• Current version of Internet Protocol is IPv4.
• Used to send data over the Internet and makes interaction
between different services possible.
• Over the years, as response to these deficiencies and in
consideration of a global network in rapid growth, new
technologies, like SSL/TLS and IPSec, have been introduced to
remedy these issues.
Limitations – IP V4
1. Maximum addressing space - uses 32-bit address space.
– Scarcity of IPv4 addresses, many organizations implemented
NAT to map multiple private addresses to a single public IP
– NAT does not support network layer security standards and it
do not support the mapping of all upper layer protocols.
• More servers, workstations and devices which are connected
to the internet also demand the need for more addresses and
the current statistics prove that public IPv4 address space will
be depleted soon.
2. Security Related Issues:
– IPv4 was published in 1981 and the current network security threats
were not anticipated that time
– Internet Protocol Security (IPSec) is a protocol suit which enables
network security by protecting the data being sent from being viewed
or modified. IPSec provides security for IPv4 packets, but IPSec is not
built-in and is optional.
3. Quality of Service QoS:
– IPv4 and it relies on the 8 bits of the IPv4 Type of Service (TOS) field
and the identification of the payload.
– IPv4 Type of Service (TOS) field has limited functionality and payload
identification (uses a TCP or UDP port) is not possible when the IPv4
packet payload is encrypted.
Next Generation - IP V6
• IPv6 addresses are based on 128 bits.
• Sites should run a dual-stack IPv6 configuration.
– Otherwise you could miss traffic from users who are only able to
access the Internet over IPv6 (which is not backwards compatible with
• Small amount running IPV6 but will increase.
– Only takes one missed customer to make you regret not taking the
steps to incorporate IPv6 into your infrastructure.
1. IPv6 reduces the size of routing tables and makes routing
more efficient and hierarchical.
– Allows ISPs to aggregate the prefixes of their customers' networks into
a single prefix and announce this one prefix to the IPv6 Internet.
2. IPv6's simplified packet header makes packet processing more
– Compared with IPv4, IPv6 contains no IP-level checksum, so the
checksum does not need to be recalculated at every router hop.
3. Multicast rather than broadcast.
– Allows bandwidth-intensive packet flows to be sent to multiple
destinations simultaneously, saving network bandwidth.
4. Address auto-configuration (address assignment) is built in to
– Router will send prefix of the local link in its router advertisements.
– Host can generate its own IP by appending its link-layer (MAC)
address, converted into Extended Universal Identifier (EUI) 64-bit
format, to the 64 bits of the local link prefix.
5. Eliminating NAT, true end-to-end connectivity at the IP layer is
restored, enabling new and valuable services.
– Peer-to-peer networks are easier to create and maintain, and services
such as VoIP and Quality of Service (QoS) become more robust.
6. IPSEC- provides confidentiality, authentication and data
integrity, is part IPv6.
– Because of their potential to carry malware, IPv4 ICMP packets are
often blocked by corporate firewalls, but ICMPv6, the implementation
of the Internet Control Message Protocol for IPv6, may be permitted
because IPSec can be applied to the ICMPv6 packets.
7. The Secure Neighbour Discovery (SEND) protocol is capable of
enabling cryptographic confirmation that a host is who it claims
to be at connection time.
– Renders Address Resolution Protocol (ARP) poisoning and other
naming-based attacks much more difficult.