IPv6 (Internet Protocol version 6) is more efficient, more secure, and more mobile-friendly than IPv4. And in an exploding ecosystem of Internet-capable smart devices which IPv4’s 4.3 billion addresses already can’t cover, IPv6 has enough IP addresses for every single atom on the surface of the Earth … plus another 100 or so Earth-like planets.
So, a day after the third annual IPv6 day, why aren’t we adopting IPv6 faster?
If anyone should know, CloudFlare CEO Matthew Prince should have a pretty good idea. A content delivery network, CloudFlare moves more data and pushes more pageviews to more people around the globe than Facebook — 150 billion pageviews a month.
I talked to Prince about IPv6, CloudFlare, and the current state of adoption. Unfortunately, it pretty much sucks.
“The good news is that from Jan. 1 to today, we’re seeing 26.5 percent growth in IPv6 usage,” Prince told me yesterday. “The bad news is that it’s still just 1.5 percent of all requests. If we keep growing at this rate, then it will take until May 10 of 2148 before we can finally retire IPv4.”
(The original version of this article said 2048 — I misunderstood Prince on the phone.)
Prince is hoping that the growth will not be steady-state but exponential, accelerating through the adoption curve. Even if that happens, however, CloudFlare predicts that full IPv6 adoption would take seven years, until January 2020.
“IP” is Internet Protocol, which gives an address and location to every Internet-capable device. The current iteration, version 4, has its roots in 1980, around the time when people like Ken Olsen, the founder of Digital Equipment Corp, still said stupid stuff like: “There is no reason for any individual to have a computer in his home.” Now of course, everyone has five or six, including one in their pocket, another in their TV, on for the sofa, another hooked up to their TV, a couple in their cars, and a few big ones lying around in various places throughout their homes on large flat surfaces with chairs.
IP version 6 was born in 1996, give or take, and offers 340 trillion trillion trillion unique identifiers — more than we could ever conceivably need. And it offers built-in multicasting, better tracking (which could simultaneously make the internet both more secure and less private), more efficient processing by routers, and support for larger packet sizes, which could speed deliver of large multimedia objects such as Netflix movies.
So it’s definitely better. So why the long delays in implementation?
According to the Internet Society, much of that is because technologies like NAT (network address translation) have enabled many ISPs and companies to use a single IP address for many machines. But the biggest problem is that IPv6 requires time and investment, and since there are some workarounds that have done the job until now, many organizations aren’t willing to lay out cash for no clear or immediate return.
For its part, CloudFlare says it’s there to support customers whichever way they go.
“If we’re not the largest provider of IPv6 web, then we’re close — we have over a million sites that are IPv6 enabled,” Prince told me. “But we’ve continued to roll out a dual-stack solution and let customers choose. That’s the real driver of growth … especially the U.S. government.”
Interestingly, IPv4 is turning into a growth driver for CloudFlare. Asian ISPs, who can’t get new IP addresses on IPv4 anymore since Asia ran out two years ago, are turning to CloudFlare to host on IPv6, and then make sites available via CloudFlare’s IPv4 capability as well. That’s mostly for small, personal sites, but Prince takes some satisfaction in enabling budding web builders:
“We’re helping preserve $9.99 hosting, which is where a lot of good things start,” he says.
Even more interesting, however, CloudFlare — which protects sites from hacking attacks — is starting to notice IPv6-only hack attacks. While historically only a tiny fraction of hacking attacks, .3 percent, originated from IPv6 vectors, that’s taken a sharp uptick lately. This shows that even though IPv6 can be more secure than IPv4, DDOS attacks, which rely on botnets of compromised PCs which are hacked, drafted, and used as pawns by hackers to attack other sites, still work. In other words, even if you know exactly where the attack is coming from, that doesn’t always help in deflecting it.
The real driver, however, is that hackers have discovered something about legacy security products.
“We speculate that some attackers have discovered that a lot of legacy security products assume an IPv4 world,” Prince explains. “They’re doing IP address blacklisting, which doesn’t work in the IPv6 world. Since a lot of the security products were not designed for IPv6, they don’t know what to do, and just pass the traffic on … so IPv6 becomes a way of by-passing legacy security products.”
The biggest IPv6 attack that CloudFlare saw, just two weeks ago, was a 3GB/second DDoS (Distributed Denial of Service) attack, focused on CloudFlare itself, not one of its customers.
I guess the one good thing about hackers starting to use IPv6 is that it’s at least one sign of increased life in the protocol.
Which, frankly, is almost a good sign right now.