IPng Status

By: Scott Bradner

There was quite a bit of IP next generation (IPng) activity at the IETF meeting that was held in Danvers two weeks ago. Things are coming together, a bit slower than we hoped, but coming together none the less.

For those of you who have not already seen this N times here is a quick overview of the features of IPv6 (as IPng is formally known). The addresses in IPv6 are each 128 bits long, up from 32 bits in the current version of IP (known as IPv4). This does not mean however that IPv6 can address four times as much as IPv4. It can address, in theory, 4 billion times 4 billion times 4 billion times the total IPv4 number of nodes. This sounds like quite a large number (it is) but due to the inefficiencies of real-world address assignment and the addition of an easy to use autoconfiguration, process the actual increase in addressing capability, while huge, is far less.

The IPv6 packet header is much simpler than the IPv4 one with unused or infrequently used fields removed or moved to optional extension headers. A mechanism for the addition of new options to the IPv6 header has been defined. This provides a built-in extensibility that will allow IPv6 to change with changing requirements in the future. IPv6 mandates support for strong security, a topic that fostered considerable discussion in Danvers. IPv6's flexible address autoconfiguration will move IP closer to the type of plug-and-play that Apple and Novell have already shown to be so useful. The IPv6 header includes a flow ID field that can to be used to establish different levels of service quality for different applications. In addition, a simple transition and co-existence plan has been worked out that will permit both a migration from IPv4 to IPv6 for those sites or hosts where this is desired and a long term co-existance where data may be exchanged between computers supporting IPv4 and IPv6 .

Almost all of the basic documents are done or awaiting the minor editing changes that arose during the Danvers meeting or during discussions on the mailing lists. These documents will be ready within a few weeks for the first stage in the standards process. A few documents still need a bit more work but most of the technical details have been worked out. They will take a bit longer.

The biggest and most heated discussion during the Danvers' meeting was over security. No one disputed the need for strong security on the future Internet and in private networks, but there was disagreement over tactics. The current IPng recommendation, as written by Allison Mankin and me, requires that all IPv6 implementations that wish to be listed as standards compliant must support packet-level authentication, a specific authentication algorithm, packet-level encryption and a specific secure encryption algorithm.

There is no disagreement over the authentication recommendation but there is over the encryption one. The problem is not that vendors do not want to support encryption. The problem is that a number of governments, including the U.S. government, restrict the export of encryption, and other governments, including that of France, restrict the use of encryption. A vendor who builds an IPv6 product in the U.S. and wants to export it faces a dilemma: build a product that supports the specified encryption algorithms and fight, often unsuccessfully, for the munitions export license that is required for export or export a product that the vendor must admit is not fully standards compliant. After considerable and sometimes interesting, in the negative sense of the word, discussion, the consensus of the meeting was to retain the current recommendations.

The initial phase of the IPng development process is coming to a close and the temporary IETF IPng area is about to close. There are already a few working implementations of the parts of the protocols that have been agreed to and we expect to see more soon. It has been an interesting, in the positive sense of the word, process that I would not turn down if I had to do it all over again even though it did involve occasionally frustrating episodes of attempting to herd cats.

There is an IPng archive on ndtl.harvard.edu for anonymous ftp, gopher or www access.

Disclaimer: Historically Harvard values privacy highly and thus might be interested in encryption and the cohesiveness of the University often closely resembles a herd of cats, but these are the opinions of one of the IPng herdspersons and not, as far as I know, Harvard.