I Dream of IoT/Chapter 2 : IoT and IPv6

Introduction

Nowadays, large numbers of devices have shown up on the internet, ranging from computers, phones, smart cars, wearables etc. In order for the devices to communicate with each other, each requires a unique series of numbers known as an IP address e.g. XXX.XXX.XXX.XXX, with each "XXX" ranging from 000 to 255. If you look around your surroundings, how many devices are already connected to the internet? Imagine if everyone on the planet had at least one device that connected to the internet: there would be more than 7.2 billion devices on the internet. But if the current internet protocol, IPv4, uses a 32-bit system and is only able to allocate about 4.29 billion addresses, what do we do about the rest?

The newest internet protocol IPv6 uses a 128-bit system, which means 3.40 x 1038 (or, 340,000,000,000,000,000,000,000,000,000,000,000,000) addresses can be generated, an enormous number able to accommodate Gartner’s prediction of 26 billion devices online by the year 2020.[1] In other words, this should be sufficient for the needs of the current and future world, where everything around us will be connected together. The move from IPv4 to IPv6 will significantly affect the future of the Internet of Things (IoT).

As previously stated, IPv6 will play an important role in the IoT. IPv6 is 128-bit for IP addresses which means that we will have 2^128 addresses available. This type of address is represented equally in eight groups. Each group is 16 bits in size and represented by four hexadecimal digits. Unlike IPv4, which uses the dot (.) to separate each group, IPv6's different group are separated by colons (:).[2] This larger capacity of addresses enables IoT to be realized as it should be quite sufficient to address the needs of any present and future communicating devices and services. Use of IPv6 addresses to large-scale deployment of sensors in smart buildings and smart cities had already been demonstrated successfully through experimentation.[3]

IoT requires unique addresses. IPv6 address architecture splits unicast addresses into two: link-local addresses and global addresses. Link-local addresses are not guaranteed to be unique over larger networks, but global addresses are expected to be globally unique. A node (device or service) needs a unique global IP address to communicate over the internet. IPv6 can use Unique Local Addresses (ULA) in local networks larger than a single link, allowing unique addresses and preventing address collision. This means a local network can be routed to expand over multiple links and even multiple networks. Globally Unique Addresses (GUA) are guaranteed unique addresses around the world. Administration is performed by the Internet Assigned Number Authority (IANA).[4]

IPv6 provides a stateless mechanism by Dynamic Host Configuration Protocol version 6 (DHCPv6) to self-configurate an IP address. The nodes (devices and services) can define their own addresses and enable reduction of IoT configuration effort and deployment cost.[3]Additionally, IPv6 hosts will always configure addresses from the point of network attachment. Its additional hosts may have addresses configured from remote anchor points. These addresses belong topologically to locations other than the hosts’ direct points of network attachment, and this enables IPv6 to provide strong features and solutions to support mobility of end-nodes, as well as mobility of the routing nodes of the network.[4][3]

Routing

The purpose of routing is to choose the best network route among several available routes or paths to the destination. Routing concepts remain the same in IPv6, but there are some routing protocols which have been redefined accordingly. In Iot, everything is connected and needs high-speed routing to maintain a stable connection. A good routing protocol enables the router to calculate the route to the destination in a short period of time. Thus, the routing protocol has been upgraded to support IPv6.

The routing protocols used in IPv6 are Routing Information Protocol Next Generation (RIPng), Open Shortest Path First version 3 (OSPFv3) and Border Gateway Protocol version 4 (BGPv4). RIPng is both an interior routing protocol and a distance-vector protocol. RIPng has been upgraded to support IPv6 networking. It uses Internet Protocol Security for authentication and requires specific encoding of the next hop for a set of route entries.[5]

OSPFv3 is an interior gateway routing protocol, which is widely used in the IPV6 environment. It is the realization of OSPFv2 for IPV4 in the IPV6 environment, though it runs on essentially the same basic principles. It is a link-state protocol and uses Djikstra’s Shortest Path First algorithm to calculate best path to all destinations. This version of OSPF uses IPv6 link-local addresses and has new Link-State Advertisement (LSA) which carries IPv6 addresses and prefixes.

BGP is the only open standard exterior gateway protocol available. BGP is a distance-vector protocol which routes autonomous systems. BGPv4 is an upgrade of BGP to support IPv6 routing. This is useful when modeling an existing network that spans autonomous systems or a very large one that to needs to be partitioned based on administrative control. Activating and configuring BGPv4 can provide a more accurate picture of expected network operation. [6]

There are changes made in protocols in order to support IPv6. For example, Internet Control Message Protocol version 6 (ICMPv6) is an upgraded implementation of ICMP to accommodate IPv6 requirements. This protocol is used for diagnostic functions, error and information messaging, and statistical purposes. ICMPv6’s Neighbor Discovery Protocol replaces Address Resolution Protocol (ARP) and helps discover neighbor and routers on the link. ICMPv6 messages are split into two: error messages and information messages. They are transported by IPv6 packets.

Besides ICMPv6, Dynamic Host Configuration Protocol version 6 (DHCPv6) is also an upgraded implementation of DHCP to support IPv6. IPv6-enabled hosts do not require any DHCPv6 server to acquire an IP address as they can be auto-configured. Neither do they need DHCPv6 to locate the Domain Name System (DNS) server because DNS can be discovered and configured via ICMPv6 Neighbor Discovery Protocol. Yet a DHCPv6 server can be used to provide the information.

There has been no new version of DNS, but it is now equipped with extensions to provide support for querying IPv6 addresses. A new AAAA (quad-A) record has been added to reply to IPv6 query messages. Now the DNS can reply with both IP versions (4 and 6) without any change in the query form.

Security issues of IPv6 in Internet of Things

Internet of Things (IoT) was introduced way back in 1999 by Kevin Ashton, co-founder and director of the MIT Auto-ID Center. Back then, the world population was only about six billion. However, world population has steadily grown since, nearing eight billion as of 2016. Thus, IPv6 was born.

IPv6 and the IoT go hand in hand today. While most of the communication made today is human-machine interaction, the IoT promises that communication will be human-machine as well as machine-to-machine. We can monitor, control, learn, and get connected with the outside world with only one internet-connected device, nowadays often in the form of a smartphone.

The smartphone is a revolutionary invention, completely changing the way we communicate with others. Together with IoT, the technological future looks bright. However, like any technology, it requires special considerations, including reducing the level of complications and ensuring security. There is one method which many have been using to make prevent the exhausting number of unique physical addresses that has in the past occurred with IPv4 while also improving IPv6 security: the Network Address Translation (NAT).[7]

NAT allows several devices or hosts to be connected to the internet with only one single address being used. NAT also has a security component even though NAT was initially not designed for security issues. Since all the computers or devices are only known as a single IP address from the WAN, the router would only send the data packets to the hosts that initially sent packets the source beforehand. Therefore, NAT actually functions as a firewall in addition to helping in the conservation of IP addresses.[7]

However, since IPv6 is still consider a new network protocol by many network administrators and IT personnel, it has historically had less support for security-related products on the market. Additionally, though there are people changing to the IPv6 routing protocol, the vast majority remain on IPv4. Hence, in order for the IPv4 network to route the packets sent from an IPv6 network, we have to employ a protocol known as tunneling. Tunneling comes with its own share of problems, however: the routing system is more vulnerable to denial-of-service (DoS) attacks, which cause network resources to become invalid. Last but not least, as the IoT would use IPv6 to connect every device to the internet, privacy would be one of the most controversial problems. Confidential data such as photos, business agreements, loans and so on would always be at risk of exploitation.[8][9] This is because every device is exposed to the internet with its own unique IP address, making it not protected by masking.

In conclusion, there is still a long way to go before IPv6 can be implemented in the world's network because of its questionable security profile. Among the plans to be developed for the implementation of IPv6 for IoT in the future include the training of network and security staff in IPv6 protocols and building more IPv6 expertise[7] by conducting more research in organizational network laboratories.

Implementation & Deployment

With a large majority of the internet still using IPv4[10], transition to IPv6 cannot be done overnight. Transition requires time and needs to be done in steps. The ultimate goal is to retire IPv4 completely, which will put an end to the problem of exhausting IP addresses. There are many transition mechanisms being implemented to, slowly but surely, fully implement IPv6, but only a few of the major ones will be covered here.[11]

Since IPv4 is so prevalent, transitioning to IPv6 without negatively affecting the current network requires devices that can run both versions of the protocol. That is where the idea of the first transition mechanism, dual stack, comes from. Devices will have connectivity to both IPv4 and IPv6 networks. Hence, the device has two (dual) protocol stacks. The device will choose which protocol to use based on the destination address while prioritizing IPv6 when available. This will ensure that the current IPv4 network will still be able to be used without a problem while taking steps towards a fully operational IPv6 network for the future. It is clear that we will need IPv6 to develop the IoT due to the sheer number of unique addresses available, but with the majority of established devices running on IPv4, the dual stacked devices will be the backbone of the current IoT as IPv6 gets integrated more and more into the network.

However, there are some issues with dual stack. This is due to the nature of some of the old devices which support only IPv4. This is where the next transition mechanism, tunneling, comes in. Tunneling basically uses IPv4 to carry the IPv6 packets. This is done by encapsulating the IPv6 packets within IPv4 so that the aforementioned devices can handle these packets. The packet will be able to travel in an IPv4 network until it reaches a dual stacked device which will detect the IPv6 packet encapsulated. The device will then be able to decapsulate the packet and send it travelling on an IPv6 network accordingly. IoT demands that every device be connected to the network. Currently, a mixture of devices that run on IPv4, IPv6 or both make up the IoT. Since transition to a full IPv6 network is the goal, the newer IPv6 devices must be able to connect to each other through the already established IPv4 network, which is what tunnelling was created to achieve.

While most equipment will be upgraded to IPv6, some legacy equipment will not. To complicate matters, there will also be new equipment that will only be able to run IPv6. For an IPv6-only device to be able to connect with IPv4-only equipment, proxying as well as translation must be used to deal with these connections. These are just a few of the methods used to slowly integrate IPv6 to the internet. It would be favorable to have all devices running on the same protocol, but alas, this cannot be done as there are still many old but very important devices running on IPv4. By ensuring that these devices will continue to be supported, a true IoT will be able to be created and experienced by all.

While there are methods being implemented to promote the growth of IPv6 networks, it is currently at a very slow pace. It was so slow, in fact, that Matthew Prince, the CEO of Cloudflare, a company dealing in the internet industry, stated in 2013 that it will take until May 10 of the year 2148 before IPv4 can be retired.[12] A study by Google shows that the adoption of IPv6 of its users is between 11 and 12 percent as of May 2016.[10] There are promising signs though that adoption is increasing.

Conclusion

As of May 2016, IPv6 users worldwide surpassed 11% for the first time since its launch on June 6, 2012.[10] For Internet of Things to have its true potential, it needs IPv6, the internet protocol of the future, because without IPv6, there will not be enough IP addresses for the billions more devices set to be connected to the internet. Although Network Address Translation (NAT) is being used in the existing IPv4 infrastructure to slow down the looming IPv4 address shortage, for improved scalability, strong security enablers, and sustainability, the adoption of IPv6 will be the key to the future.

References

1. "Gartner Says the Internet of Things Installed Base Will Grow to 26 Billion Units By 2020". Gartner, Inc. 12 December 2013. Retrieved 12 May 2016.
2. "IPv6 address". Wikipedia. Wikimedia Foundation. Retrieved 12 May 2016.
3. a b c "IPv6 advantages for IoT". IoT6.eu. Mandat International. Retrieved 12 May 2016.
4. a b Savolainen, T.; Soininen, J.; Silverajan, B. (2013). "IPv6 Addressing Strategies for IoT". IEEE Sensors Journal. 13 (10): 3511–3519. doi:10.1109/JSEN.2013.2259691.`{{cite journal}}`: CS1 maint: multiple names: authors list (link)
5. "Routing Information Protocol". Wikipedia. Wikimedia Foundation. Retrieved 12 May 2016.
6. "BGPv4". QualNet 3.6 User Manual. Scalable Network Technologies, Inc. Retrieved 12 May 2016.
7. a b c Rouse, M.; Burke, J. (18 June 2015), "Network Address Translation (NAT)", Search Enterprise WAN, TechTarget, retrieved 12 May 2016`{{citation}}`: CS1 maint: multiple names: authors list (link)
8. "Special Issue on Internet of Things security and privacy: design methods, detection, prevention and countermeasures". Elsevier B.V. 2014. Retrieved 12 May 2016.
9. Gibson, S. (8 August 2006). "NAT Router Security Solutions: Tips & Tricks You Haven't Seen Before". Gibson Research Corporation. Retrieved 12 May 2016.
10. a b c "Google IPv6". Google, Inc. 8 May 2016. Retrieved 12 May 2016.
11. Teare, D.; Paquet, C. (2007). "Chapter 10: Implementing IPv6". Building Scalable Cisco Internetworks (BSCI). Cisco Press; Network World. ISBN 9781587142420. Retrieved 12 May 2016.`{{cite book}}`: CS1 maint: multiple names: authors list (link)
12. Koetsier, J. (7 June 2013). "At our current rate of progress, IPv6 will be fully implemented on May 10, 2148". VentureBeat. VentureBeat. Retrieved 12 May 2016.