IPV6: How the New Format Will Work With Security Systems
Will IPV6 — the new network addressing format — be a problem for security professionals installing IP security devices? If you’ve set up your clients’ DDNS properly, they should have no trouble accessing their Internet-connected security systems.
There has been much publicity recently regarding the new Internet Protocol (IP) addressing format called IPV6. The question is whether this new addressing method will affect physical security installations, and how the industry will handle this potentially dramatic change.
First let’s examine exactly how IPV6 came to be. The original IP addressing format, called IPV4, consists of four groups of three numbers, called octets, separated by periods; for example 192.168.1.1 for a LAN address or 188.8.131.52 for a public IP address. These addresses were issued in blocks over the years by the IANA (Internet Assigned Numbers Authority). So, for example, the IPV4 address block starting with the number 11(184.108.40.206) was issued to the United States Department of Defense. In that one block there are 16,777,214 individual IP addresses. This type of IPV4 address block, where the holder possesses a unique first octet is termed a “Class A” block, of which there are 126 in total, with each block providing 16 million-plus unique IPV4 addresses. These blocks were issued to government agencies, large companies such as HP and Ford, and large telecom/ISPs around the globe. The total number of unique IPV4 addresses is 4,294,967,296.
It’s important to understand that these Class A IPV4 address blocks are allocated to a specific user/government agency/company, but each individual address is not necessarily in use. This situation is similar to what happened to the alarm industry approximately 25 years ago when cellular telephone service became widespread. As each cellular company went “live,” some requested and received a new area code specifically for their cell phones. So where Chicago and its suburbs once had only a single telephone area code, 312, now there also are additional area codes such as 773, 847, 708 and 630.
It was determined about 10 years ago that the IPV4 address method eventually would be exhausted — there would be a day when no new IPV4 address blocks could be issued. That day was reached in the fall of 2011, and no new IPV4 address blocks are available. There currently is a lively market in the selling of allocated but unused IPV4 addresses, with millions of dollars changing hands.
To provide new addresses for IP-enabled devices a new format called IPV6 was created and approved. Basically an IPV6 address consists of eight groups of numbers and letters (0-9. A-F) separated by colons. This provides an additional 3.4×10 to the 38th power number of IP addresses.
So an IPV6 address would look something like this: DCEF:AB76:5694:5320:ABDF:AB43:234C:D2C1
Because the overwhelming number of existing network devices are addressed using IPV4, the creators of IPV6 made it compatible with the older IPV4 method.
Here is the conversion method used to make an IPV4 address work with IPV6 by placing two colons before the IPV4 address:
IPV4 – 220.127.116.11
IPV6 – : : 11:14:17:230
IPV6 Pluses & Minuses
IPV6 addresses are primarily used today as public IP addresses issued by Internet Service Providers to their users. There are three broad categories of Internet users/devices that either are using IPV6 now or will in the near future. Those types are: wireless smartphones and touchpads, emerging economies such as China and India, and the U.S. government, which mandated the use of IPV6 in all of its networks, although that particular mandate has yet to be fully completed. As new Internet-connected technologies emerge such as smart automobiles, refrigerators, vending machines, and things yet-to-be conceived, these devices also will use IPV6 to connect directly to the Internet.
Besides providing a much greater number of total unique Internet addresses, IPV6 also provides an improved level of security of data packets that is not available when IPV4 is used.
An unintended blowback of IPV6 usage is that data packets become much longer, as the destination and source address information must be embedded in a data packet, and IPV6 addresses are much longer than IPV4.
Because, in general, developed economies grasped onto the Internet before others, the large ISPs in North America likely have sufficient IPV4 addresses to issue to their current wired (DSL, cable, T-1) clients for the foreseeable future. Newer services such as 4G LTE (Long-Term Evolution) wireless will likely need to start implementing IPV6 within a short time span, as spare IPV4 addresses will not be available.
IPV6 Impact on Users
For most common Internet users, whether wired or wireless, the specific public IP address of their network or device is immaterial. The public IP address of a smartphone is like the license plate on a rental car — as long as the plate is mounted and current, the driver doesn’t care what numbers and letters are on the plate itself. What matters is that the vehicle can be driven to the right location.
When a user opens an Internet browser, they direct themselves to specific websites usually using URLs (Universal Resource Locators), such as www.Yahoo.com or www.Google.com. When these requests are typed into a Web browser, the device will connect to one of the DNS (Domain Name Service) servers on the Internet, which converts the URL to the numeric IP address. As IPV6 becomes more prevalently used there will be little effect on human users, as the DNS servers will be updated to provide a matching IPV6 address for specific URL names.
IPV6 Impact on Local Networks
There are literally tens of millions of existing IP-enabled PCs, routers, cameras, servers — you name it — that are functional on local networks today. The vast majority of these devices have no capability to be programmed for IPV6, so the addresses for these devices are and will remain IPV4. The “old” format of IPV4 will continue to be used for devices in local networks, as most LANs contain less than 50 individually addressed devices; therefore, there is no need for a billion-plus new LAN addresses.
Keep in mind that LAN devices, including physical security components such as IP cameras and NVRs, are segregated onto their particular LAN, so IP addresses can be duplicated within nearby or far away LANs with no problem. For example, most residential/light commercial routers such as Linksys and Belkin have a default LAN IP address of 192.168.1.1. It is very likely that on the street where you live there are multiple instances of routers using the LAN IP address 192.168.1.1. This doesn’t pose a problem as the networks are segregated in each dwelling. To put it another way, the automobile license plate number “134 CDA” might be found on plates from Ohio, Texas, Illinois, New York, etc. The number (or LAN IP address) is the same but the state (or individual LAN) is different.
What this means to security installation companies programming and installing IP-enabled devices into clients’ homes and commercial buildings is that IPV4 addressing will continue to be used to address devices onto local networks. It is most likely that nothing will change and IPV6 will not affect this part of the installation process unless the installation is at a U.S. federal building or at a company that has converted its LAN devices to IPV6. Most of the IP-enabled devices that I’ve programmed in the past year have no ability for inputting an IPV6 address, with the noted exception of Axis Communications IP cameras.
IPV6 Impact on Internet Connections
Although there are no more IPV4 address blocks to be newly issued, most of the major ISPs such as AT&T and Comcast have more than sufficient unused IPV4 addresses to provide to their customers. In most cases typical users are receiving DHCP (Dynamic Host Control Protocol) public IP addresses for their individual DSL adapters and cable modems. This use of DHCP means that the ISP is providing a public IP address for each active client, and that address can change at the will or whim of the Internet Service Provider.
Economics will dictate whether particular ISPs will move quickly or slowly into issuing IPV6 addresses for Internet connections. For example, on my desk is a 2-Wire DSL adapter that is at least eight years old and is connected to what was SBC and is now AT&T. One would guess that there are hundreds of thousands, perhaps millions, of the exact same model DSL adapter in service for AT&T clients today. It would cost AT&T probably tens of millions of dollars to wholesale exchange and reinstall new DSL adapters that will accept an IPV6 address. So that population of DSL users will likely continue to be issued IPV4 public Internet addresses. A large vendor such as AT&T may now be installing updated DSL adapters that will accept both IPV4 and IPV6 addresses, preparing their client base for the IPV6 future even if they are not issuing IPV6 addresses today.
Security dealers who have provided their clients with remote Internet access to their IP-enabled security devices such as access control systems and NVRs likely will see little if any changes to their clients’ ability to reach their systems/devices over the Internet. Clients will continue to use either the known public IPV4 address of the target network or the DDNS (Dynamic Domain Name Service) URL that was provided by the dealer upon installation. DDNS services provide an easily remembered URL name such as “DavesNVR.nu” which is then converted to the actual numeric public IP address of my system.
Future IPV6 Concerns
Security dealers should be aware that IPV6 is coming, and this new addressing format most likely will be used strictly for ISP public Internet addresses provided to clients via their cable modem or DSL adapter. As long as the installing company has set up the client for the DDNS service type mentioned above, and the selected DDNS service can handle IPV6 addresses, there should be no trouble in clients remotely accessing their Internet-connected security systems. Dealers should check with their DDNS service of choice to confirm their IPV6 capabilities, and also confirm that the automatic updating software or device within the end-user’s LAN can update the DDNS service with IPV6 addresses.
The good news is that with the huge leap in the quantity of public IP addresses available using IPV6 it is quite possible that instead of using dynamic public IP addressing for typical users, ISPs will start to issue static IPV6 addresses without additional charge to the end user — maybe! Even if static IPV6 public IP addresses become the norm, clients will struggle with trying to remember an IP address that has 32 characters, along with the associated software port numbers needed to reach specific devices behind firewalls. So dealers should become familiar with using DDNS services (which in their basic form are usually free) to give their customers an easy-to-remember name for connection to their remote Internet-connected security devices.
Author’s Note: Thanks to Ray Coulombe of Gilwell Technologies for his assistance with this article.