Why does the “Internet of Things” enforce the need for IPv6 addresses?

networking internet ipv6 localhost ipv4
6,771

Solution 1

The Internet of Things does not absolutely mandate IPv6, but for IoT to be useful or usable IPv6 is very much preferred.

IPv4, due to the limited number of addresses available means that not every device can have a public IP. For a cluster of devices to share an Internet connection then they have to share the IP via NAT technologies. If the devices want to host servers then they have to punch a hole through the device hosting an Internet connection using port forwarding or UPNP or related technologies. This can get complicated, especially if multiple devices want the same port for their servers. An alternative method is to have a central management server that both the home and remote devices dial in to in order to exchange data.

IPv6 does away with the need for NAT, port forwarding and the lot and allows every device to have its own public IP and associated ports. It removes complicated port forwarding rules and methods for punching holes in firewalls. It removes all the network co-existance problems that plague current devices. You can connect to devices without needing to configure firewalls or set up accounts on third party services that allow you to connect to your device.

Quite simply it allows the Internet to function in the way it used to before we realised we didn't have enough addresses to let every machine have its own public IP address.

To give a slightly more visual idea of how IPv6 and IPv4 allow the IoT to work imagine you have a fully automated home, with every device hosting a server where you can turn it on.

With IPv4 your network is complicated to set up (you will spend an age on your router setting up each individual port forward rule) and the best you get is a list of port numbers you have to write down in a text file:

  • myhomenetwork.com:80 (this is my router)
  • myhomenetwork.com:81 (this is my computer)
  • myhomenetwork.com:82 (this is my coffee machine)
  • myhomenetwork.com:83 (is this my TiVo?)
  • myhomenetwork.com:84 (could be a lightbulb, not sure)
  • myhomenetwork.com:85 (fish tank heater?)

It also means that unless you take the time to set up multiple ports for each device then they only have one port available and so can probably only present a webpage to the internet. For devices that want to show a http (web) server or ftp or SSH server this can get painful and annoying pretty quickly as you'll spend time opening up more ports and writing down what port you gave to what device.

IPv6 due to having publicly available IP addresses for every device means your network configuration time drops immediately and you can get a more sensibly named network and each device can easily host whatever services it likes:

  • myrouter.myhomenetwork.com
  • mycomputer.myhomenetwork.com
  • mytoaster.myhomenetwork.com:80 (http server, webpage showing a push-to-toast button)
  • mytoaster.myhomenetwork.com:21 (ftp server, so you can upload perfect toast settings)
  • mytoaster.myhomenetwork.com:22 (SSH server, for securely talking to your toaster)
  • myfrontroomlightbulb.myhomenetwork.com

And so on.

The IoT can work on IPv4 and be just fine, but IPv6 can make it work right.

Solution 2

There is just one IPv4 address per Network/Router that is connected to the Internet.

That is not even close to being true. You are seeing things through the eyes of a typical home network user.

Think for a minute what you, as a home user with only one public IP address, would do if you want to allow multiple devices using the same transport protocol and port, say two web servers, which by convention use TCP port 80, to be accessed from the public Internet. You can port forward TCP port 80 on your public IP address to one private IP address, but what about the other web server? This scenario will require you to jump through some hoops which a typical home user isn't equipped to handle. Now, think about the IoT where you may have hundreds, or thousands, of devices (light bulbs, thermostats, thermometers, rain gauges and sprinkler systems, alarm sensors, appliances, garage door openers, entertainment systems, pet collars, and who knows what all else), some, or all, of which want to use the same specific transport protocols and ports.

IP was designed for end-to-end connectivity so, no matter how many different hosts use the same transport protocol and port, they are uniquely identified by their IP address. NAT breaks this, and it limits IP in ways it was never intended to be limited. NAT was simply created as a way to extend the life of IPv4 until the next IP version (IPv6) could be adopted.

Many people confuse NAT with security, but NAT has nothing to do with security. Firewalls and other things, perhaps anti-virus software, etc., give you security. Home networking devices usually include a NAT router and firewall combination, but make no mistake about it, you don't need to enable NAT if you have a sufficient number of public IP addresses, and you can still use a firewall for security.

IPv6 currently has 1/8 of the IPv6 addresses in the entire IPv6 address block set aside for globally routable IPv6 addresses. Assuming there are 17 billion people on earth in the year 2100 (not unrealistic), the current global IPv6 address range (1/8 of the IPv6 address block) provides over 2000 /48 networks for each and every one of those 17 billion people. Each /48 network is 65,536 /64 subnets with 18,446,744,073,709,551,616 addresses per subnet.

The ideas for the IoT are in their infancy. We just can't foresee what is in store for IoT, much less what else may be coming.

Solution 3

The “Internet of Things” DOES NOT force a need for IPv6. IPv6 is needed even ignoring the IoT - quite simply put, the world is virtually out of IPv4 space, with significant parts of the world not connected, and horrible hacks in place even for the places which are connected. This would be the case even ignoring the IoT - just consider the case of mobile phones - most of these require Internet, and a large percentage don't actually have it (they have an approximation of Internet using Carrier Grade NAT) due to the shortage of IP space.

The IoT does exacerbate this shortage by upping the demand for IP space. A lot of the time this can (and is) worked around, but all this is a hack. Instead of having a world with 1 PC per household, we moved towards a world of a PC per person + a cellphone. The IoT ups this by an order of magnitude again, with lots and lots of devices.

Another important element is that when you are using devices to consume information, its fairly easy to share a single IP address (i.e. use NAT), however when publishing information / running a server - and an IoT device is a server - it benefits hugely from having its own address.

Share:
6,771

Related videos on Youtube

codepleb
Author by

codepleb

Updated on September 18, 2022

Comments

  • codepleb
    codepleb almost 2 years

    If you have multiple devices in one network, the amount of IPv4 addresses will not increase linearly to accomodate the number of devices. There is just one IPv4 address per Network/Router that is connected to the Internet. How does the “Internet of Things” (IoT) justify the need for IPv6 addresses?

    I definitely think I understood something wrong. But it doesn’t make sense to me at the moment. I know that IPv6 will be needed in the future, but I don’t know which role IoT plays on this topic.

  • davidgo
    davidgo over 8 years
    I agree with most of what you say, save for the repetition of the meme that NAT has nothing to do with security. Although not designed to boost security, this is a net effect - as it forces a "default deny" configuration for all hosts behind the server - and for everyone who does not know what port mapping is - which I believe is the vast majority of users, this is huge, and is, in effect, a "free" firewall. It is also no coincidence that NAT is typically affected by using firewall mechanisms within the router.
  • Ron Maupin
    Ron Maupin over 8 years
    Considering NAT to be any type of security is a very dangerous idea. It is not actually all that hard to break through NAT, and a simple Internet search will tell you how. I have observed that within 5 minutes of connecting a device to the Internet, there are dozens of attempts to break through NAT using the various techniques.
  • davidgo
    davidgo over 8 years
    At the risk of getting off topic, I put to you you are wrong. Looking at security as an "all or nothing" proposition is less helpfull then looking at it as a layered approach. NAT does add a layer of protection. Can you point out these varios techniques for breaking NAT - I believe that most of them will be trying to either breach the router (rather then the NAT), or require some kind of port-forwarding (which is not often set up by default) or some user Interation (ie phishing attack) - and run-of-the-mill firewalls don't offer much protection here.
  • Ron Maupin
    Ron Maupin over 8 years
    I respectfully disagree, and I suggest you pose your thoughts in the form of a question (like playing Jeopardy :)) on Information Security. I'm sure the security professionals there will guide you to the correct answer.
  • davidgo
    davidgo over 8 years
    Respectfully - The question was asked, and the answers are an expansion on my position. (security.stackexchange.com/questions/7911/…) Also security.stackexchange.com/questions/11840/… - but these answers are fairly old - can you provide a URL or evidence showing my assertion is incorrect or my knowledge outdated ? I've looked, and honestly been unable to find an Internet search showing how to break through NAT.
  • kasperd
    kasperd over 8 years
    @davidgo Allowing only outgoing connections by default does improve security. But that can be achieved without the use of NAT. The use of NAT introduces a few security problems of its own. For example due to an IP address being shared between multiple devices it is possible for a packet to be delivered to the wrong device if there was an IPID collision, the NAT reused a port number while it was still in use, or the transport protocol in use doesn't use port numbers at all.
  • kasperd
    kasperd over 8 years
    You are assuming an HD ratio of 100%. That is highly unrealistic. Empirical evidence suggests that once the HD ratio reaches about 85% it becomes necessary to renumber networks, and 95% will be a major administrative burden.
  • codepleb
    codepleb over 8 years
    Wow, that's a very nice answer! Can I force a device to get a public IP? I never heard of such stuff I can't find something like that on google. My provider always gives me an IPv4 address btw.
  • codepleb
    codepleb over 8 years
    Hello Ron. If I search my IP on http://wieistmeineip.de I find the same "public" IP on all computers. That's why I assumed that this is the only IP to come into my network from outside. So isn't this true at all? PS: I'm a noob at this topic, that's for sure. I don't claim that my statements are correct, that is just my current understanding. :)
  • codepleb
    codepleb over 8 years
    "Force" was a bad word. I meant something like "enforce". Thanks for your answer. :)
  • Mokubai
    Mokubai over 8 years
    Most ISPs will only give you one public IP address these days and that address will be dynamic (changing) rather than static. You used to be able to buy special packages from your ISP that gave you multiple static IP addresses but those tend to be used by businesses and are quite expensive. You cannot simply force getting multiple IPs from your side. You also need support for it on your router. As it stands at the moment industry is gearing up for this, it's currently not ready for prime time. A lot of ISPs still do not support IPv6 at all.
  • Michael B
    Michael B over 8 years
    @davidgo Following Ron's advice I have just posted this question, I am very curious of the replies it will receive.
  • GolezTrol
    GolezTrol over 8 years
    Very true, although watch out with the fishtank heater. After all, IoT makes everything hackable, so connecting your fish tank will provide people around the world the possibility to cook your fish. :o)
  • Lightness Races in Orbit
    Lightness Races in Orbit over 8 years
    Wow, @Ron, way to condescend when faced with disagreement of your position.
  • Ron Maupin
    Ron Maupin over 8 years
    @LightnessRacesinOrbit, where was I condescending? I wrote, "I respectfully disagree..." I won't discuss how to break networks, except in a context of preventing network breaches. Everyone is free to use or believe what I write, or not. I merely just trying pass on information which I have gathered in my many years of networking.
  • Lightness Races in Orbit
    Lightness Races in Orbit over 8 years
    It was the "I'm sure the security professionals there will guide you to the correct answer." Perhaps I'm reading too much into it, but this came across wrong to me. For what it's worth, you just did it again, making an appeal to your "many years of networking" and therefore implying an assumption that davidgo's experience must pale in comparison to your own, simply because you disagree!
  • Ron Maupin
    Ron Maupin over 8 years
    @TrudleR, You, as a home network user will almost always use a single public IPv4 address for your network, but IPv6 will change that. Many companies have entire blocks of public IPv4 addresses because they have a need to have many devices addressed with public addresses. ARIN, the RIR for North America, is completely out of IPv4 addresses to assign to ISPs and companies. Even some ISPs will now be forced into NAT (CGN), and this will double NAT your traffic, and break any port forwarding you may be using (some ISPs already do this). There is now a marketplace to buy and sell IPv4 addresses.
  • Ron Maupin
    Ron Maupin over 8 years
    @LightnessRacesinOrbit, yes, I think you read too much into that. If I wanted to be condescending, I would have written that they would say that I'm correct. I meant that he would get the benefit of the security professionals' experience. I doubt they will explain how to breach a network, but they will certainly give a consensus answer which could be considered correct, and, maybe, it doesn't agree with my answer.
  • Lightness Races in Orbit
    Lightness Races in Orbit over 8 years
    Alright, okay then!
  • Edwin Stoteler
    Edwin Stoteler over 8 years
    @GolezTrol Or you could make a App that does this for you, so you have fresh cooked fish ready for you every time you get home from work.
  • JamesRyan
    JamesRyan over 8 years
    You still have to allow or disallow each device at the firewall. If IPv6 ever gets any traction then it seems like it will be a malware nightmare given attitudes on stuff being allowed by default.
  • J...
    J... over 8 years
    It's funny, because it was just recently that coworkers and I were discussing how ludicrous a security nightmare it was some twenty years ago or so when every single system on our network had a public-facing IP address... the thought of going back to that just seems nuts. I rather like having my home and work networks safely tucked behind a NAT. Maybe that's just the new old-fashioned. 0_o
  • Mokubai
    Mokubai over 8 years
    @J... Facebook, Microsoft and my local bank would have me believe that security is overrated and I should in fact be spewing my personal details all over the internet for security. Presumably if everyone has my details and I have no money then I don't need security as it is then pretty worthless hacking me. Security by mediocrity.
  • supercat
    supercat over 8 years
    Is there any advantage to using port numbers rather than migrating toward a name-based protocol? While in the short term such migration would require that gateways either be updated or have a name-server/forwarding device on the downstream side, such an approach seems more open-ended than even IPv6.
  • Ron Maupin
    Ron Maupin about 7 years
    @J..., it is not NAT that makes you safe, it is a firewall. You can have many public addresses behind a firewall, and they are all safe because a firewall drops all traffic by default. You simply enable what you want enabled. There are ways to bypass NAT. For example compromising the NAT router gives you access to every device inside the NAT. Without a firewall in front of the router, you are vulnerable. NAT is not security, a firewall is.
  • Ken Sharp
    Ken Sharp almost 6 years
    What on Earth is “HD”?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to disable IPv6 on Windows Subsystem for Linux?
Static IPv4 & IPv6 configuration on CentOS 6.2
IPv6 is working, but IPv4 isn't
Why is my IPv6 Address showing instead of my IPv4?
long delay during ssh login
How can I disable IPv6 in custom built embedded setup
How to deal with Dual-Stack Lite and incoming connections
Why are we still stuck on IPv4 when we are IPv6 ready?
How can I make localhost resolve to 127.0.0.1 instead of ::1?
Get IPv6 address of an IPv4 machine?