IPv6
Contents
Overview
Most Internet-connected computers communicate using Internet Protocol version 4, usually abbreviated IPv4. IPv4 assigns an address to each computer. These addresses are 32 bits long, and can be written as a period-separated list of four numbers from zero to 255. One example would be 192.168.1.1, an address commonly given to home networking equipment. The 32-bit address space of IPv4 allows for about four billion addresses. Given that there are over six billion people on the planet, it's clear that these addresses will eventually run out. It turns out that due to the way these addresses are allocated in blocks, we actually already have run out.
Enter IP version 6, or IPv6. IPv6 uses 128 bits for each address, but is not yet very widely used. Virginia Tech, being the cutting edge institution it is, already supports IPv6 campus-wide. While this does not directly affect your computing experience, connecting your computer to a native IPv6 networks has a few implications you should be aware of.
Stateless Autoconfiguration and Privacy Extensions
In IPv4, a computer would need to be told its address either manually or by using a network service called DHCP. In DHCP, the computer asks a server to assign it an IP address that is not in use by anyone else.
In IPv6, the address space is so large that a mechanism called "stateless autoconfiguration" can be used. In stateless autoconfiguration, a computer asks a nearby router for the network prefix (the first few digits of the IP address that will be the same for all computers on the network), and then the computer fills in the rest of the bits by using the hardware address of the network adapter. This means that by default, your IP address could be used to uniquely identify your computer anywhere on the Internet, threatening your privacy online.
That's where privacy extensions come in. You can configure your Linux machine to generate an address randomly rather than by using the hardware address. We do that by adding a udev rule that enables temporary addresses when a network interface is enabled.
In Ubuntu and Debian, enable temporary addresses by opening a terminal and typing
sudo -i echo 'ACTION=="add", SUBSYSTEM=="net", RUN="/sbin/sysctl -w net.ipv6.conf.%k.use_tempaddr=2"' > /etc/udev/rules.d/custom-ipv6privacy.rules
And then reboot your machine. You can verify that it worked by running
ip addr show | grep inet6
from a terminal. If there are any lines which end in "global temporary dynamic" or "global secondary dynamic" you're good to go.
Transition Technologies
Since some of Blacksburg's ISPs (such as Comcast and NTC) still do not support IP, there are several common tools available to enable users to get IPv6 access:
- Teredo tunneling: This can be done by individual hosts to get an IPv6 address tunneled through a dual-stack server over a TCP port. Public Teredo gateways are available by many providers, including Microsoft, and work through a NAT. While this is handy for public wifi, this does not support reverse DNS, authentication, prefix delegation, or arbitrary address space.[1]
- 6to4 tunneling: this assigns a /48 block to each global IPv4 address on the internet by encapsulating IPv6 packets within IPv4 packets. This generally must be set-up at the router level, as it cannot traverse NATs automatically. In order to access non-6to4 IPv6 hosts, a relay router must be used at the ISP level. With the advent of tunnel brokers, 6to4 is considered by some to be obsolete. [2] [3]
- Tunnel brokers: these combine a variety of IPv6 transition methods and allow ISPs to route a portion of their IPv6 address space to users' computers or routers. This is potentially the most robust method, as it supports many different network topologies, reverse DNS, and prefix delegation. Unlike 6to4 and Teredo tunnels, this doesn't necessarily expose the user's IPv4 address. Hurricane Electric is a popular tunnel broker among VTLUUG members; it assigns a /64 and/or /48 to each user and supports rDNS. [4]
Adoption at Virginia Tech
CNS manages Virginia Tech's network, which has one of the greatest percentage of IPv6 traffic compared to other Autonomous Systems. [5] A dual-stack topology is present for all campus ethernet portals and wireless access points.
The following services still lack IPv6:
- Central web hosting (due to a lack of IPv6 support in the load balancers)
- Campus email (Exchange, legacy POP/SMTP, but not the new Google services)
VT DNS resolvers have AAAA records:
yardbird.cns.vt.edu 2001:468:c80:2101:0:100:0:22
jeru.cns.vt.edu 2001:468:c80:4101:0:100:0:42
milo.cns.vt.edu 2001:468:c80:6101:0:100:0:62