India tops in IPv6 deployment
Last month, along with the Independence day, India also celebrated 25 years of internet and mobile, with a pledge to become atmanirbhar. The digital transformation facilitated by the adoption of next-generation technologies and the new Internet (IPv6) offers a low-hanging fruit to achieve this ambition fast. A number of misconceptions over security properties and privacy features of IPv6—the new generation internet which is solving the problem of IP address shortages of the IPv4 version—exist.
- In the last few years, IPv6 momentum in Industry has dramatically increased. These large IPv6 deployments in business have been driven by falling costs, decreasing complexity, improving security and eliminating barriers to innovation in networked information systems.
- Mobile networks, data centres and leading-edge enterprise networks, for example, have been evolving towards IPv6-compatible networks.
- The most well-known benefit that IPv6 offers is the exponentially increased address space, providing many more unique IP addresses than what can be derived through IPv4, and hence, covering all users and devices connected to the internet. The 32-bit IPv4 addressing format enables only 4.3 billion IP addresses across the globe.
- Operators use measures like NAT (Network Address Translation) and CIDR (Classless Interdomain Routing) to somewhat extend the utility of IPv4 addresses.
- However, NAT has its own limitations, and given the rate of internet users growth, 5G, and IoT adoption in the country, NAT is simply not desirable going forward.
- IPv6, on the other hand, has enormous address space, practically inexhaustible in the foreseeable future. Therefore, it allows simple, seamless, and cost-effective connectivity for service providers, enterprises and end-users.
- The 128-bit IPv6 addressing format offers 340 sextillion IP addresses, making it extremely future-proof. But, that’s not all; IPv6 is also considered a protocol of better reliability, security and privacy.
- Also, IPv4 packets are often blocked by corporate firewalls because they could potentially carry malware. But IPv6 promises better reliability and security as IPSec, a protocol for authenticating and securing all IP data, is built into IPv6 as a default.
- Actually, IPv6 is vastly different from IPv4, often in complex and subtle ways. The IPv6 operating systems create automatically two IPv6 addresses.
- One IPv6 with randomised MAC address in the suffix to hide the device identity and be used for web surfing so that nobody can identify who is connecting to its web site.
- IPv6 also supports more-secure name resolution. The Secure Neighbour Discovery (SEND) protocol is capable of enabling cryptographic confirmation to confirm the identity of the host at the time of the connection.
- This renders Address Resolution Protocol (ARP) poisoning and other naming-based attacks more difficult. And, while it isn’t a replacement for application or service-layer verification, it still offers an improved level of trust in connections.
- With IPv4, it is fairly easy for an attacker to redirect traffic between two legitimate hosts and manipulate the conversation or, at least, observe it.
- Though IPv4 also offers IPSec support as an optional feature, it is mandatory in IPv6. IPSec consists of a set of cryptographic protocols designed to provide security in data communications.
- IPSec has some protocols that are part of its suite: AH (Authentication Header) and ESP (Encapsulating Security Payload). The first provides for authentication and data integrity, the second, in addition to these, also for confidentiality.