What is IPv6 (Internet Protocol version 6)?
Internet Protocol version 6 (IPv6) is a set of specifications from the Internet Engineering Task Force (IETF) that is responsible for identifying network devices and routing traffic across the internet. IPv6 is an upgrade of IP version 4 (IPv4).
The basics of IPv6 are similar to those of IPv4. Devices can use IPv6 as source and destination IP addresses to pass packets over a network. Tools such as ping and traceroute work for network testing as they do in IPv4, with some slight variations.
The IETF published the specification (RFC 8200) for IPv6 in 2017 and elevated it to Internet Standard (STD 86).
Difference between IPv4 and IPv6
The most obvious improvement in IPv6 over IPv4 is it lengthens IP addresses from 32 bits to 128 bits. Sixty-four bits are for the network number, and 64 bits are for the host number. The host portion of an IPv6 address -- or part of it -- often derives from a media access control address or other interface identifier.
This extension anticipates considerable future growth of the internet by providing an almost limitless supply of IPv6 addresses. For example, the number of IPv4 addresses is roughly 4.3 billion, while IPv6 offers almost 1,028 times more addresses. This relieves the perceived impending shortage of network addresses.
An IPv6 address contains eight groups of four hexadecimal digits, each of which represents 16 bits. Leading zeros can be omitted to shorten the address.
Here are examples of both an IPv4 and IPv6 address:
- IPv4 address: 192.0.2.0.
- IPv6 address: 2001:0DB8:1234:A1EA:A004:4001:53C8.
IPv6 supports autoconfiguration, which enables devices to generate their own IP addresses without manual configuration or a Dynamic Host Configuration Protocol (DHCP) server. It also has integrated security and mobility features, such as built-in IPsec and the Mobile IPv6 protocol.
Benefits of IPv6
IPv6 features and benefits include the following:
- Support for source and destination addresses that are 128 bits (16 bytes) long.
- A link-local scope all-nodes multicast address that targets all nodes on a local network segment.
- No requirement for manual configuration or DHCP.
- Host address (AAAA record) resource records in domain name system (DNS) to map hostnames to IPv6 addresses.
- Pointer resource records in the IP6.ARPA DNS to map IPv6 addresses to hostnames.
- Support for a 1,280-byte packet size.
- Flow Label field to identify packet flow for quality of service handling by router.
- Internet Control Message Protocol version 6 Router Solicitation and Router Advertisement messages to determine the IP address of the best default gateway.
- Multicast Neighbor Solicitation messages to resolve IP addresses to link-layer addresses.
- Multicast Listener Discovery messages to manage membership in local subnet.
IPv6 complications
IPv6 complications include the following:
- It doesn't include a header checksum to protect the IP header, as lower-layer protocols include checksums.
- IPv4 and IPv6 machines cannot communicate directly with each other.
- The process of switching to IPv6 from IPv4 can be slow and tedious.
- Understanding IPv6 subnetting can be difficult on its own.
- IPv6 headers have fixed length, so it's not possible to tag options directly to the main header. But it comes with extension headers for options.
- It enables the host to send fragments packets but not routers.
Who deploys IPv6?
Google reported in August 2019 that nearly 29% of those searching on Google were doing so over IPv6. In August 2024, Google reported that number had grown to 47% of users.
The Federal Communications Commission (FCC) noted that the transition will be years long. During the transition, internet service providers and application providers are taking steps to ensure they continue to support IPv4 addresses. However, the FCC warned that, during the transition, increased dividing and transferring of IPv4 addresses could impair or degrade online services and compromise privacy.
As of August 2024, some virtual private network providers support IPv6, but many still aren't compatible.
IPv6 security
IPv6 can run end-to-end encryption. Widespread adoption of IPv6 will, therefore, make man-in-the-middle attacks significantly more difficult.
According to Juniper Networks, IPv6's support of the Secure Neighbor Discovery protocol renders Address Resolution Protocol poisoning and other naming-based attacks more difficult. With IPv4, those attacks are fairly easy for an attacker. IPv6 makes it difficult for attackers to redirect traffic between two legitimate hosts and manipulate a conversation.
This added security depends entirely on proper design and implementation, and the more complex and flexible infrastructure of IPv6 makes for more work. If, for example, a server enables IPv6 by default but the firewall doesn't, the network is more prone to attack.
Operating a network that deploys two internet protocols -- IPv4 and IPv6 -- generally implies that network configuration needs to be replicated for IPv6. That is, teams must configure the network so that IPv6 can operate like IPv4. This network configuration not only includes aspects such as enabling IPv6 routing and incorporating IPv6 information in DNS, but also the enforcement of network security policies via packet filtering.
Editor's note: This definition was updated to reflect industry changes and improve the reader experience.