Alex - stock.adobe.com
How to use IPv6 in enterprise networks
The transition to IPv6 is a learning curve. Here's what to understand about IPv6, including benefits, troubleshooting techniques and best practices for secure integration.
IPv4 has been the standard logical addressing protocol for decades. IPv4 is important to internet history as it enabled capabilities like client-server networking, cloud computing, web e-commerce and more.
But IPv4 isn't without its weaknesses, and newer innovations have exceeded its capabilities. Challenges of IPv4 include the following:
- Limited number of available addresses -- approximately 4.3 billion.
- No built-in encryption for confidentiality, integrity or authenticity.
- Extensive and unorganized worldwide routing capabilities.
Most enterprises are aware of IPv6, the latest generation of IP, which also serves as IPv4's replacement. IPv6 overcomes IPv4's limitations and offers a new approach to networking. IPv6 provides more address spaces, integrated encryption via IPsec and more efficient routing, among other enhanced features.
However, IPv4 is still more commonly used in enterprises. Organizations have been slow to adopt IPv6 because upgrading to a new standard requires enterprises to invest in costly infrastructure upgrades and training for network staff. Coupled with the fact that IPv6 systems also sometimes have compatibility issues with IPv4, many enterprises have chosen to rely on the familiarity of IPv4.
When your enterprise is ready to switch from IPv4, make sure you understand how to use IPv6. This requires a solid understanding of the protocol standard, such as its improvements over IPv4, best practices and troubleshooting techniques.
IPv6 improvements over IPv4
IPv6 benefits include the following:
- More available addresses.
- Built-in encryption to protect data confidentiality and authenticity.
- A better-organized routing scheme, which creates more efficient routing tables.
This table shows a basic feature comparison between IPv4 and IPv6.
Feature | IPv4 | IPv6 |
Address length | 32-bit | 128-bit |
Number of addresses | Approximately 4.3 billion | Approximately 340 undecillion |
Notation | Dotted decimal | Hexadecimal |
Broadcast addresses | Available | Replaced by multicast |
Encryption | None by default | Built-in IPsec |
Configuration | Static or dynamic, such as with Dynamic Host Configuration Protocol (DHCP) | Autoconfiguration or DHCPv6 |
IP address formats
IPv4 addresses are 32 bits long and divide into four octets. The result creates an address like 192.0.2.0. In contrast, IPv6 addresses are 128 bits long. Unlike IPv4 addresses, which display in dotted decimal, IPv6 addresses use hexadecimal format. For example, an IPv6-based system might have an address like 2001:DB8::1:1:1.
While IPv4 addresses use classful addressing, IPv6 addresses use Classless Inter-Domain Routing (CIDR) notation. For example, many basic IPv6 address ranges might include /8 or /3 at the end. CIDR indicates the network address and the subnet mask because it specifies how many bits represent the network portion and host addresses.
CIDR provides similar functionality to IPv4 classful addressing. While IPv4 can use CIDR notation, IPv6 benefits from CIDR because of its more complex addressing structure.
This table identifies the primary types of IPv6 addresses.
Address type | Form of communication | Description | Prefix |
Unicast | One-to-one communication | Global unicast addresses: Similar to public IPv4 addresses. Internet-routable. Unique local addresses: Similar to IPv4 private addresses on local networks. Link-local addresses: Similar to self-assigned IPv4 Automatic Private IP Addressing address on a network interface card. |
Global unicast addresses: 2000::/3 Unique local addresses: FC00::/7 or FD00::/7 Link-local addresses: FE80::/10 |
Multicast | One-to-many communication | Similar to IPv4 Class D multicast addresses. | FF00::/8 |
Anycast | One-to-one communication | Unicast addresses assigned to multiple interfaces. | N/A |
It might be more complicated to identify IPv6 addresses due to their complexity, but it becomes manageable once you learn how to use IPv6.
Name resolution and IPv6
Name resolution turns complex IP addresses into human-readable names. IPv6 addresses can be more difficult to work with, so name resolution services, like DNS, must be IPv6-capable. Most Windows- and Linux-based DNS servers have this functionality.
IPv6 commands
Network troubleshooters rely on tools like ping and traceroute -- or tracert on Windows -- to help diagnose and correct network issues in IPv4 systems. The process is similar with IPv6.
Commands to show IPv6 addresses
Use the standard OS commands to see IPv6 addresses on a workstation.
On Linux, type the following:
ip addr
On macOS, type the following:
ifconfig
On Windows, type the following:
ipconfig
You might need to include the /all parameter to show IPv6 configurations in addition to IPv4 on older Windows devices.
IPv6 uses neighbor discovery to determine nearby nodes on the same segment. You might display the neighbor discovery table to troubleshoot or survey the environment.
On Linux, type the following:
$ ip -6 neighbor show
On macOS, type the following:
$ ndp -a
On Windows, type the following:
$ netsh interface ipv6 show neighbors
IPv6 troubleshooting commands
Most systems automatically recognize IPv6 addresses, but you can specify the use of IPv6 explicitly.
To ping a remote node from Linux and macOS, type the following:
$ ping6 <IPv6-address>
On a Windows system, type the following:
ping -6 <IPv6-address>
To check the network path to a remote system on Linux and macOS, type either of the following:
$ traceroute6 <IPv6-address>
$ traceroute -6 <IPv6-address>
Windows administrators can use the tracert command to trace IPv6 address routes, as seen here:
tracert -6 <IPv6-address>
Plan a transition to IPv6
When an organization migrates from IPv4 to IPv6, network teams should know how to use IPv6 along with IPv4 on the same network.
Enterprises can take one of three approaches to transition from IPv4 to IPv6:
- Dual stack. Have network nodes run one IPv4 implementation and one IPv6 implementation.
- Tunnels. Carry IPv6 packets over IPv4 infrastructure.
- Translation. Use a gateway to translate between the two address structures.
Most modern OSes provide IPv6 compatibility out of the box, but IoT devices, older systems and legacy network devices might require special attention during a migration. In those cases, you might want to upgrade outdated components.
Another approach is to allow network nodes to select whichever protocol they can use and rely on network devices to translate the addresses. This method involves dual-stack routers, the use of Network Address Translation (NAT) and IPv4 tunnels.
Best practices for IPv6
IPv6 provides many security benefits, and you must remain vigilant to protect your environment. IPv6 is one of several layers of a defense-in-depth approach to protect network access and traffic.
Best practices to secure IPv6 networks include the following:
- Disable IPv4, and integrate IPv6 into high-security environments.
- Disable IPv4 after thorough tests. Older -- and even some modern -- network applications might not be able to use IPv6.
- Train network staff on IPv6 configurations and security features.
- Integrate IPv6 into cloud deployments.
- Secure tunnels and translation protocols in mixed IPv4 and IPv6 environments.
- Continue to use access control lists and filters to secure network traffic.
- Stay knowledgeable on IPv6 vulnerabilities, and maintain patch levels.
Wrap-up
When it comes to IPv6 management, it's essential to plan for the future. When IPv4 addresses released in the 1980s, people didn't anticipate the internet revolution or consider efficient allocations and routing table sizes. With IPv6, only a small percentage of the possible addresses are currently available. The remainder have been reserved for potential future innovation.
IP address blocks are allocated in a more efficient and hierarchical manner, which results in reduced routing table sizes for internet routers. IPv6 address blocks are typically allocated to individual organizations in larger blocks, which should minimize reliance on NAT.
As you move toward IPv6, make sure you know how to use IPv6, and consider the following:
- Most network devices, such as workstations, servers, etc., are already IPv6-compatible.
- Train network staff on IPv6.
- Continue to use IPv4 on your internal network if you prefer. Some translation already occurs on the internet beyond an organization's network perimeter, and you can implement internal compatibility if needed.
IPv6 is the future of network communications. Future-proof your environment, and begin a migration for a more flexible and secure online world.
Damon Garn owns Cogspinner Coaction and provides freelance IT writing and editing services. He has written multiple CompTIA study guides, including the Linux+, Cloud Essentials+ and Server+ guides, and contributes extensively to TechTarget Editorial and CompTIA Blogs.