IPv4 vs. IPv6

Dann Albright

Dann Albright

IPv6 or IPv4The internet is undergoing a profound change.

Well, it’s been undergoing this change for quite a while now. And you probably didn’t even know about it. You might know that the Internet Protocol (IP) is what makes the internet work . . . but did you know that we’re in the midst of a huge update to that protocol?

The specification for IPv6 was finalized in 1998, and the internet is still in the process of switching from the previous version, IPv4. It’s been a long process, and we still have a long way to go.

But why should you be concerned about IPv4 vs. IPv6? Does it have any effect on you at all? It certainly does—and we’re going to take a look at those effects shortly. But first, let’s take a closer look at both protocols and see some of the differences between IPv4 and IPv6.

IPv4: Where We Started

You might be surprised to find out that the fourth version of the Internet Protocol has been around since 1983. Possibly even more surprising is the fact that it’s still used for the vast majority of the internet.

And it’s worked really well. The internet doesn’t seem outdated, and our data transmission has worked fine for the past 25 years. But there’s one big problem with IPv4:

We’ve run out of IP addresses.

An IP address is, simply, the location of a device on the internet. Your phone has one. Your computer has one. So does your gaming console (though they might not have unique addresses; we’ll get to that in a moment). Every data packet sent over the internet contains two IP addresses: the one belonging to the sender and the one belonging to the receiver.

It’s how data moves around the internet. As you can imagine, IP addresses are really important.

The problem with IPv4 is that IP addresses are 32-bit numbers (they look like “191.148.205.315”). There are just under 4.3 billion 32-bit numbers. That’s a huge number, so how can we be running out?

First, we have a staggering number of devices that are connected to the internet. More mobile phones are internet-capable, and they need their own IP addresses. There are over a hundred million broadband subscriptions in the US alone. Each of those needs an IP address, too.

But still, 4.3 billion? That seems like a stretch.

One of the factors contributing to the exhaustion of IPv4 addresses is inefficient use. Some large companies in the 1980s were given millions of IP addresses, far more than they could expect to use. There are a lot of owned-but-unused IP addresses out there, and that waste contributes to our running out of 32-bit IP addresses.

There’s been a push for people who own those unused IP addresses to give them back so they can be used by others, and that has helped slow the rate of exhaustion. But we’re just adding too many devices too quickly.

Which is where IPv6 comes in.

IPv6: The Present and the Future

As I mentioned, IPv6 was finalized in 1998, and it solves a number of issues with IPv4. The biggest improvement it brings to the table is 128-bit IP addresses (something like “2001:0db8:85a3:0000:0000:8a2e:0370:7334”). Instead of being limited to 4.3 billion, the new protocol supports somewhere in the neighborhood of 3.4×1038 addresses.

That’s 340 undecillion IP addresses.

To be fair, Chris Welsh showed that only 42 undecillion will actually be available to assign. Fortunately, that’s still an almost unimaginably large number. We won’t be running out of IP addresses anytime soon on the IPv6 network.

This larger number of IP addresses also means that every device can have its own address. Right now, routers have unique addresses, and individual devices connected to those routers are given non-unique addresses. So data is sent to the router, and it’s forwarded on to its final destination from there.

This process is made possible through Network Address Translation (NAT). And while NAT is a useful and reliable technology, it has some downfalls. It makes certain protocols unable to protect your devices, for example. It also requires resources to effectively do its job (though the amount of resources is extremely small).

IPv6 does away with NAT. Because there are enough addresses for every device, using non-unique IP addresses for devices behind routers is unnecessary. And NAT won’t be standing in the way of improved security.

The new protocol is also more efficient than IPv4; simplification in data packet headers, better routing functionality, and support for better peer-to-peer networking are all improvements. Even with those improvements, though, users aren’t likely to see huge jumps in performance. Sucuri found that little to no performance boost over IPv4, and others have found minimal improvements in the range of 5–10%.

But we’re still in the very early stages of IPv6, and more efficient data transfer is always good.

The Current State of IPv6

Despite being finalized in 1998, very few places on the internet have converted to IPv6. In May 2017, 37 countries had more than 5% of their internet traffic going via IPv6. Only seven countries had more than 15%. If IPv6 is so much better, why haven’t more people converted?

In short, because it’s expensive. It requires new server software and equipment. And it’s also not backward-compatible with IPv4. So any site that wants to work for users coming in via both protocols needs essentially two versions of their site (or a translator service).

But IPv6 is steadily becoming more popular. Most modern routers and operating systems provide support for the protocol. ISPs are rolling out IPv6 capabilities to more users all the time. Most major ISPs offer at least some IPv6 functionality, though they’re deploying at different rates around the developed world.

Should You Use IPv6?

Now that you’ve seen some of the benefits of IPv6 and how widespread it’s available, you might be wondering if you should use it. In short, yes, you should. The more widespread the adoption of the new technology, the better. If your ISP offers it, and you have a router capable of supporting it, it’s a good idea to turn it on.

Before you set out to turn it on, though, you should test to see if you’re already using it. Head to www.test-ipv6.com to see if you’re using IPv6. Here’s what you’ll see if you’re only using IPv4:

testing IPv6 connectivity

Turning on IPv6 will depend on your router and your ISP. Your best bet is to search for “[router manufacturer] ipv6 [your ISP].” You may also want to upgrade your router’s firmware to DD-WRT to make the change easier.

It’s important to understand that there are two ways of accessing IPv6 sites: with a transition mechanism and natively. There are numerous transition mechanisms, but one called 6to4 is likely the most commonly used. It encapsulates IPv6 data in IPv4 transmissions, effectively letting you see newer-format sites with an older transmission protocol.

A native IPv6 connection lets you connect directly to the site in question, skipping the transition process. This is what you need for a full switch over to IPv6. If your router gives you the choice, you’ll want to choose native IPv6.

To see if a site will accept IPv6 connections, use the IPv6 validation tool. If the site has a 128-bit IP address, you know that the site is IPv6-compatible.

How to Turn IPv6 Off

If you’d rather not use IPv6 (and we recommend not using it if your VPN can’t protect your traffic), you can simply tell your computer not to use it. On Windows, go to Settings > Network & Internet > Network & Sharing Center (it’s at the bottom of the window).

Network and sharing center

Click Change adapter settings and then right-click your main internet connection (in my case, it’s my wifi connection) and select Properties:

Wi-Fi Properties

Scroll through the list until you see Internet Protocol Version 6 (TCP/IPv6) and uncheck the box:

Interent Protocol Version 6

To turn off IPv6 on a Mac, head to System Preferences > Network. Click Advanced and then go to the TCP/IP tab.

Configuring IPv4 on Mac

From here, just change the Configure IPv6 drop-down menu to Off.

If you don’t see the Off option, you need to run a Terminal command. Open Terminal and run one of the following commands, based on how you’re connected to the internet:

networksetup -setv6off "Wi-Fi"
networksetup -setv6off "Ethernet"

That should enable the Off option in the TCP/IP tab of the Network settings. To turn it back on, just select Automatically in the menu or run one of these commands:

networksetup -setv6automatic "Wi-Fi"
networksetup -setv6automatic "Ethernet"

IPv6 and VPNs

We’re all about VPNs here, so of course we’re going to talk about IPv6 and VPNs. If you’ve done much research on VPNs, you might have noticed that many providers disable IPv6 traffic over their VPN. This is because many VPN providers haven’t yet updated their servers and software to accommodate the new standard.

Unfortunately, this means that IPv6 traffic is sometimes routed through your ISP instead of your VPN. And that defeats the purpose of having a VPN in the first place. This is known as an IPv6 leak.

A 2015 study found that the majority of VPN providers suffered from IP address leaks, and that many of them were also vulnerable to IPv6 DNS hijacking. In 2016, another group of researchers found that 84% of Android VPNs weren’t routing IPv6 traffic through the VPN.

Fortunately, studies like these have encouraged providers to better protect their customers’ privacy by including IPv6-friendly features. Some VPNs are able to handle IPv6 traffic. Others simply tell their users to disable that traffic to prevent IP address leaks.

If you’re not sure what your current VPN is doing about IPv6 traffic, it’s a good idea to test your connection for IP leaks. IPleak.net is a good tool for testing whether you’re leaking IP information, and it covers both IPv4 and IPv6 traffic. If you see your personal or ISP’s IP address displayed on the page, your VPN isn’t fully protecting your privacy.

Some VPN providers have instituted support for IPv6 traffic, but not as many as we’d like. We’ll give you a few recommendations below for IPv6 protection.

Keep in mind that IPv6 support and IPv6 leak protection are different features. Leak protection usually involves just turning IPv6 off. This does protect your privacy, as there’s nothing to leak. But it doesn’t take advantage of the features that IPv6 provides. IPv6 support, however, lets VPNs route newer-protocol traffic to IPv6-enabled sites.

This is an important distinction. IPv6 leak protection is good—it definitely improves your safety. But IPv6 support takes it to another level.

VPNs That Support IPv6

As I mentioned previously, most VPNs don’t support IPv6 connections. There are a few, however, that will let you connect via IPv6. Mullvad (review) and FrootVPN (review), two VPNs that we like, offer full support. So does Perfect Privacy, but we haven’t had a chance to review their VPN at the time of this writing.

Beyond those three, your best bet is to find a VPN with IPv6 leak protection to prevent your traffic being routed through your ISP. Most of the top-rated VPNs provide some kind of leak protection. A few, like NordVPN (read review), have been very vocal about instituting their leak protection programs, and you can trust that they’ll be effective.

To find out whether your chosen VPN offers IPv6 leak protection, your best bet is to consult their documentation. Some have an option that you need to turn on. Other block IPv6 traffic automatically. Still, others recommend that you turn off IPv6 traffic on your computer.

Of course, we recommend always routing your traffic through a VPN. But if your VPN leaks your IPv6 IP address, it’s probably a better idea to simply turn IPv6 off using the instructions above.

Be Safe with IPv6

Because it’s a new and better technology, you may want to jump right into IPv6. If it’s better than IPv4, why wouldn’t you use it by default? But as we’ve seen, there are a few issues with it—primarily, that most VPNs don’t support it. And that if they lack leak protection, you could be leaking your IP address when you think it’s protected.

Check to make sure that your VPN either supports IPv6 or offers protection from IP address leaking. If it doesn’t, switch VPNs (most of the big names provide some sort of protection) or turn IPv6 off from your computer’s settings.

If you’ve taken those steps, you can be confident that you’ll be safer on the new, IPv6-enabled internet.

Have you made the switch to IPv6 yet? Does your VPN provider support it? Share your experiences in the comments below!

Leave a Reply

Your email address will not be published. Required fields are marked *