Beneath the glossy multimedia exterior of the Internet is a network
which was never designed for use by billions of individuals. In fact,
the Internet has its roots in the early military/university research
network called the ARPAnet (Advanced Research Projects Agency).
From the original implementation on Sept. 2nd, 1969 to today, it has
grown from a single node to a global community. The protocol which
facilitates the global reach of the Internet is called the Internet
Protocol(IP), which as implemented in most systems is version 4
(IPv4). An enhanced Internet Protocol has been designed called IPv6 by
the Internet Engineering Task Force (IETF). As this article shows,
IPv6 has significant improvements over IPv4, but by no means is it a
panacea. The three main problems with the current Internet are address
space depletion, routing overload, and security. This article
discusses these problems and the efforts to combat them.
On the Internet, the address of each machine must be distinct. The
IPv4(Internet Protocol, version 4) specified 32 bit addresses which
means that there is a maximum of about 4 billion possible addresses.
In the new protocol of IPv6, they have specified 128 bit addresses,
which should solve the address problem for the next decade.
Or should it? It is not enough to have sufficient addresses. It is
also necessary to be able to reach each address in a scalable way.
This means that the assignment of addresses must be linked to the
routing in such a way that efficient routing can be performed.
Efficient routing is typically approached using the method of
hierarchical routing. To understand hierarchical routing, the
analogous problem of routing telephone calls is examined. If telephone
numbers were assigned randomly, then every routing switch would need to
have a list of every telephone number. In the U.S., this would mean
roughly 100 million numbers. By assigning telephone numbers
hierarchically, that is, by country, then state, then region, routing
switches at different levels only need to know the numbers for their
level. For example, a large state-level switch only needs to know the
3 digit area codes in the U.S. to route a call to the correct local
routing switch. So, instead of 100 million numbers, it only needs to
know 1000 numbers. Thus, hierarchical routing significantly reduces
the required address information at every switch, and provides an
efficient way to reach an address. Consequently, hierarchical routing
has the important advantage that it is scalable to an Internet of
any conceivable size.
However, it has some disadvantages as well. First, when the network
topology changes, the addresses will also have to be changed because
the efficient routing was linked to the address assignment which was
linked to the network topology. Second, hierarchical routing does not
solve the problem of load balancing. Load balancing refers to
dynamically changing the routing so that the network traffic is
equalized as much as possible over the Internet nodes. The best
analogy is to traffic patterns in large cities during rush hour. In
this analogy, load balancing would refer to dynamically reducing the
traffic on jammed streets by distributing it over lesser traveled
streets. Hierarchical routing does not address this major problem.
Regarding the problem of address changes, there are a number of
approaches. In IPv6, address autoconfiguration and renumbering were
specified. Address autoconfiguration refers to simplifying the
configuration of hosts and enabling the host to change its own address
so that human intervention is either not necessary or minimally
Suppose that address renumbering has been requested. In this
situation, the host has received the new address, but still has
communications bound to the old address. Furthermore, new requests for
new communication bindings are constantly arriving. The logical
solution is to assign the new TCP/IP communications to the new address
and allow the old TCP/IP communications to continue at the old address
for as long as possible. This method is the one specified in IPv6.
How is the renumbering of the addresses done? The renumbering is a
complex problem because renumbering a site involves updating the domain
name system (DNS) databases, router configuration information, and even
commercial licensing databases. In particular, many software vendors
base their licensing model on specific addresses - their software is
licensed to one address for 1 year. When renumbering is necessary, it
would also entail changing the databases at software vendors.
In order for Internet commerce to flourish, one of the necessities is
network level authentication and encryption. Authentication refers to
the problem of verifying a packet's source address. This can be
translated easily to "Did this message come from the person who signed
it?" Intrusions via changing the source address in packets are so
common that they have earned the name IP spoofing. IPv6 directly
addresses this problem by providing a native authentication header and
a standard algorithm called MD5. In a typical trusted communications
situation, the client and server both know a key. When a packet is
sent, the MD5 algorithm is used to create an encrypted verification
message of the key combined with the contents of the packet including
the source address. This process is repeated on the receiving side and
the computed verification message is compared to the verification
message received. If they are the same, then the complete contents of
the packet including source address are authenticated.
In IPv4, there was no provision for encryption at the network layer.
For example, this means that a third party could read a password or
other confidential data as it is transmitted from client to server
during a browser or rlogin session. IPv6 specifies the Encapsulating
Security Payload(ESP), which provides encryption of the data in IP
packets. In "transport mode" encryption, the IPv6 header and extension
headers are not encrypted but the transport header and payload are. In
"tunnel mode" encryption, the IPv6 header and extension headers are
encrypted with the transport header and payload. Thus, IPv6 provides
host to host packet level security.
The Internet is going through growing pains and there are efforts such
as IPv6 to reduce the amount of stumbling. IPv6 is a good start toward
a scalable Internet, but it also ignores some important long term problems.