Security

What’s Driving IPv6 Adoption? (An IPv6 Epiphany)

By Elevate posted 08-03-2015 20:56

  

I have been giving IPv6 presentations for years now. It is always the same pitch; the same slides on why IPv6 is important; how governments are using it, and universities, and so on. I use the graph from Google[Google IPv6 Stats] below to illustrate the growth of IPv6.

 

IPv6 Epiphany - ipv6graph.jpg

 

Recently, someone in the audience pointed out that I need to update my slide. In two months, the share of IPv6 traffic on Google was up by 10%. But wait a second! IPv6 is arguably a quarter century old. It took almost that long to grow to about 1% of the Internet traffic. And now it is growing that much every month?

 

What’s going on? Who or what is driving the growth of IPv6 traffic?

 

There are approximately 10 billion Internet connected devices out there. We adapted quite well to running out of IPv4 addresses a long time ago by using NAT and private addresses spaces. It is unlikely that the “shortage” of IP addresses is the root cause.

 

Just eyeballing the statistics on the World IPv6 Launch website, it is not enterprises, not even governmental and educational institutions, but the service providers. Services providers, especially the mobile service providers are going through profound changes with smartphones and LTE. Some of the mobile service providers, when they put in a completely new infrastructure, such as VoLTE, elect to go all-IPv6. It makes perfect sense. It is much simpler to deploy IPv6 than use NAT, especially with IMS. But none of that would drive to growth shown above.

 

It is CVfCP

 

It turns out that content providers prefer IPv6. IPv6 gives them enhanced visibility of the client endpoint. Client Visibility for Content Providers drives the IPv6 adoption rate. (Bill Shelton, who explained all this to me, coined the term and the acronym, CVfCP.)

 

Most devices today come with dual-stack IP; a device has both an IPv4 and an IPv6 stack. It is up to an application to select which one to use. The past few years, web browsers implemented a functionality commonly call Happy Eyeballs, which was also standardized by the IETF.[rfc6555] Happy Eyeballs claims to improve user experience in a network of still coexisting IPv4 and IPv6 servers by making simultaneous IPv4 and IPv6 connection attempts. But curiously, upon availability of both, the client gives preference to IPv6. It is fascinating that while currently there is arguably little to no benefit for the end user, the owner of the eyeballs, the content providers, who also control the clients, are implementing measures with preference to IPv6.

 

So why would the content providers prefer IPv6 addresses? It just happens that the largest content providers are also some of the main providers of browsers. NAT obfuscates the identity of a client; the IP address is the IP address of the NAT device and both the IP address and the port number may change from connection to connection. The content providers built elaborate schemes to track the identity of the clients, e.g., HTTP cookies. With an IPv6 address there is no NAT. The IPv6 address does not change over time, it remains the same from connection to connection, application to application. Most clients default to Stateless Address Autoconfiguration (SLAAC)[rfc4862] which builds the IPv6 address from the local subnet and the IID. The IID, the lower 64 bits of the IPv6 address is generated from the EUI-64, essentially the MAC address assigned to the NIC, which includes the manufacturer’s ID. The IID is unique and remains the same regardless of the network the device is connected to.

 

Let’s see what we have here; an IPv6 address uniquely identifies an endpoint, it says something about the device, and it is constant regardless of time, location, network, and application. Who needs cookies?

 

IPv6 Epiphany - happy.jpg

 

Epiphany, a lovely word. I never had a chance, a reason to use it. Now I did, thanks to Bill Shelton, one of our greatest IPv6 advocates. You can find his blog on IPv6 here.

 

3 comments
0 views

Permalink

Comments

08-07-2015 09:09

It was about 20 years ago that the IPv6 address architecture came into existence. Indeed, the privacy issues were well known all along, as indicated by the numerous drafts and RFCs (e.g., 3972, 4971, 7217). A few people also pointed out that Windows adopted a randomly generated IID and that Apple is doing something similar in the latest release of IOS. However privacy extensions to IPv6 address generation still have not seen wide-scale deployment. The fact that IETF is actively discussing the topic of “Privacy Considerations for IPv6 Address Generation Mechanisms”ipv6-address-generation-privacy reflects that the issue is not yet resolved.

08-05-2015 17:21

You may find "Privacy Considerations for IPv6 Address Generation Mechanisms" draft-ietf-6man-ipv6-address-generation-privacy-07 an interesting read.  It discusses different mechanisms for generating IIDs for use in IPv6 along

with the associated security and privacy concerns.  

 

08-05-2015 15:47

You're forgetting about RFC 4941 -  Privacy Extensions for Stateless Address Autoconfiguration in IPv6. Operating systems like Microsoft Windows leverage RFC 4941 (Microsoft helped write it) and derive random IPv6 addresses that aren't related to interface MAC addresses.