IPV6 vs IPV4: what are they, what’s the difference, which is most secure?
Published by on October 21, 2016 in VPN & Privacy

Peugeot 407 IPV6 engine
IP, short for Internet Protocol, is how devices connected to the internet locate and communicate with each other. Every device connected to the internet–computers, smartphones, servers, cars, smart refrigerators, etc–is assigned at least one IP address. An IP address identifies a device and its location anywhere in the world. IPv6 is the latest version of this technology.

You can think of an IP address like a phone number. It has an area code pointing to a general location. Phone numbers are usually associated with specific people or businesses, so they are a reliable yet imperfect way of identifying someone.

IPv4 was created in 1983 before the internet ever went global, and yet it remains the primary means of routing internet traffic between devices today. A public IPv4 address, such as the one assigned to whatever device you’re reading this article on, is made up of numbers and digits. It looks something like this:

123.45.67.89

An IPv4 address can be any combination of four individual numbers from 0 to 254. That’s four bytes, with a total range of 4.3 billion possible addresses.

Sounds like a lot, right?

But the massive spike in devices coming online is starting has exhausted the system. We’re running out of numbers. Eventually we’ll hit the limit, which could cripple the internet and prevent new devices from going online.

This is where IPv6 comes in. It does essentially the same thing as IPv4, except there are a whole lot more addresses available. A public IPv6 address looks like this:

2001:db8::ff00:42:8329

IPv6 addresses contain 128 bits each, and they use hexadecimal digits. That means instead of zero through 10 (base 10), they can use zero through 10 plus ‘a’ through ‘F’ (base 16). This gives us a total range of 340 undecillion (3.4 x 10^28) possible combinations.

We won’t have to worry about running out of IPv6 addresses any time soon.

So why don’t we just switch to IPv6 already?

The transition process has been slow. The bottleneck primarily lies with internet service providers, but also with data centers and end users.

IP addresses are managed by five global registries–one for each continent/region–who hand out 16.8 million IPv4 addresses at a time. Between 2011 and 2015, all but one out of the five registries exhausted their top-level addresses.

To handle this problem, most ISPs assign users dynamic IP addresses. That means your IP address probably changes periodically–likely each time you connect to a different network. Devices that go offline relinquish their IP addresses so they can be used by others. Basically, you rent but don’t own your IP address. This significantly slows down the depletion of IPv4 addresses.

The transition is happening, but for now IPv4 and IPv6 operate simultaneously. Google reports that about 14 percent of its users access it over IPv6, up from less than 10 percent one year ago. The stage of deployment is varies between countries. About half of US users now use IPv6 according to Comcast.

The biggest factor holding back IPv6 deployment is cost. It costs time and money to upgrade all the servers, routers, and switches that have for so long depended solely on IPv4. While most of these infrastructure devices could hypothetically be upgraded, many companies prefer to wait until they need to be replaced. This process of attrition has slowed things down.

Is IPv6 more secure than IPv4?

When IPv6 was first launched, it required companies to encrypt internet traffic with IPSec, a fairly common (but not nearly as common as SSL) encryption standard. Encryption scrambles the content of internet traffic so anyone who intercepts it cannot read it.

But in order to get more companies on board, that requirement transformed into more of a strong suggestion. Encrypting and decrypting data requires computing resources, which requires more money. IPSec can also be implemented on IPv4, which in theory means IPv6 is equally as safe as IPv4. We’ll likely see an increase in IPSec use overall as we transition, but it’s not required of everyone.

While we’re in the transition phase, some experts argue IPv6 users are actually more at risk than those who stick to IPv4. Some ISPs use transition technologies–IPv6 tunnels, in particular–that make users more vulnerable to attack. A tunnel broker is normally used by ISPs to give users on their IPv4 networks access to IPv6 content. Hackers can target IPv6 tunnel users with packet injection and reflection attacks. Note that some tunnel brokers offer better security than others.

The transition is expected to take several more years before it’s complete, so these transition methods will remain in place for some time.

Another potential security issue comes with a new IPv6 feature: autoconfiguration. This allows devices to assign themselves IP addresses without the need for a server. These addresses are generated using a device’s unique MAC address, which every phone, computer, and router has. This creates a unique identifier that third parties could use to track specific users and identify their hardware. Windows, Mac OSX, and iOS devices already have privacy extensions installed and enabled by default, so this won’t be a problem for most people.

Is IPv6 faster than IPv4?

IPv6 won’t have any significant impact on internet speeds compared to IPv4.

That being said, some transition methods like IPv6 tunnels will create extra latency when requests are converted to IPv4 and vice versa.

Are there any other major differences between IPv4 and IPv6?

Creating a larger address space is the primary goal of IPv6, but it does include some other bells and whistles that set it apart from IPv4. Most of these upgrades won’t be that interesting to you unless you’re a network administrator, but we’ll list them here anyway.

  • Multicasting allows a single packet to be transmitted to multiple destinations in a single send operation.
  • Autoconfiguration allows devices to automatically configure their IP address and other parameters without the need for a server
  • Network-layer security adds IPSec encryption to all nodes, though it’s no longer a strict requirement
  • IPv6 will work better on mobile devices by eliminating triangular routing
  • The processing required by routers handling requests is much more efficient and simplified

How does IPv6 affect my VPN?

Unfortunately, almost all VPNs operate solely on IPv4. If you submit a request for a website that defaults to an IPv6 address, it will resolve using an IPv6 DNS server that’s outside of your VPN network. This is called an IPv6 leak, and it can reveal your true location to a geo-locked website or app such as Hulu and Netflix. If the website is set up to detect such leaks, it can block you from viewing content. You can test for IPv6 DNS leaks here (it also tests for IPv4 leaks).

While we encourage users to get on board with IPv6, in this case you would have to disable it on your computer, tablet, or smartphone. This can usually be done somewhere in the internet connection settings, depending on your device.

Very few VPN providers support IPv6 at all due to the extra costs of running an IPv6 DNS server.

How can I switch to IPv6?

You can switch to IPv6 simply by enabling it on your computer and/or smartphone. Most newer devices will have both enabled by default. If not, you can toggle it on in your internet connection settings.

When ISPs, web companies, and wifi router makers see that more customers are using IPv6, they’ll respond in kind.

You can also help out by spreading the word on June 6, which is the annual World IPv6 Day.

Peugeot 407 V6 petrol engine” by Tennen-Gas licensed under CC BY-SA 3.0

Leave a Reply

Your email address will not be published. Required fields are marked *