Alex - stock.adobe.com

Tip

How to use IPv6 in enterprise networks

The transition to IPv6 is a learning curve. Here's what to understand about IPv6, including benefits, troubleshooting techniques and best practices for secure integration.

IPv4 has been the standard logical addressing protocol for decades. IPv4 is important to internet history as it enabled capabilities like client-server networking, cloud computing, web e-commerce and more.

But IPv4 isn't without its weaknesses, and newer innovations have exceeded its capabilities. Challenges of IPv4 include the following:

  • Limited number of available addresses -- approximately 4.3 billion.
  • No built-in encryption for confidentiality, integrity or authenticity.
  • Extensive and unorganized worldwide routing capabilities.

Most enterprises are aware of IPv6, the latest generation of IP, which also serves as IPv4's replacement. IPv6 overcomes IPv4's limitations and offers a new approach to networking. IPv6 provides more address spaces, integrated encryption via IPsec and more efficient routing, among other enhanced features.

However, IPv4 is still more commonly used in enterprises. Organizations have been slow to adopt IPv6 because upgrading to a new standard requires enterprises to invest in costly infrastructure upgrades and training for network staff. Coupled with the fact that IPv6 systems also sometimes have compatibility issues with IPv4, many enterprises have chosen to rely on the familiarity of IPv4.

When your enterprise is ready to switch from IPv4, make sure you understand how to use IPv6. This requires a solid understanding of the protocol standard, such as its improvements over IPv4, best practices and troubleshooting techniques.

IPv6 improvements over IPv4

IPv6 benefits include the following:

  • More available addresses.
  • Built-in encryption to protect data confidentiality and authenticity.
  • A better-organized routing scheme, which creates more efficient routing tables.

This table shows a basic feature comparison between IPv4 and IPv6.

Feature IPv4 IPv6
Address length 32-bit 128-bit
Number of addresses Approximately 4.3 billion Approximately 340 undecillion
Notation Dotted decimal Hexadecimal
Broadcast addresses Available Replaced by multicast
Encryption None by default Built-in IPsec
Configuration Static or dynamic, such as with Dynamic Host Configuration Protocol (DHCP) Autoconfiguration or DHCPv6

IP address formats

IPv4 addresses are 32 bits long and divide into four octets. The result creates an address like 192.0.2.0. In contrast, IPv6 addresses are 128 bits long. Unlike IPv4 addresses, which display in dotted decimal, IPv6 addresses use hexadecimal format. For example, an IPv6-based system might have an address like 2001:DB8::1:1:1.

While IPv4 addresses use classful addressing, IPv6 addresses use Classless Inter-Domain Routing (CIDR) notation. For example, many basic IPv6 address ranges might include /8 or /3 at the end. CIDR indicates the network address and the subnet mask because it specifies how many bits represent the network portion and host addresses.

CIDR provides similar functionality to IPv4 classful addressing. While IPv4 can use CIDR notation, IPv6 benefits from CIDR because of its more complex addressing structure.

This table identifies the primary types of IPv6 addresses.

Address type Form of communication Description Prefix
Unicast One-to-one communication

Global unicast addresses: Similar to public IPv4 addresses. Internet-routable.

Unique local addresses: Similar to IPv4 private addresses on local networks.

Link-local addresses: Similar to self-assigned IPv4 Automatic Private IP Addressing address on a network interface card.

Global unicast addresses: 2000::/3

Unique local addresses: FC00::/7 or FD00::/7

Link-local addresses: FE80::/10
Multicast One-to-many communication Similar to IPv4 Class D multicast addresses. FF00::/8
Anycast One-to-one communication Unicast addresses assigned to multiple interfaces. N/A
Image that shows the structure of an IPv6 address, including its routing prefix, subnet ID and interface ID.
The structure of an IPv6 address

It might be more complicated to identify IPv6 addresses due to their complexity, but it becomes manageable once you learn how to use IPv6.

Name resolution and IPv6

Name resolution turns complex IP addresses into human-readable names. IPv6 addresses can be more difficult to work with, so name resolution services, like DNS, must be IPv6-capable. Most Windows- and Linux-based DNS servers have this functionality.

Screenshot of a quad-A DNS record that provides information about how the hostname is associated with an IPv6 address.
A sample quad-A DNS resource record relating a hostname to an IPv6 address

IPv6 commands

Network troubleshooters rely on tools like ping and traceroute -- or tracert on Windows -- to help diagnose and correct network issues in IPv4 systems. The process is similar with IPv6.

Commands to show IPv6 addresses

Use the standard OS commands to see IPv6 addresses on a workstation.

On Linux, type the following:

ip addr
Screenshot of the ip addr command in Linux displaying IPv6 information.
The Linux ip addr command displaying IPv6 addressing information

On macOS, type the following:

ifconfig

On Windows, type the following:

ipconfig

You might need to include the /all parameter to show IPv6 configurations in addition to IPv4 on older Windows devices.

Screenshot of the ipconfig command in Windows displaying IPv6 information.
The Windows ipconfig command displaying IPv6 addressing information

IPv6 uses neighbor discovery to determine nearby nodes on the same segment. You might display the neighbor discovery table to troubleshoot or survey the environment.

On Linux, type the following:

$ ip -6 neighbor show

On macOS, type the following:

$ ndp -a

On Windows, type the following:

$ netsh interface ipv6 show neighbors
Screenshot of the netsh command in Windows displaying neighboring IPv6 devices.
A list of nearby IPv6 devices

IPv6 troubleshooting commands

Most systems automatically recognize IPv6 addresses, but you can specify the use of IPv6 explicitly.

To ping a remote node from Linux and macOS, type the following:

$ ping6 <IPv6-address>

On a Windows system, type the following:

ping -6 <IPv6-address>

To check the network path to a remote system on Linux and macOS, type either of the following:

$ traceroute6 <IPv6-address>
$ traceroute -6 <IPv6-address>

Windows administrators can use the tracert command to trace IPv6 address routes, as seen here:

tracert -6 <IPv6-address>

Plan a transition to IPv6

When an organization migrates from IPv4 to IPv6, network teams should know how to use IPv6 along with IPv4 on the same network.

Enterprises can take one of three approaches to transition from IPv4 to IPv6:

  1. Dual stack. Have network nodes run one IPv4 implementation and one IPv6 implementation.
  2. Tunnels. Carry IPv6 packets over IPv4 infrastructure.
  3. Translation. Use a gateway to translate between the two address structures.

Most modern OSes provide IPv6 compatibility out of the box, but IoT devices, older systems and legacy network devices might require special attention during a migration. In those cases, you might want to upgrade outdated components.

Another approach is to allow network nodes to select whichever protocol they can use and rely on network devices to translate the addresses. This method involves dual-stack routers, the use of Network Address Translation (NAT) and IPv4 tunnels.

Best practices for IPv6

IPv6 provides many security benefits, and you must remain vigilant to protect your environment. IPv6 is one of several layers of a defense-in-depth approach to protect network access and traffic.

Best practices to secure IPv6 networks include the following:

  • Disable IPv4, and integrate IPv6 into high-security environments.
  • Disable IPv4 after thorough tests. Older -- and even some modern -- network applications might not be able to use IPv6.
  • Train network staff on IPv6 configurations and security features.
  • Integrate IPv6 into cloud deployments.
  • Secure tunnels and translation protocols in mixed IPv4 and IPv6 environments.
  • Continue to use access control lists and filters to secure network traffic.
  • Stay knowledgeable on IPv6 vulnerabilities, and maintain patch levels.

Wrap-up

When it comes to IPv6 management, it's essential to plan for the future. When IPv4 addresses released in the 1980s, people didn't anticipate the internet revolution or consider efficient allocations and routing table sizes. With IPv6, only a small percentage of the possible addresses are currently available. The remainder have been reserved for potential future innovation.

IP address blocks are allocated in a more efficient and hierarchical manner, which results in reduced routing table sizes for internet routers. IPv6 address blocks are typically allocated to individual organizations in larger blocks, which should minimize reliance on NAT.

As you move toward IPv6, make sure you know how to use IPv6, and consider the following:

  • Most network devices, such as workstations, servers, etc., are already IPv6-compatible.
  • Train network staff on IPv6.
  • Continue to use IPv4 on your internal network if you prefer. Some translation already occurs on the internet beyond an organization's network perimeter, and you can implement internal compatibility if needed.

IPv6 is the future of network communications. Future-proof your environment, and begin a migration for a more flexible and secure online world.

Damon Garn owns Cogspinner Coaction and provides freelance IT writing and editing services. He has written multiple CompTIA study guides, including the Linux+, Cloud Essentials+ and Server+ guides, and contributes extensively to TechTarget Editorial and CompTIA Blogs.

Dig Deeper on Network infrastructure