TECHNOLOGY

IPv6: New Opportunities, New Risks

The modern world has moved online since years, having extended and in some spheres even completely taken the place of the offline reality. We can now see an interesting line of thinking in some contemporaries’ discourse — if you cannot find any information about something on the Web, for most people it will mean this thing does not exist at all.
For many of us, the search and easy finding of a product or a financial service on the Web starts by touching the browser icon on our smartphone, yet few people ever think about the way the request goes, which server logs the information about it remains in, which DNS server would open the way to the required web resource, and all that happening behind the scenes. Even less people think of the risks that may lurk in wait during Internet surfing.

The evolvement of the modern Internet goes hand in hand with the TCP/IP protocol implementation, where IP address* is an obligatory parameter. Let’s have a dip into the history. The good old IP address or IPv4** in the 256.256.256.256 format appeared in 1983, and back then everyone thought that 4.5 billion of unique addresses would be entirely sufficient for all and for any purpose. That’s why in the 80-s many organisations got more addresses than they needed.
Unfortunately, system miscalculations by evaluating the number of hosts on the Web and ineffective assignment of the addresses led to IPv4 address exhaustion. In the table below, we give a list of countries with population number to the share of dedicated IP addresses.

As you can see from the table, only the UK has enough IPv4 addresses per population; the other countries are rated with < 1. Yet all the EU countries have a fair rate of 0.5 to 1. Abnormally low coefficients mark the countries of Southeast Asia, which is though due to the fact that the drastic economic growth, population increase and a dashing digitalisation have begun there but 35 years ago.
Already in the first decade of the 21st century, the IPv4 address exhaustion narrowed down the access to the Internet, which caused stagnation in improvement and digitalisation of services, including financial ones. That made the developers look for solutions. For example, big companies in the countries with the most severe IPv4 address exhaustion have found a practical solution in supporting the IPv6 deployment.

On 6 June 2011, the World IPv6 Launch and a successful IPV6 testing took place. The IPv6 addresses are 128 bits and contain a colon as separator (e.g. 2001:0db8:85a3:0000:0000:8a2e:0370:7334). The leading zeros are usually omitted. A string of zeros can be omitted too and replaced with a double colon (e.g. fe80::1). There can be only one such omission in an address.

The main advantage of IPv6 is that this system creates a sufficient amount of numbers not only to resolve the crisis with the deferred IPv4 addresses, but also to prevent any other possible crisis in the future. That’s why the professional community believes the future belongs to the IPv6 and not the existing NAT and CIDR technologies which are currently used to overcome the shortage of IP addresses.

Should clients, Internet service and content providers completely switch to IPv6, there will be no need in NAT since all devices can have globally routable addresses. This will allow applications intercommunicating directly (there will be no need in solving the problem of NAT bypass for collaboration apps and other systems). IPv6 usage lets partly reduce the network infrastructure.

The IPv6 addresses are now used much more often: only according to our information, in 2019, the traffic share with IPv6 addresses was at least 2–3% in the EU and Russia, on the Philippines it was 15%, in Indonesia – 20%, in Vietnam – up to 40%. About 15% of the global web resources have switched to the IPv6 system.
https://w3techs.com/technologies/details/ce-ipv6/all/all

The problem with the IP-shortage now seems to be solved, but is it indeed so?

Speaking about the advantages of IPv6 addresses, we cannot leave aside the difficulties coming along with the implementation and usage of this standard, first of all, the high costs of IPv6 transition and impossibility of an instant switching to the new format which demands support of tech stacks and infrastructure supporting both formats.

Furthermore, IPv6 and IPv4 networks are not directly intercompatible; there are no URL mapping rules either. Although the problem is partly solved by tunnelling IPv6 packages within the IPv4 packages, it is still a long way from a complete solution.

Another obstacle to a complete IPv6 transition is the lack of auxiliary dictionaries and lists of high-risk IP addresses and geolocation data; there are no sufficient technical protection tools for Internet connection and network infrastructure objects, ranging from simple DDos filters to more complex tools. As a result, it is much more difficult to protect yourself from various threats in IPv6 networks, as it is often impossible to recover or replicate the risk management and protection technologies which became common and are widely used for the IPv4 format.

This problem is particularly compounded by the fact that almost the entire volume of IPv6 addresses has not yet been distributed among Internet providers. While every IPv4-address has its owner, which facilitates administration and risk response, as well as the possibility of investigation in case of any wilful actions, IPv6-addresses are almost in free access, which means they can be used for dishonest purposes and scot-free.

So, what do we have in practical terms? The new tool solving the problem of resource shortage and boosting the digitalisation of all and everything has turned out to be not so simple and neat, as it opens the floodgates to new risk categories and a widest range of both unscrupulous actions and potential fraudulent attacks that are yet to be learnt to detect and counteract.

We in JuicyScore, for our part, invest in the studying of this problem and have already included the minimum essential functionality for working with IPv6-addresses in the current APIv11: a technology stack for determining the real IP address in the IPv6 format and responding to other risks connected with its implementation.

If you wish to know more about it, please do not hesitate to contact us!