Editor’s Note:
Cyber threats, Internet of Things, privacy and Internet freedom are often front page news and are at the forefront of public consciousness. At the same time, IPv6, started almost 20 years ago and which promoters promise will address the aforementioned issues, began to gain traction in 2014 (e.g. Google IPv6 traffic doubling in use from 2.5 to 5% of traffic). But will IPv6 live up to its promise and is it even necessary?
This is the question that, MIT graduate and Avinta CTO, Abraham Chen asked late last year after observing the parallels between seemingly disparate technologies. His query led to several months of research, refinement and peer evaluation of an idea for extending the existing IPv4 protocol to solve for the explosion of “things” in the so-called Internet of Things. The following is his abstract of a longer paper that delves into the question.
Preface:
This paper proposes tweaks to the existing protocol, IPv4, to achieve the same goals as IPv6 with less costly infrastructure upgrades and less burden on IT staff, while providing a simpler approach to offering privacy and support of the explosion of devices enabled by the Internet of Things. This study also uncovered certain philosophical disparities between Internet and telephony industries. It appears that Internet performance could be significantly elevated if some of the latter’s experience is utilized.
The following is an excerpt of the report:
Abstract
As soon as Internet became popular, talks began to spread that its assignable IPv4 address pool (about 4.096B) would be exhausted before too long. Even with two companion technologies, NAT (Network Address Translation) and DHCP (Dynamic Host Configuration Protocol), the pressure still continued to build. IPv6 was thus developed and put into use. It turns out that IPv6 is not a superset of IPv4, nor is it capable of encapsulating the latter. Thus, the two systems have run side by side.
The main motivation for IPv6 commonly conveyed to the public is to create a big enough address pool for the upcoming IoT (Internet of Things) that will exceed IPv4’s capacity. Among publicly available literatures, however, it has not been clear about the number of IoT devices. A recent Cisco online paper provides the most up-to-date forecast that by Year 2020 the worldwide population will be 7.6 billion, while IoT in use will be 50 billion which averages to 6.58 IoTs per person. These provide us a good baseline for quantitative analysis.
Mimicking PABX (Private Automatic Branch eXchange) extending PSTN (Public Switched Telephone Network) numbering plan, a scheme of reclaiming part of the well-known re-usable private network address block 192.168.0.0/16 to relieve the IPv4 pool shortage is proposed. By redefining the boundary between the public and private in the address space, the assignable public IPv4 addresses may be extended (by a multiplication factor of 256) to cover the projected IoTs. In fact, such an extended pool is so large (1048.576B) that only 1/16th of the original IPv4 public address space is sufficient to start with, freeing up the majority 15/16th of the pool for future applications.
The figure below depicts the proposed ExIP address assignment architecture:
Implementing this Extended IPv4 (ExIP) address scheme consists of:
Adding a new layer of simple (Semi-Public) routers to extend the Internet routing. These routers could be co-located with the existing Internet edge routers, or even be absorbed into them through software enhancement.
As to encoding this proposed ExIP information in the IP packets, there is a recent IETF (Internet Engineering Task Force) draft document called EnIP (Enhanced IPv4) that utilizes the existing option to carry double IPv4 address (total of 64 bits) in the IP Header. In comparison, ExIP format needs only 40 bits to fully identify a public entity on Internet.
On each customer premise, the capacity demand on RG (Residential Gateway) will be accordingly reduced, while DMZ (De-Military Zone) may be utilized to work with NAT for accomplishing optional selective end-to-end connectivity. This is analogous to AA (Auto Attendant) capability for PABX.
Although IPv6’s direct end-to-end connectivity is enticing, it removes the basic buffer against intruders offered by IPv4 based practices. A close analogy for this comparison may be drawn between telephony’s CENTREX (CENTRal office EXchange) and PABX. A telephone station on the former is directly reachable from any PSTN telephone, thus having no defense mechanism against un-wanted/telemarketer calls. The latter is slower in setting up an incoming call due to the AA process, but allows only welcomed callers to get through.
Once the above analogies between Internet and PSTN are established, several subtle issues become evident through the parallelism between the two:
A. IP address assignment practice is counterproductive to the advertised Internet intention.
Contrary to common perception, PSTN numbers are not controlled by a few regulated telephone operating companies, but by respective governmental agencies. On the other hand, Internet IP addresses are assigned by ISPs (Internet Service Providers). The latter approach ties IP addresses to many unregulated business entities with frequent unpleasant experiences that consumer has no place to report. This will become an even more serious issue upon the extensive use of IPv6, because to benefit from it, the assignment will be not only static, but also permanent.
B. Locality information in device identification facilitates connection as well as locating perpetrator.
PSTN phone numbers, carrying significant locality information about telephone equipment in use, enable the switching system to not only efficiently establish a connection, but also promptly pinpoint the origin of a call to within a finite area. IP addresses on the other hand, being grouped under respective ISPs, carry hardly any locality information, making routing less efficient. Compounded by the extensive use of DHCP, locating an Internet hacker becomes a real challenge. If IP address assignment followed the same practice as PSTN, locating an Internet hacker will be a finite task. Even if the hacker created spoofed addresses, the governing backbone routers would spot the exception immediately, thus preventing the associated packet from entering the Internet.
C. Direct addressing invades personal privacy, while exposing terminal devices to attacks.
The Extended IPv4 addressing scheme utilizing NAT and DMZ to achieve end-to-end connectivity maintains a buffer mechanism that allows shared proxy security devices the chance to work. It is not clear why IPv6, which requires individualized security reinforcing software in every IoT, may perform better.
D. Divide and Conquer is the fundamental rule of a large system.
Both the existing and the Extended IPv4 addressing schemes shield the private network IoTs from the public Internet. These conform to the same demarcation line concept that has served well for all four existing utilities, water, gas, electricity and telephony. Encompassing all IoTs within the publicly addressable space for the sake of end-to-end connectivity, IPv6 will make the entire Internet less robust, more difficult to troubleshoot and harder to defend against intrusion, simply because the system becomes overly complex by the presence of a huge number of IoTs having nothing to do with the system’s performance, except introducing distractions. Why should the demarcation concept be not applicable to the Internet?
E. Root Cause vs. Manifestations
In summary, we believe that taking a hard look beneath the many symptomatic issues of the Internet to get to their root causes is what is required at this stage of its development. We also strongly believe that lessons learned from over a century of experience in PSTN can be gainfully applied to assist in laying the foundation for a robust Internet.
For detailed analysis, please see a full document at
http://www.avinta.com/phoenix-1/home/IPv6Myth&InternetVsPSTN.pdf
Abraham Y. Chen
V.P. Engineering
Avinta Communications, Inc.
Milpitas, CA 95035-4401 USA
6 replies on “IPv6 – Is There a Better Way?”
And here is a informational white paper that Abraham authored that, “describes a solution, called Extended IPv4 (ExIP), to the Internet address depletion problem by utilizing the existing option mechanism in the IPv4 header.”
Read more at: http://www.avinta.com/phoenix-1/home/IETF-Draft-ExIP.pdf
Except a ton of devices and software would have to be updated to work with “ExIP”, which none are capable of right now, while there are ton of IPv6 devices and software already out there, so you would have to basically start over on deploying the new specification.
Yes, for the long term, new Edge Routers should be developed and deployed. On the other hand, if you recognize the fact that the SPR (Semi-Public Router) is an adjunct device to the current router architecture, the immediate deployment will be “stealth”. Initially, SPR will be installed only where it is needed. And, to start with, the hardware modules already exist. Only firmware simplification effort is needed. ….
You are basically talking about CGNAT, which is already in use, it sucks. If behind one you lose the ability to receive connections from anyone in the world. And why develop new routers to handle new methods when a tone of devices and routers already handle IPv6.
Even in your picture you have a router with the same subnet on two interfaces, a router cant have 192.168.2.0 which must be part of a /16 on the external interface then have 192.168.2.*** on the internal, routing dosnt work that way. If you can’t even understand that, how should we feel about anything else you are proposing.
To consolidate related discussions and to avoid cluttering this website, I have posted our full thread of exchanges on Avinta’s website: http://avinta.com/phoenix-1/home/ExIP_Discussion_1.pdf
Abe continues to refine his idea and it is gaining traction, as evidenced by this article
https://www.nojitter.com/post/240173760/examining-emerging-network-protocols