works great! We built a global Internet with over a billion users on top of IPv4. I just surfed to Facebook over it ten minutes ago. What's the problem?"

The problem is that IPv4 was too successful. More people are using the IPv4 Internet today than it was really designed to handle. We've outgrown IPv4. We aren't still trying to use 2G phones - most of the world has moved on to 3G, and now they are moving on to 4G phones. New technology phones can do a lot more than the old ones, and do it better and faster, too. We outgrew 2G phones. They were great when they were first introduced (must better than 1G phones). So was IPv4, when it was introduced 30 years ago, in 1983. The IBM PC-XT was released. The Challenger Space Shuttle took its first flight. "Return of the Jedi" was released. Reagan announced the Strategic Defense Initiative ("Star Wars"). 1983 was quite a while back. Many of you reading this had not even been born.

IPv4 was much better than what came before it (which was NCP, with 8 bit addresses, for a maximum of 256 nodes). But the Internet has grown from a few thousand people using it in 1983 to billions today. Not many designs can scale by that many orders of magnitude and keep working at all. Can you imagine a jumbo jet, designed to carry 300 people, being able to carry  a million people with just a few tweaks in the design? However, it's time to move on to the next generation Internet, which was designed from the beginning for billions of users, and even more devices. A study from Cisco makes some projections about how many devices are going to be connected to the Internet over the next few years:

Year      World Population      Devices      Devices/Person
2003        6.3 billion       500 million         0.08
2010        6.8 billion       12.5 billion        1.84
2015        7.2 billion       25 billion          3.47
2020        7.6 billion       50 billion          6.58

IPv4 can't even think about handling those kinds of numbers. IPv6 can do it without even breaking a sweat.

This new IPv6 Internet will still be able to do all the things you know and love, and many amazing new tricks as well.


What Is Broken About IPv4

So what exactly is broken about IPv4? Basically the Internet started running out of IPv4 addresses back in the mid 1990s. The IETF began working then on the long term solution (which is IPv6). They knew it would take a while to work out the bugs and become mature (and it did), but it is ready now. Since about 2010 everything has been in place to begin using IPv6, and millions of people already are. Growth and investment in IPv4 have pretty much stopped, just like they did with 1G phones when 2G came out, and with 2G phones when 3G came out. The growth and investment on the Internet is now is in IPv6. Time marches on.

The IETF knew that it would take 10 years or more for IPv6 to mature and be ready for prime time. At the rate IPv4 addresses were being allocated, they were going to run out before IPv6 was ready. The IETF had to do some really bad engineering in a hurry to keep IPv4 going for just a few more years while IPv6 matured. That "bad engineering" included private internets and Network Address Translation (NAT). Those were necessary evils that delayed the depletion of the IPv4 address space until about 2010 or 2011, at very high cost in terms of reliability and functionality. Today, IPv4 is in the Intensive Care Unit, on life support. Normal allocation of IPv4 addresses has already ended in Asia/Pacific (April, 2011) and Europe/Middle East (September, 2012). This is predicted to happen in America by early 2014. The IETF can't keep IPv4 going much longer. Some telcos and ISPs are trying to double down on NAT, by deploying two layers of it (CGN). This cure is worse than the disease! Especially when the long term solution (IPv6) is ready to go today, and works great.

With addresses for private internets (RFC 1918) and NAT (RFC 1631), the IETF splintered the previously monolithic IPv4 Internet into millions of tiny, disjoint private internets, poorly connected to the remains of the orignal IPv4 global Internet, through one-way NAT gateways. Before NAT, the whole world was really one giant public Internet. Now the last remaining parts of that public Internet live quiet lives in telcos, ISPs, and server rooms of big companies. Only a few home users have any parts of the old public IPv4 Internet. I have five real addresses in my home, and pay a bundle for those. Most people get only one public address (and often today, not even one).

Private internets are like private telephone companies behind a Private Branch Exchange (PBX). The company gets a few public IPv4 addresess, and hides an entire private internet behind them. In a home, you typically get one public IPv4 address, and hide all of your private addresses (like phone extension numbers) behind it. Your home network is still a private internet, even if you have only one subnet, with just a few computers in it. 


Private Branch Exchange Telephone Systems and NAT

A company with 1,000 employees could in theory buy a phone and obtain a real telephone line (with a real telephone number) for each of their employees. That would be really expensive. So, instead they create essentially a private telephone exchange, with their own local set of private telephone numbers, like x1000, x1001, and so on. Every company uses the same set of private telephone numbers, because they work only inside their company. Extension x1256 in my company can't conflict with extension x1256 in some other company, because the private telephone companies can't connect directly outside of the company.

Any internal phone can call any other internal phone, by dialing the private telephone number of the other phone. The company actually gets a few (maybe 10) real phone lines, each with a real number. The PBX allows a limited number of outgoing calls from an internal phone (e.g. x1234) to an outside phone number (e.g. 123-4567) via that gateway. When you pick up an internal phone, you hear the inside dial tone. If you dial a 9, it connects you to one of the outside lines, and you hear the external dial tone. You can then dial as if you had a real phone (not one behind a PBX). There cannot be more outgoing calls at any given time than there are real telephone lines. If all of them are in use, when you dial "9" you get a busy signal.

For incoming calls, it is a bit trickier. An outside phone user dials the company number, and then has to "dial the first 3 letters of the person's name", at which point the PBX connects your incoming call to the correct internal phone. Again, there can't be more incoming calls than there are real telephone lines in the company. Actually, the total number of incoming and outgoing calls cannot exceed the number of real telephone lines.

NAT is basically the same idea, but for computer networks. We no longer have enough real (public) IPv4 addresses to give one to every device, so the IETF invented private internets, that are a lot like private telephone companies. Each organization gets a few real IPv4 addresses, but deployes hundreds (or even thousands) of nodes in their private internet, hiding behind those few public IPv4 addresses. More internal nodes can make outgoing connections than with a PBX (even with only a few public IPv4 addresses, internal nodes could be making thousands of simultaneous connections to the outside world). Unfortunately, it is much harder for outside nodes to make connections to inside nodes in the company's private internet than it is with a PBX. With NAT, using the Internet is pretty much a one way street, with connections going out from the private Internet. This irretrievably broke the End-to-End connectivity model of the early IPv4 Internet. That kind of connectivity exists only inside of private Internets today (for IPv4). With IPv6, the world wide monolithic Internet is back. Any IPv6 node in the world can connect to any other IPv6 node in the world, unless the connection is specifically blocked by a firewall somewhere in between. This will revolutionize the Internet, compared to how things work today. Real 4G (LTE Advanced) phones require this capabliity, so will work only over IPv6.


The Solution: IPv6

IPv6 is based heavily on its predecessor, IPv4, so there are many references to (and comparisons with) IPv4 in this training. We also cover what the problems are with IPv4, the depletion of IPv4 public addresses, "private internets" and Network Address Translation (NAT). All of the problem with IPv4 are nicely addressed by IPv6.

You can think of this transition as similar to the transition from 2G to 3G phones (which took place a while back) or the transition from 3G to 4G phones (which is just now getting underway). IPv4 was "2G" Internet. The "1G" Internet (the "ARPANET") used a protocol called NCP, which had 8 bit addresses, for a maximum of 256 nodes. That generation lasted from 1969 through 1982. The "2G" Internet was based on IPv4, and began on Jan 1, 1983. That took us from about 250 nodes to over a billion. That is about as far as the "2G" Internet can go. IPv6 is "3G" Internet. Unlike the start of the 2G Internet which happened quickly (with many problems), the "3G" Internet (based on IPv6) is being phased in very gradually. It's rather more difficult to transition billions of nodes than hundreds. Today, many national economies and large organizations would be severely impacted if worldwide e-mail or web stopped working for a month or two (as happened in the 1983 transition). It's been growing for over ten years already, along side its older cousin. Although my 2010 book was titled "The Second Internet", if you count the NCP based Internet as the "First Internet", then the "Second Internet" was based on IPv4, and what is growing now, based on IPv6 is really the "Third Internet".

Today most websites are still on the legacy IPv4 Internet, but many now also are "simulcast" over IPv6. As IPv4 public addresses become more scarce, there will be more and more sites that are available only via IPv6. Most of you today are still based in the IPv4 Internet, and need to worry about how you reach nodes in the IPv6 Internet. Soon many of you will be based in the IPv6 Internet (especially smartphone and tablet users connecting over real 4G), and worrying about how to reach nodes in the legacy IPv4 Internet. It's really the same problem, but in reverse. Soon the IPv4 Internet will begin shrinking - something very new for it. Until 2011, the IPv4 Internet knew nothing but exponential growth. That growth pretty much leveled off around 2011. Before long, it will reverse, while the IPv6 Internet explodes with hyper-growth.

If the NCP Internet was a log canoe, then the IPv4 Internet is like the aircraft carrier USS Enterprise. Carrying the analogy one step further, the IPv6 Internet is shaping up to be more like the Starship Enterprise. Beam me up Scotty! I'm ready to warp out of this tiny IPv4 Internet!

Going from NCP to IPv4 we quadrupled the number of bits in the address (from 8 to 32). We are doing that again going from IPv4 to IPv6 (from 32 to 128). Only this time, the increase is staggering larger. Powers of two are like that. Remember the wise guy who asked a king to be rewarded with one grain of rice on the first square of the chessboard, two on the second, four on the third and so on? The poor king would have needed all the rice in the world long before reaching the 64th square. Well, IPv6 adds another 64 squares to that chessboard - and the numbers become literally astronomical. If the address space of IPv4 is a billiard ball, the address space of IPv6 is a sphere 63 times the diameter of our sun - it would almost reach the orbit of Venus.

The ITU tried to get in on Internet governance via IPv6 address allocation. They claimed that IPv6 addresses needed to be "set aside" (for them to manage) to make sure that developing countries would never again be unable to share the benefits of the Internet because there were not enough addresses left (as happened with the IPv4 Internet). They were nearly laughed out of the APNIC meeting when I pointed out that IPv6 had enough addresses for every human alive to get over 5,000 Corporate sized allocations (so 5000 /48 blocks per human being, including infants). I guess the guys from ITU were not mathematicians. We are not going to run out this time. Everybody gets to share in the benefits this time around. The U.S. will not get 41% of all the public IPv6 addresses for 5% of the world's population. This time it's first come first served, but the barrel is effectively bottomless.

Most of the pieces of the IPv6 puzzle are already in place: mature, working protocols, address allocations, the global backbones, the global DNS system, support in Operating Systems and applications, etc.

One of the final pieces of the puzzle is for the lower tier ISPs to actually offer production IPv6 service to their customers. The good news is you don't have to wait for that glorious day. You can get tunneled IPv6 service today, right through the existing IPv4 infrastructure. This website shows you how to do that for free!

The other major piece of the puzzle is widespread knowledge about IPv6 by network professionals. That's what the IPv6 Forum Network Engineer training program (and this website) are all about. I am also creating new products that will help with learning IPv6 (NetConf), with managing Dual Stack networks (DNMS), and that will take advantage of the amazing new capabilities of the IPv6 Internet. I've moved on from teaching Network Engineer training to a few people at a time. I'm now a tele-evangelist (webvangelist?) trying to convert the world. Put your hands on the router, and say "I BELIEVE!". You have nothing to lose but your NAT.