IPv4 and IPv6 Architectures
IPv4 was designed in 1980 to replace the NCP protocol on the ARPANET. The IPv4 displayed many limitations after two decades. The IPv6 protocol was designed with IPv4’s shortcomings in mind. IPv6 is not a superset of the IPv4 protocol; instead, it is a new design.
The protocol contains a couple aspects which caused problems with its use. These problems do not all relate to security. They are mentioned to gain a comprehensive understanding of the internet protocol and its shortcomings. The causes of problems with the protocol are:
1. Address Space
5. Quality of Service
- The IPv4 architecture has an address that is 32 bits wide. This limits the maximum number of computers that can be connected to the internet. The 32 bit address provides for a maximum of two billions computers to be connected to the internet.
- The problem of exceeding that number was not foreseen when the protocol was created. The small address space of the IPv4 facilitates malicious code distribution. Routing is a problem for this protocol because the routing tables are constantly increasing in size. The maximum theoretical size of the global routing tables was 2.1 million entries.
- Methods have been adopted to reduce the number of entries in the routing table. This is helpful for a short period of time, but drastic change needs to be made to address this problem.
The TCP/IP‐based networking of IPv4 requires that the user supplies some data in order to configure a network. Some of the information required is the IP address, routing gateway address, subnet mask, and DNS server.
The simplicity of configuring the network is not evident in the IPv4 protocol. The user can request appropriate network configuration from a central server. This eases configuration hassles for the user but not the network’s administrators. The lack of embedded security within the IPv4 protocol has led to the many attacks seen today.
- Mechanisms to secure IPv4 do exist, but there are no requirements for their use. IPsec is a specific mechanism used to secure the protocol.
- IPsec secures the packet payloads by means of cryptography.
- IPsec provides the services of confidentiality, integrity, and authentication. This form of protection does not account for the skilled hacker who may be able to break the encryption method and obtain the key.
When internet was created, the quality of service (QoS) was standardized according to the information that was transferred across the network. The original transfer of information was mostly text‐based. As the internet expanded and technology evolved, other forms of communication began to be transmitted across the internet. The quality of service for streaming videos and music are much different than the standard text. The protocol does not have the functionality of dynamic QoS that changes based on the type of data being communicated.
2. IPv6 Architecture
When IPv6 was being developed, emphasis was placed on aspects of the IPv4 protocol that needed to be improved. The development efforts were placed in the following areas:
1. Routing and addressing
2. Multi‐protocol architecture
3. Security architecture
4. Traffic control
- The IPv6 protocol’s address space was extended by supporting 128 bit addresses.
- With 128 bit addresses, the protocol can support up to 3.4 * (10)^38 machines.
- The address bits are used less efficiently in this protocol because it simplifies addressing configuration.
- The IPv6 routing system is more efficient and enables smaller global routing tables.
- The host configuration is also simplified. Hosts can automatically configure themselves.
- This new design allows ease of configuration for the user as well as network administrator. The security architecture of the IPv6 protocol is of great interest.
- IPsec is embedded within the IPv6 protocol. IPsec functionality is the same for IPv4 and IPv6. The only difference is that IPv6 can utilize the security mechanism along the entire route.
- The quality of service problem is handled with IPv6. The internet protocol allows for special handling of certain packets with a higher quality of service.
- From a high‐level view, the major benefits of IPv6 are its scalability and increased security.
- IPv6 also offers other interesting features that are beyond the scope of this paper. It must be emphasized that after researching IPv6 and its security features, it is not necessarily more secure than IPv4. The approach to security is only slightly better, not a radical improvement.