IPv6 is slowly but irresistibly making its way into the Internet and into our networks. In industrial countries, the average user adoption rate is around 30%, Belgium being the leader with over 50%. Over 25% of the Top Alexa 1000 websites are dual-stack, which means, they are reachable over IPv4 and IPv6. 

glenn-carstens-peters-203007.jpg

On all front pages and in the top news we read about the Internet of Things (IoT) and blockchain. Both technologies use billions of connections between users and devices and are totally interconnected.

The blockchain technology will not just be used for digital currencies such as Bitcoin, but will disrupt many other industries, such as health, media, electricity, government, how we deal with identities and many more.

Blockchain

Blockchain is a new architecture, that revolutionizes the Internet and replaces the common centralized client-server design. Blockchain stores data on a chain of nodes. It is a shared public ledger on which the entire decentralized distributed peer-to-peer network relies. Each node has a copy of the ledger. When a transaction is requested, each node receives the transaction request message, updates its own copy of the ledger and passes the message to the nearby nodes. Each transaction is digitally signed to prove that it is valid. If a message is encrypted with a specific public key, only the owner of the paired private key will be able to decrypt and read the message. On the other way, if you encrypt a message with your private key, only the paired public key can be used to decrypt it. A digital signature prevents the transaction from being altered by anyone, once it has been signed. As mentioned above, blockchain is not only used for crypto currencies. We see financial institutions, governments, electrical companies and many other industries getting on the boat.

Cloud goes blockchain

One interesting example of how blockchain can be used is offered by Nebulous Inc from Boston. It is a new decentralized cloud system called Sia. Sia leverages the capacity of blockchain technology to enable distributed networks to reach consensus in a secure and trustless way. Cryptographically secured smart contracts ensure the encryption and transfer of data with no possibility for a third party to interfere in any way.

Sia is a new approach to cloud storage platforms. Instead of all data centers being owned and operated by a single company, Sia opens the floodgates and allows anyone to make money by renting out their hard drive. Data integrity is protected using redundancy and cryptography. And it cannot be centrally controlled.

IoT as a Business Driver for IPv6

One example of how business can drive IPv6 deployment, is SBB, the Swiss train company (note this is a dual-stack website). The IoT business unit decided to roll out their first IoT application for passengers in early 2019. For this purpose they need some 1000 IP addresses per train and they need it for approximately 1200 trains. They requested this amount of IP addresses from the network group. And the network group said: "No way, we don't have enough addresses." So guess what is happening now? They have to provide IPv6 services to ensure that this application will be able to run over IPv6-only. Note that if you need IPv6 because you don't have enough IPv4 addresses, dual-stack is not an option. So they are currently evaluating of where and how they need to provide IPv6 and translation services to make this work. The end device in the train is going to be IPv6-only but the whole backend is currently IPv4-only, so they won't get away without translation. And they have one year to do so. It would be much easier, had the backend and core already supported IPv6 natively.

How IPv6 comes into play

Did you ever think about how this is all going to happen? Many people who are pushing the IoT are not aware of the fact that the IoT will not happen on a large scale without IPv6. IPv6 also brings some security relevant features, that will push deployment in the IoT and blockchain space.

The critical component for the decentralized web to thrive and stay secure is the ability to restore end-to-end as the performance and security of the decentralized web is negatively impacted with IPv4. Peer-to-peer networks require end-to-end connections. Going through NAT is a pain and needs dirty workarounds. We don't know where a NAT packet is coming from and because NAT manipulates the packets, we don't know if the data has been manipulated. So while the numbers of IP addresses needed for the IoT calls for IPv6 anyway, IPv6 will also bring great advantages over IPv4, because it doesn't use NAT. This allows nodes to accept incoming connection requests. Also the advanced and more scalalable multicast features of IPv6 will bring advantages to this technology.

On the security side, requests to control access to certain regions or nations are increasing. Data sovereignty is the concept that information which has been stored in binary digital form is subject to the laws of the country in which it is located. This cannot easily be done with IPv4 because of velocity of change which is very high compared with IPv6. The vast hierarchical address space of IPv6 and the way it is managed allows for rules to limit access to certain countries. One example of how this can be enforced is the EU with the new version of the privacy regulation, called General Data Protection Regulation (GDPR). This will come into effect in May 2018. The GDPR is a regulation by the European Parliament, the Council of the European Union and the European Commission. It also addresses the export of personal data outside the EU. The GDPR aims primarily to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. By the way, this is something to be seriously considered. Depending on the failure, the company can be fined up to 20 million euros or 4% of its global annual sales (whichever is higher). Some of these rules will also be relevant in Switzerland. At the same time, Switzerland is also reworking its data protection law. We expect that most aspects will be integrated in the Swiss law. Read more on this in an article published on Swiss Global Enterprise.

Control over data location and prevention of illegal data export supports the requirements of privacy by design. It is within management responsibility to think about data sovereignty while choosing the Internet protocol.

For the blockchain community the fact that with IPv6 you can exclude regions can be used to exclude storage in a country that you don't trust or if you travel to let's say Switzerland, to have your storage within this region. This is only possible if you use blockchain with IPv6. Or in the IoT case, these devices usually have very limited memory and storage. So they rely on moving off data to some place, so some other device can process or store it. You might want to control where your data goes. You need IPv6 to be able to do this easily.

The Interplanetary File System (IPFS) takes over the Internet

The InterPlanetary File System (IPFS) is a data model and a protocol designed to create a content-addressable, peer-to-peer method of storing and sharing data in a distributed file system. IPFS was initially designed by Juan Benet, and is now an open-source project developed with help from the community. IPFS aims to replace HTTP and build a better web for all of us. Content stored in IPFS cannot be controlled by censorship.

In 2014, the IPFS protocol took advantage of the Bitcoin blockchain protocol and network infrastructure in order to store unalterable data, remove duplicated files across the network, and obtain address information for accessing storage nodes to search for files in the network.

If you think this is a cool technology somewhere on the far away horizon, there is a Java Script implementation to access IPFS that runs in every browser. This video shows you how to set it up on any operating system within 10 minutes.

How IPFS has been used to bypass central censorship

The Internet has always been a technology that changed the world, had a high social and political impact, connected people, flattened hierarchies and broke the dominance of repressive regimes. This is again happening with IPFS on an even larger scale. A centralized server system allows the owner or a government to block access to that server. This type of censorship is not possible with IPFS. It’s a decentralized system, which allows the same set of data to live in multiple places while still enabling browsers to find any one of them with only a single address.

The Catalan independence referendum, that took place in September-October 2017, was deemed illegal by the Constitutional Court of Spain and many related websites were blocked. Subsequently, the Catalan Pirate Party mirrored the website on IPFS to bypass the High Court of Justice of Catalonia order of blocking

Turkey was able to block Wikipedia because the site has an address that goes to a real place (that place is a server), so if they block the wires that lead to that place, they can block the site. IPFS doesn’t address data with a location, it addresses it by identifying the content itself. The system goes out and finds the nearest copy of that content. Block access to one copy, and it will just find another copy. Here's an article by the Observer about this.

IPFS is being used to create a mirror of Wikipedia, which allows people living under repressive regimes to access the content of Wikipedia. Upon hearing of the Turkey block on Wikipedia, the maintainers of IPFS put snapshots of English, Turkish and Kurdish versions of Wikipedia on IPFS so that people may be able to read it in a decentralized and distributed way even if they cannot access Wikipedia itself.

And for the musicians and music lovers

Here's the first decentralized music platform based on IPFS. Wake up musicians, here you can get 100% of your revenue!

How to prepare

IPv6 is the current Internet Protocol. It might be a wise thing to prepare for it. IPv4 is end-of-life. IPv6 deployment - if you want to do it with minimal risk and cost - takes some time, in larger enterprise networks often three to five years. You need time to create a lasting address plan, which should be more than just a copy of your IPv4 address plan. And it should be carefully aligned with your IPv6 security concept, which should be more than just a copy of your IPv4 security concept. Both should take the opportunities of the vast address space into account and use the advanced features of IPv6. An IPv6 address plan often takes about three iterations until it works. It takes quite some time and effort to get rid of IPv4 thinking. You also want to be able to use the regular life cycles of your products and to have the time to educate and build experience and adjust all your support systems and processes.

Learning from the experience of SBB, the Swiss train company mentioned above, start deploying IPv6 in your core and in your back end now. Make yourself, your network, your organization ready for IPv6 and future proof, all while there is time to do it carefully and with minimal risk and cost. And do it step by step. It's a big project due to all the interdependencies and the best way to approach this task is to run it as agile as possible.

More information and trainings

  • 1-day Overview of changes in IPv6, IPv6 planning, deployment and best practices. March 22 (year of publication of this blog) at HSLU in Rotkreuz.

  • 3-day IPv6 Hands-On training with detailed overview of new features, and many labs for  all important topics. Upcoming dates, details and registration through Digicomp website.

More resources for further research:

AUTHOR