IPv6 – Why IPv6 is Needed

Two things are getting confused here:

• classful addressing vs CIDR
• Masquerading / NAT

Going from classful addressing to Classless Inter Domain Routing (CIDR) was an improvement that made the address distribution to ISPs and organisations more efficient, thereby also increasing the lifetime of IPv4. In classful addressing an organisation would get one of these:

• a class A network (a /8 in CIDR terms, with netmask 255.0.0.0)
• a class B network (a /16 in CIDR terms, with netmask 255.255.0.0)
• a class C network (a /24 in CIDR terms, with netmask 255.255.255.0)

All of these classes were allocated from fixed ranges. Class A contained all addresses where the first digit was between 1 and 126, class B was from 128 to 191 and class C from 192 to 223. Routing between organisations had all of this hard-coded into the protocols.

In the classful days when an organisation would need e.g. 4000 addresses there were two options: give them 16 class C blocks (16 x 256 = 4096 addresses) or give them one class B block (65536 addresses). Because of the sizes being hard-coded the 16 separate class C blocks would all have to be routed separately. So many got a class B block, containing many more addresses than they actually needed. Many large organisations would get a class A block (16,777,216 addresses) even when only a few hundred thousand were needed. This wasted a lot of addresses.

CIDR removed these limitations. Classes A, B and C don't exist anymore (since ±1993) and routing between organisations can happen on any prefix length (although something smaller than a /24 is usually not accepted to prevent lots of tiny blocks increasing the size of routing tables). So since then it was possible to route blocks of different sizes, and allocate them from any of the previously-classes-A-B-C parts of the address space. An organisation needing 4000 addresses could get a /20, which is 4096 addresses.

Subnetting means dividing your allocated address block into smaller blocks. Smaller blocks can then be configured on physical networks etc. It doesn't magically create more addresses. It only means that you divide your allocation according to how you want to use it.

What did create more addresses was Masquerading, better known as NAT (Network Address Translation). With NAT one device with a single public address provides connectivity for a whole network with private (internal) addresses behind it. Every device on the local network thinks it is connected to the internet, even when it isn't really. The NAT router will look at outbound traffic and replace the private address of the local device with its own public address, pretending to be the source of the packet (which is why it was also known as masquerading). It remembers which translations it has made so that for any replies coming back it can put back the original private address of the local device. This is generally considered a hack, but it worked and it allowed many devices to send traffic to the internet while using less public addresses. This extended the lifetime of IPv4 immensely.

It is possible to have multiple NAT devices behind each other. This is done for example by ISPs that don't have enough public IPv4 addresses. The ISP has some huge NAT routers that have a handful of public IPv4 addresses. The customers are then connected using a special range of IPv4 addresses (100.64.0.0/10, although sometimes they also use normal private addresses) as their external address. The customers then again have NAT router that uses that single address they get on the external side and performs NAT to connect a whole internal network which uses normal private addresses.

There are a few downsides to having NAT routers though:

• incoming connections: devices behind a NAT router can only make outbound connections as they don't have their own 'real' address to accept incoming connections on
• port forwarding: this is usually made less of a problem by port forwarding, where the NAT routed dedicates some UDP and/or TCP ports on its public address to an internal device. The NAT router can then forward incoming traffic on those ports to that internal device. This needs the user to configure those forwardings on the NAT router
• carrier grade NAT: is where the ISP performs NAT. Yyou won't be able to configure any port forwarding, so accepting any incoming connections becomes (bit torrent, having your own VPN/web/mail/etc server) impossible
• fate sharing: the outside world only sees a single device: that NAT router. Therefore all devices behind the NAT router share its fate. If one device behind the NAT router misbehaves it's the address of the NAT router that ends up on a blacklist, thereby blocking every other internal device as well
• redundancy: a NAT router must remember which internal devices are communicating through it so that it can send the replies to the right device. Therefore all traffic of a set of users must go through a single NAT router. Normal routers don't have to remember anything, and so it's easy to build redundant routes. With NAT it's not.
• single point of failure: when a NAT router fails it forgets all existing communications, so all existing connections through it will be broken
• big central NAT routers are expensive

As you can see both CIDR and NAT have extended the lifetime of IPv4 for many many years. But CIDR can't create more addresses, only allocate the existing ones more efficiently. And NAT does work, but only for outbound traffic and with higher performance and stability risks, and less functionality compared to having public addresses.

Which is why IPv6 was invented: Lots of addresses and public addresses for every device. So your device (or the firewall in front of it) can decide for itself which inbound connections it wants to accept. If you want to run your own mail server that is possible, and if you don't want anybody from the outside connecting to you: that's possible too :) IPv6 gives you the options back that you used to have before NAT was introduced, and you are free to use them if you want to.