IPv4 vs IPv6: Is it Okay to Use IPv4 as IPv6

network protocol
Written By Chris Wellens

Despite what one might read in certain techno-marketing publications, IPv4 is very much alive; it has not by any stretch yet been replaced by IPv6.

So it remains important that vendors of networking products do IPv4 and do it correctly.

But some vendors appear to be getting lazy.

In particular one of the largest vendors seems to be taking a shortcut that could leave users unable to communicate even though those users have otherwise perfectly usable packet service from their network providers.

The issue described here is relatively rare, but it does occur. And the software code to “do it right” is well known to be difficult – but certainly not impossible. In fact it may well be that this vendor retreated from a working code base that properly handled this matter.

So what is it that we are talking about?

The Windows 10 operating system from Microsoft does not properly adhere to RFC 1122 “Requirements for Internet Hosts — Communication Layers”.

RFC 1122 requires IPv4 to handle overlapping fragments. (See section 3.3.2 Reassembly). IPv4 is a core protocol for delivering packets over the Internet.

What is IPv4? 

IPv4, or Internet Protocol version 4, is the fourth version of the Internet Protocol and has been the dominant version used to connect devices on the internet for several decades. It is based on a 32-bit addressing scheme, allowing for approximately 4.3 billion unique IP addresses. IPv4 addresses are represented in four decimal numbers separated by periods, such as 192.168.1.1. While IPv4 has served as the backbone of the internet, its limited address space has become a significant challenge as the number of internet-connected devices has exploded in recent years.

What is IPv6?

IPv6, or Internet Protocol version 6, is the latest iteration of the Internet Protocol and was introduced to address the limitations of IPv4's address space. It uses a 128-bit addressing scheme, providing an enormous number of unique IP addresses, approximately 340 undecillion, which is more than enough to accommodate the ever-growing number of internet-connected devices. IPv6 addresses are represented in eight groups of hexadecimal numbers separated by colons, such as 2001:0db8:85a3:0000:0000:8a2e:0370:7334. IPv6 is designed to support enhanced security, auto-configuration, and better packet handling, making it the future of internet communication.

Key Differences Between IPv4 and IPv6

IPv4 and IPv6 differ in various aspects, primarily due to their distinct address spaces. Here are some key differences:

  • Address Length: IPv4 uses 32-bit addresses, while IPv6 uses 128-bit addresses.

  • Address Representation: IPv4 addresses are represented in decimal format (e.g., 192.168.1.1), whereas IPv6 addresses are represented in hexadecimal format (e.g., 2001:0db8:85a3:0000:0000:8a2e:0370:7334).

  • Address Space: IPv4 has approximately 4.3 billion addresses, limiting the growth of the internet, while IPv6 offers an almost limitless number of addresses.

  • Address Allocation: IPv4 addresses were allocated using various techniques like classful addressing and network address translation (NAT), whereas IPv6 uses a hierarchical addressing structure with a more efficient allocation process.

  • Header Format: IPv6 has a simplified header format, reducing processing overhead and improving performance compared to the more complex IPv4 header.

  • Routing: IPv6 incorporates a hierarchical and organized routing structure, making routing more efficient compared to IPv4's less structured approach.

Which is More Popular? The IPv4 or IPv6

As of now, IPv4 remains more popular and widely used due to its long-standing presence on the internet and the existing infrastructure that supports it. However, with the depletion of available IPv4 addresses and the growing demand for internet-connected devices, IPv6 adoption is steadily increasing. Many internet service providers, organizations, and tech giants have already started transitioning to IPv6 to future-proof their networks and accommodate the expanding internet ecosystem.

The Short Answer - Is it Okay to Make IPv4 Act like IPv6?

While it is possible to implement technologies and mechanisms to make IPv4 behave like IPv6, such as tunneling techniques and transitional mechanisms, it is generally considered a temporary solution. These mechanisms are often complex, may introduce performance overhead, and could lead to compatibility issues. The more sustainable approach is to adopt IPv6 natively and ensure a smooth transition to the new protocol. Native IPv6 implementation provides the full benefits and features of the protocol, enabling a seamless and efficient internet experience. As the world moves toward IPv6, embracing its advantages and transitioning away from IPv4 is the ideal way to ensure the internet's continued growth and interoperability.

Key Takeaways for IPv4 vs IPv6

IP fragmentation is the process of splitting a single Internet Protocol (IP) datagram into multiple packets of smaller size. Packets have to be fragmented when they are too large for a network link. Every network link has its own maximum transmission unit (MTU). If a packet exceeds the size of the MTU, the MTU sender (whether that sender is the initial source or a router along the path) will fragment the packet in order to process it. Thus, the packet has to be split into smaller sections. Because switches and routers can send these packets along different paths to their ultimate destination, occasionally overlapping of the fragments may occur.

IPv4 requires that the receiver assemble these fragments back into the original whole. If the receiver does not receive all of the pieces within a time window all of the pieces are discarded. The pieces may arrive in any order, they may nicely abut one another, or there may be gaps that will be patched by later fragments, and in some cases the fragments may overlap.

Unfortunately Microsoft’s Windows 10 does not allow overlapping IPv4 fragments. In fact, Windows 10 discards the overlapping IPv4 fragments. The original packet could have been successfully delivered, just in overlapping fragments, not one datagram. But if the receiving node discards those fragments, without making an effort to reassemble them, then the fragments will not be processed.

The Microsoft website has no information on why Windows 10 did not follow the rules, or what the rationale or justification might be for this decision.

So Why Doesn’t Microsoft Allow Overlapping IPv4 Fragments?

When fragments with overlapping content arrive at the destination device, that device must reassemble the fragments into a single cohesive packet (its original state). This IPv4 reassembly code is notoriously difficult to implement and test.

Reuse Code

IPv6, unlike IPv4, requires that overlapping IPv6 fragments are discarded (see RFC 5722). Microsoft may have decided to simply reuse the newer IPv6 code in IPv4, thus avoiding implementation and testing of the more difficult IPv4 reassembly code.

Improve or Correct the RFC

In addition, since the newer IPv6 contains improvements, notably a larger address space, one might interpret the discarding of overlapping fragments as an error in IPv4, meriting correction. Microsoft may have decided that since IPv6 discards overlapping fragments, then IPv4 should probably have done that as well.

Security

Finally, Microsoft may argue that IPv4 is less secure than IPv6, due to overlapping fragments. In the past, Denial of Service attack tools exploited poor implementations of the IPv4 re-assembly code, specifically the Teardrop and Land attacks (see https://www.cert.org/historical/advisories/ca-1997-28.cfm) However patches and corrections for these attacks have existed for 20 years, so that is not a credible reason for non-compliance with RFC 1122.

More recently, overlapping fragments exploited some firewalls by counting on the firewall to inspect only the first fragment of a packet, allowing the balance of the fragments to flow through, without inspection. However firewalls and Intrusion Detection Systems have found workarounds to prevent these types of attacks.

Nevertheless, Microsoft may have relied on these security vulnerabilities to decide to discard overlapping fragments in IPv4.

Understanding the Risk and Security Vulnerabilities of IPv4

Since Windows 10 does not conform to RFC 1122 and discards overlapping fragments, a number of possible risks come to light. Windows 10 may break embedded systems and application software and present new interoperability problems.

Other operating systems, such as Linux and FreeBSD, continue to follow RFC 1122 and support overlapping IPv4 fragments.

A recent proposed standard RFC 6864, dated February 2013, noted no change in the need for hosts to support overlapping IPv4 fragments:

RFC 1122 also suggests that fragments can overlap. Such overlap can occur if successive retransmissions are fragmented in different ways but with the same reassembly IPv4 ID. This overlap is noted as the result of reusing IPv4 IDs when retransmitting datagrams, which this document deprecates. However, it is also the result of in-network datagram duplication, which can still occur. As a result, this document does not change the need for receivers to support overlapping fragments.

There is no RFC allowing overlapping IPv4 fragments to be discarded. Microsoft’s Windows 10 is not compliant with RFC 1122 that requires IPv4 to handle overlapping fragments. IWL’s tests will continue to follow RFC 1122. The specific tests for proper reassembly of overlapping fragments will continue to be graded for all stacks.

Is it okay to make IPv4 act like IPv6? Not at this time.

Chris Wellens http://carboneraneighbors.com
Previous

Taking Exception to the StringBleed Vulnerability
Next

Performance Test IOT App on ESP8266 on a Drone