As we bid farewell to the IPv4 protocol, more and more operators have begun to use NAT as a replacement. NAT is an imperfect solution which greatly reduces usability for the average user meaning that the commercial and strategic value of the IPv6 protocol is becoming increasingly obvious.
IPv6 Developmental Trends in China
Recently China issued “Upgrading the Internet Protocol Sixth Edition (IPv6) Scale Deployment Action Plan.” The plan indicates that by 2018, on the foundation of the deployment of IPv6 — the successor to the currently used IPv4 protocol — the number of active Internet users in China will reach 200 million (500 million by 2020) and, by 2025, China will be world’s leading user of the IPv6 protocol. The issuance of the plan further signifies that the formal deployment of IPv6 in China represents a significant contribution to the worldwide development of the protocol.
With the growing demand for IP addresses brought about by the development of the new generation of Internet technologies (including the mobile Internet, smart devices, networked cars, and smart cities) the total number of IP addresses in China is estimated to reach as many as 34.5 billion over the next five years.
Regarding IPv6, you could say that China has been preparing since the very beginning. With over 20,000 IPv6 address applications by the end of 2016, China is second only to America (which had about double the number of applications). However, addresses that are announced by a router only make up 7.5% of the total IPv6 addresses in China, and only 3% transfer data. In 2016, China ranked 66th in the world regarding the number of actual IPv6 users, falling behind countries like India and Vietnam. Though, it’s nothing to get upset about; keep in mind that by 2025 China’s Internet coverage will be first in the world, reaching a point that will be very difficult for other countries to surpass.
Never Be on a Private Network Again
The plan explains that “New Internet addresses will no longer use private IPv4 addresses”, in response to the outcries from several people who are “locked in private networks” due to the use of NAT to compensate for the tremendous strain Asia has placed on the IPv4 protocol over the past several years. IPv6, on the other hand, provides enough IP addresses to give each grain of sand, whether on a literal beach or the beach that is the world’s Internet coverage, its independent address. Insufficient IP addresses will never be a cause of worry for us again.
Laying a Foundation for the Explosive Growth of IoT
In the IoT of the future, every computer, cell phone, power strip, clothes, and even every button will have its IP address through which it connects to the network. However, IPv4 (with its only 4.2 billion addresses) is already hard-pressed to provide an independent address to each cell phone, much less to every button in the world. Thus the necessity of IPv6.
More Efficient Transmission of Information
Since we’re still using NAT to compensate for the inability of IPv4 to assign sufficient independent addresses, the Internet landscape is becoming more complicated by the day.
It’s obvious when comparing IPv6 and IPv4 packet headers that the former is significantly simplified, enabling it to offer significant performance improvements, increasing the efficiency of data transmission through a simplified process that involves:
- Simplified headers for less processing,
- Zero fragmentation so that we no longer have to restructure, and
- Zero confirmations, saving resources.
A More Secure Internet
We can set IPSec in IPv6 deployment, meaning that data transmission between IPv6 addresses always get encrypted and protects users’ data from eavesdropping and hijacking. In IPv4, systems send most of the data in plain text, and DNS pollution and HTTP hijacking run rampant. Furthermore, you’ve probably had to worry about cell phone data while looking at websites now and then. With IPSec, the Internet will theoretically be smoother and more secure.
IPv6 addresses may be harder to remember, but switching to IPv6 can greatly simplify Internet behavior.
When everyone has a fixed IP address, looking up an address is much easier. If you’re playing a LAN game, for example, you can enter the IPv6 address rather than having to look up an IPv4 address. Our routers, as Internet switches, will no longer need to be active 24/7 just to maintain the same IP address.
Cyber-crimes will also be easier to detect and punish. Because IPv6 uses fixed IP addresses, these addresses can act as a type of online ID allowing law-enforcement agencies to track criminals — something which is not possible with an IPv4 address.
IPv6 Implementation Trends
Just after the publication of the plan, Alibaba Cloud issued a comprehensive provision of IPv6 services right away. However, we are still new to IPv6, so how should we adapt to the IPv6 implementation curve?
Even before the government introduced this plan, people were getting quite anxious for IPv6 with Apple’s “IPv6 Review Mechanism”. Under this mechanism, people submitting Apps to the AppStore need approvals by AppStore reviewers for IPv6-Only access in America. Some app developers only discovered IPv6 because they weren’t able to pass the review.
Typically, most of us only obtain IPv6 to apply for the AppStore’s IPv6-Only approval, but when the AppStore is performing the approval, it doesn’t require IPv6 support from the DNS or server-side. DNS and server addresses in an IPv4 environment get converted to IPv6 by Apple at the time of approval using DNS64 and NAT64.
If an app fails to pass IPv6 approval, there are two possible explanations:
- The app is incompatible with the IPv6 protocol. The best thing to do is to make the app IPv6 compatible.
- The issue of cross-border connections prevents an app from accessing domestic servers during the approval process in the AppStore.
Here I recommend using Alibaba Cloud’s Elastic Compute Service (ECS) instances to avoid these issues.
What Is the DNS64+NAT64 Access Mechanism?
DNS64: During approval for the Apple AppStore, you need to check the IPv6 address of the AppServer to access it. If it cannot find the IPv6 address, then it will move on to checking for an IPv4 address, at which point the Apple network will convert the IPv4 address to IPv6 and return it to the App’s client — as shown in the following figure:
NAT64: During AppStore approval, after obtaining an IPv6 address in step above, the client App can retrieve the server contents by either accessing the IPv6 address directly or use the NAT64 gateway to access the corresponding IPv4 address — as shown in the following figure:
If the app has mandatory IPv6 requirements and needs an IPv6 address, then you can follow the above steps to acquire the address. There are currently three ways to offer IPv6 support:
- Use tunneling transmission to support IPv6 in a roundabout way as long as the server is present on Layer 3 (the network layer).
- HTTP Proxy enables reverse proxy for servers that support IPv6, and resolve the AAAA records to the proxy server.
- Use CDN cache. CDN services such as CloudFlare can support IPv6 out of the box.
However, these solutions have their own set of problems. In specific, the first solution prevents the fewest issues and functions almost natively, the reverse proxy gets limited by the latency of the reverse proxy server and comes at significant construction costs. The CDN cache solutions like Cloudflare tend to be too slow in China.
Outlook of Native IPv6
PaaS products like ApsaraDB for MySQL, OSS, and CDN don’t require excessive settings since they support IPv6 automatically. This is one of the things about PaaS that make O&M personnel happiest.
ECS will become a crucial focus of IPv6, but, after it supports IPv6, we need to apply different settings to the network card and web server software like Nginx, Apache Httpd, and Tomcat — all of which require further IPv6 settings.
For example, lower versions of Nginx don’t support IPv6 if we don’t include –with-ipv6during compilation. Furthermore, the configuration file for the virtual machine needs to include the listen [::]:80; parameter to support listening on port 80 for IPv4 and IPv6. That’s right, with just this parameter you can support listening for both protocols.
Some tutorials and one-click environment packages, seeking so-called performance increases, disable IPv6 support in the kernel, making IPv6 addresses impossible to use even after being distributed.
Change the files in /etc/sysctl.conf listed below to 0 :
net.ipv6.conf.all.disable_ipv6 = 0
net.ipv6.conf.default.disable_ipv6 = 0
net.ipv6.conf.lo.disable_ipv6 = 0
Then execute sysctl -p to make the settings take effect.
In summary, once the IPv6 address allocation becomes ubiquitous, O&M personnel and webmasters alike all need to make certain changes to support the protocol.
However, I think that even after another 20 years, IPv6 will never be open on a large scale. People will continue to use the IPv4 + NAT model (there are still several benefits!), and the existing vested interests won’t be keen to change any time soon. I predict that a new base technology in the next ten years will completely replace the IP system (including both v6 and v4).