IPv6 benefits: Faster connections, richer data

The business advantages of IPv6 are many, including direct customer access to websites, faster end-user experiences with Internet applications, and the opportunity to gather data about visitors to applications as well as measure visitors’ engagement and conversion.

Without NAT, IPv6 is faster than IPv4

If your organization offers a public website or internet or mobile applications, then it is likely that your site will function faster when using IPv6 vs IPv4.  That’s in part because of the proliferation of network-address translation (NAT) by service providers for IPv4 Internet connectivity.

Carriers lack sufficient public IPv4 addresses to provide unique addresses to all of their subscribers so they channel them through a massive NAT using a pool of public IPv4 addresses.  IPv4 traffic that hits carrier networks typically goes through one or more NATs and is backhauled through centralized carrier-grade or large-scale NATs where customer connections compete for TCP/UDP port space, connection limits, and bandwidth.  All this NATing requires recomputing TCP and UDP header checksums which introduces delays in the delivery of packets.

By contrast, most mobile and broadband subscribers now have native IPv6 on their devices.  The IPv6 packets don’t pass through carrier NAT systems and instead go directly to the Internet.  The lack of NAT usage by IPv6 means that TCP and UDP header checksums do not need to be re-computed like with IPv4.

Even though IPv6 packets have a larger header size and extension headers (more protocol overhead) they are hardware-accelerated just like IPv4. And for systems that support both IPv4 and IPv6, the Happy Eyeballs algorithm helps decide which protocol is working faster and selects it, helping to improve end-user experience.

Facebook, LinkedIn, Google and others have published statistics showing that IPv6 is faster from their perspective.

The Asia-Pacific Network Information Centre (APNIC) is one of the five Regional Internet Registries and monitors the Round-Trip Time of IPv4 and IPv6 packets from locations around the world.  Its results show that IPv6 has lower latency than IPv4 everywhere except for Asia.

Make corporate internet response time faster

Just as IPv6 can improve performance for customers coming to retail websites, it can do the same for enterprise users accessing the internet from corporate networks.

Most host operating systems support both IPv4 and IPv6 by default, so if the enterprise networks that enterprise hosts are connected to also supported IPv6, end users would automatically have dual-protocol internet connectivity. Unfortunately, today, most enterprises have these dual-protocol hosts connected to IPv4-only access networks.

If enterprises enabled IPv6 on their wireless access networks, they could start to take advantage of IPv6’s benefits.

IPv6 deployment should start at the internet edge, so when enterprises embark on IPv6 deployment projects, they should ensure that their Internet perimeter security defenses support IPv6.  These include firewalls, DNS servers, load balancers, Web application firewalls (WAFs) and cloud access security brokers.

Once the perimeter is IPv6-enabled, the next step is to deploy IPv6 across the core network and then out to end-users.

Gathers more reliable data on web-site visitors

When sites use IPv6, they gain greater customer intimacy by observing customers’ true IP addresses.  When customer connect to a web site, it logs their IP address.  That address can be checked against threat-intelligence databases and reputation filters to identify connections that might be malicious or fraudulent.

Some web sites attempt to use the IP address as an element in authentication.  A username and password can be associated with an IP address to add confidence that the person attempting to login is who they say they are because they are using the same IP address that they have in the past.

While implementing IPv6 has many benefits, it can raise privacy concerns because without IPv6 NAT, it is possible to capture the true client device address.  Some security administrators worry that makes IPv6 more vulnerable.

Privacy can be protected

It may seem that revealing clients’ true IP addresses seems to somehow compromise security, but according to the IETF, NAT is not a perimeter security function needed for IPv6. Instead, perimeter security can be enforced by stateful firewalls that allow outbound connections but block unsolicited inbound connections. Therefore, even if someone knew an end-user’s global IPv6 address, they couldn’t initiate a connection to that host.

IPv6 has some specific methods of preserving end-user privacy by obscuring the Interface Identifier (IID), which is the part of the address that uniquely identifies the host.  Organizations don’t want to reveal any personal information by including the end user’s device MAC address in the IID.

Methods vary based on if the network is using protocols such as: stateless address autoconfiguration (SLAAC) or RDNSS with privacy extensions or using Stable SLAAC.

Furthermore, when using DHCPv6 to lease IPv6 addresses to hosts, the IID is randomized, thus preserving the privacy of the end-user.