23

I recently ran across this quote from Security Intelligence about the Internet of things and IPv6:

Analysts predict that there will be 30 billion connected “things” by 2020, yet the IPv4 address space only accommodates 4 billion and change. Even with network address translation (NAT) and private address space, the IoT’s appetite for addresses will overcome IPv4’s ability to sate it.

Enter IPv6, which expands the address space to 340 undecillion, or 3.4×1038. Well, it’s technically a bit less than that, since some combinations are reserved; nonetheless, that’s still enough usable addresses to allocate about 4,000 to every person on the planet.

What puzzles me is why the Internet of Things would make any difference to the need to switch to IPv6. It seems to me that the vast majority of Things are connected to a router, hence a need only for one world-wide IP.

For instance, your smart oven's (or whatever) IP is 192.168.0.52, that doesn't prevent your neighbour's Echo from having the same IP, because in order to access that IP from outside your home, you have to go through your home's IP address, ex: 148.238.24.9.

Why would the advent of IoT necessitate the switch to IPv6?

anonymous2
  • 4,902
  • 3
  • 22
  • 49

2 Answers2

19

There are two reasons.

(1) First is simpler, end-to-end connectivity. If both source and destination have public IPv4 (or IPv6, of course) address, they can connect to each other in any direction anytime.

Your IoT with private IP 192.168.0.52 however can use NAT ONLY to connect to any public IP on the Internet whenever it wants, but the rest of the Internet cannot connect to it. There were kludges like DNAT and uPNP that used to allow you to specify that some incoming connections are enabled, but they are breaking more and more nowadays due to implementation of CGNAT because of IPv4 shortages.

A common (so-called) "solution" to this problem is that all your (NATed) devices connect to some central location with public IP (usually hosted by the manufacturer of device). This makes it work technically, but involves a privacy issue (you're giving all the data from your IoTs), security issue (as you're wide open to them, breach or disgruntled employee can do anything your IoT device can do and access), and reliability issue (when the manufacturer goes out of business or decides to stop supporting old devices or is suffering outages) all your (and everybody elses) perfectly functional devices will stop working.

(2) second problem is that it will stop working anyway (even for outgoing connections) some time in the future (not in a year or two, but still. The more IoT and services catch on, the sooner it will start breaking).

That is because NAT allows private addresses like 192.168.0.52 to reach the Internet at large. It does that by changing source address 192.168.0.52 to public IP of your router, but replaces source port with free one from the pool.

For example, your first connection might be 192.168.0.52:1000 might be (CG)-NATed to (public IP) 198.51.100.1:1000, and your neighbour 192.168.0.77:1000 might get NATed to 198.51.100.1:1001. Your second connection from 192.168.0.52:1001 would then be NATed to 198.51.100.1:1002 etc.

Problem is, even simple stuff like opening a web page will likely open dozens of connections and use a dozen of ports (for DNS queries, HTTP(S) connection for different elements, JS analytics on different sites etc).

More expensive programs, like torrent clients, will easily use up a thousands of ports. And there is only 65535 ports available for any IP.

Which means several of your neighbours sharing the same CGNAT IP use a bigger share of connections (and more IoTs will mean more connections), and suddenly all of 65535 ports on that public IP 198.51.100.1 are used. Which means no new connections can be established for you and your neighbours. Which on bigger scale means lots people are cut from their IoTs, and civilisation as we know it collapses :-)

Since we would like to delay this civilisation collapse as long as possible, we're transitioning to IPv6 instead. Please support continued existence of this civilisation by using IPv6 if possible. Thanks!

anonymous2
  • 4,902
  • 3
  • 22
  • 49
Matija Nalis
  • 356
  • 2
  • 6
13

IPv6 is a necessity now; we're nearly out of IPv4 addresses already. As more and more people come online, we're starting to reach the point where IPs have to be shared across multiple people, not just one household (carrier-grade NAT), which is unacceptable, and not just a problem for IoT.

IPv6 allows us to move to a more semantic representation where one IP = one device, which has several advantages. If you're directly able to address your smart device (be it a toaster, oven, light bulb, TV, or something else), you can just send your commands directly to the device, rather than needing to go through a hub. At the moment, NAT makes this difficult to set up, because it requires specifically port forwarding your IoT devices (and this may not work at all for carrier-grade NAT).

It might be worth reading 'Switching to IPv6 implies dropping NAT. Is that a good thing?' from Server Fault if you're worried about the security implication; having all your IoT devices given a public IPv6 address is not really a big security flaw; it's something that would still cause a problem on a NAT-enabled network.

This IEEE article has some good points:

The next logical step from networks of mobile devices to networks of communicating "Things" is IoT. That next step will mirror the sequence of events experienced by mobile networks. Proprietary protocols came first, because an individual company’s profits often come before consideration of the common good. But the use of IP and transparency (i.e., open source protocols) is fundamental to IoT development, just as the ease of use and the invisibility of the technology is important to end users. Our view, based on our research, is that the value of transparency and ease-of-use, and even more importantly the need for interoperability, will favor IPv6 adoption by the IoT market.

So, in short:

  • At the moment, 1 IPv4 address represents... who knows? Sometimes a device, sometimes a router, sometimes a whole network of different customers.

  • Using an IPv6 lets you give each IoT device a 'name' on the Internet.

  • Being able to address your devices lets you control them, and simplifies setup and management.

Aurora0001
  • 18,520
  • 13
  • 55
  • 169