• Because there are no IPv4 addresses any more.
• Because you will not have to use NAT (because there are a lot of IPv6 addresses, compared to IPv4 addresses, which are now nowhere to be found).
• Because there are no IPv4 addresses any more.
• Because you have the opportunity to rethink your addressing scheme.
• Because there are no IPv4 addresses any more.
• Because it always provides IPSec
• Because there are no IPv4 addresses any more.
• Because IPv4 will be more and more painful to make working at all.
• http://www.youtube.com/watch?v=eYffYT2y-Iw
• TODO: more

TODO: links to details

Well, actually, there was. It was however just experimental.

Basically no, the principles of IPv6 are very close to IPv4, even more so since IPv4 has more and more converged toward IPv6, using CIDER, multiple addresses, IPv6 now has NAT, etc. The differences one will have to cope with anyway are:

• 128bit addresses instead of 32bit addresses, with an hexadecimal notation, like 2001:db8:12ab::12 (although it's not mandatory to use a-f letters, one can decide to just use numbers for the right part of the address for various reasons)
• Well-known addresses are of course different, e.g. 127.0.0.1 is ::1 in IPv6.
• The automatic private IP adressing (169.254.0.0/16) is now systematic, it is fe80::/10. It is actually used for IPv6 itself (NDP).
• DNS entries for IPv6 use “AAAA” records instead of “A”
• IPv6 and IPv4 can not natively talk to each other. More on this below.

Well, in the end, all machines should have IPv6 configured. But that does not mean one has to get rid of IPv4 immediately. One can simply add IPv6 along IPv4, and IPv6 will be used whenever it can be, while IPv4 can still be used as a fallback, even if it is behind a CGN.

The combination of NAT64 + DNS64 can however be used to set up an IPv6-only network, which can still transparently access the IPv4 world.

There is no general answer to this. For various reasons, IPv6 is faster to process than IPv4 (e.g. no checksum in the IP header, no fragmentation). For others, it is slower (e.g. bigger addresses). IPv6 implementations might not have yet gotten as optimized as IPv4 ones. But the routing tables are much cleaner. In the end, some applications simply try both, and use the one that connects first, so whichever it is wins :) IPv6 also makes way less use of ethernet broadcasts.

Most probably, yes:

• Linux since a long time (2.1.8), considered really stable since 2.6.12 (2005)
  • Debian Etch (4.0, 2007) supports it out of the box. At least Debian Squeeze (6.0) would be preferrable for better application software support.
  • Ubuntu 7.10 (Gutsy Gibbon) supports it out of the box. At least Ubuntu 10.10 (Maverick Meerkat) would be preferrable for better application software support.
  • Fedora 6 (2006) supports it out of the box. At least Fedora 13 (Goddard) would be preferrable for better application software support.
• Windows:
  • On 3.1/95/98/NT, one has to install the Trumpet's winsock implementation
  • On 2000, Microsoft provides a “Technology Preview for Windows 2000”
  • XP has it built-in, although you have to enable it by running netsh interface ipv6 install (or even just ipv6 install with the latest versions).
  • Vista/7 have it built-in and enabled by default.
• MacOS really supports IPv6 since 10.7 (Lion).
• GNU/Hurd: since 2007.
• TODO: others

You need to achieve three things:

• Bring IPv6 routing up to your host
• Configure your server operating system for IPv6 (unless automatically done through dynamic configuration or stateless auto-configuration)
• Make sure your applications know how to connect through IPv6.

You need to achieve four things:

• Bring IPv6 routing up to your server
• Configure your server operating system for IPv6 (unless automatically done through dynamic configuration or stateless auto-configuration)
• Make sure your server software listens for IPv6 connections
• Publish DNS AAAA records, so people start connecting to your server

Hopefully, your ISP brings IPv6 up to your router. You then just need to configure the router to route IPv6, and for instance configure DHCPv6 or stateless autoconfiguration, so you don't need to configure your machine's operating system.

You also need to make sure IPv6 resolution works. For instance, host www.ffdn.org should report both 141.255.128.13 and 2a01:474::13. If not, you need to configure your DNS server to enable IPv6 AAAA records.

If your ISP does not bring IPv6 up to your router, you can use an IPv6 tunnel, see below.

Of course, don't forget to set up a firewall along the way. Yes, a firewall, not NAT.

• France:
  • Renater's core routes IPv6, but a lot of universities and laboratories have not configured their end yet.
  • Free provides a /60, but as of jan' 2014, it does not provide a firewall feature on the router to protect it.
  • Nerim provides IPv6
  • FDN provides /48 prefixes.
  • TODO…
• TODO…

  How to configure my server operating system for IPv6?

The simplest way is simply not to have to configure it, by just configuring DHCPv6 or stateless autoconfiguration on your the router. Machines on the network will then automatically configure themselves, just like they can do for IPv4.

You can tcpdump your network interface, or use netstat, etc. If the application does not seem to support IPv6, please report a bug to their authors. Nowadays, all applications should really support IPv6.

One can see this in netstat -Ainet6, e.g.:

tcp6 0 0 :::22 :::* LISTEN 5265/sshd

ssh is properly listening on TCPv6 port 22.

Some software may have to be explicitly told to listen for IPv6, by specifying things like

listen = 0.0.0.0, ::

where 0.0.0.0 is for all IPv4 addresses, and :: is for all IPv6 addresses.

IPv6 AAAA DNS records are just like IPv4 A records, except they contain an IPv6 (which is 4 times bigger than an IPv4, thus the 4 A's :) )

Yes, although not natively: there has to be a router R in between which has both IPv6 and IPv4 configured, and performs NAT64 address translation.

A will talk IPv6 using its IPv6 address as source, and ::ffff:0:0/96 adresses as destinations, e.g ::ffff:c000:0280, which can also be written ::ffff:192.0.2.128 to clearly show the mapping with IPv4 addresses. B will talk IPv4, using its 192.0.2.128 address. The router will translate between both, masquerading the IPv6 address of A with its own IPv4 address. A DNS64 server can be used to make sure A always use the IPv4-mapped-in-IPv6 addresses, by replacing the A records in DNS answers with the corresponding AAAA records.

No. A will only be able to connect to B by setting up an IPv6 tunnel on it (i.e. A will not IPv4-only any more actually). See more about it below

It is a tunnel with one end connected to the IPv6 world, thus letting a machine in an IPv4 world have a route to the IPv6 world. A huge lot of various tunnel possibilities exist (TODO: mention a list, but without going into details, just urls).

Well, IPv6 does have NAT support nowadays actually. But you don't want to enable it (see below).

And not using NAT does not make your network less secure. What can make your network less secure is not using a firewall at all. It happens that enabling NAT would automatically enable a firewall. But you can also enable a firewall, thus getting security, without enabling NAT (which does not bring security).

With recent versions of Operating Systems, yes (TODO: which versions).

That being said, this is usually not a good idea, as NAT breaks a lot of application protocols, see below, and IPv6 is precisely meant to let all machines have their own public IP.

If you really really want to, you can use a random fd00::/8 prefix for defining a private local network.

• In IPv4, because it only shifts the lack of addresses a bit: instead of lacking addresses, you are then lacking ports on the few public addresses you are using to masquerade the private addresses. This limits the number of connections each machine can keep open at the same time.
• It breaks protocols which explicitly use IP addresses
  • FTP
  • Peer to peer
  • IRC's DCC
  • Voice over IP: SIP
  • And any such protocol that anybody on earth might want to invent. Plugins might have been written to cope with the protocols above, but they can not work with newer protocols.
• Consequently, it makes protocols try to deal with NATs, which makes them much more complex.
• All users sharing the same public IP address appear the same on the Internet.
  • If one of them gets blacklisted based on its IP address, all of them get blacklisted. This has already happened on a very large scale due to CGN.
  • Tracing a network issue gets more complex when you only have a public IP address behind which there are thousands of customers.
  • If a customer does bad (really bad) things on the Internet, the police would like to know who that is, not which pack of thousands of people that might have been at some more or less unknown point.
• machines behind the NAT generally can not act as servers. This hinders innovation.

Well, it's basically the same as NAT, but first to a larger scale: Carrier-Grade NAT means it is all customers of an ISP which are masqueraded. Also, ISPs have millions of customers, 10.0.0.0/8 contains only 16 million IPs. Geolocalisation of customers also can not happen any more.

It is also worse because NAT is usually also performed again at the customer's homes. These two layers of NAT make it rather impossible to support peer-to-peer exchanges.

Last but not least, the NAT not being controlled by the customer, mostly only TCP and UDP will get through (ICMP too, if the ISP is no too dumb). This hinders possibilities of innovation in the transport layer.

Essentially, no, since IPv6 uses the same basic principles of IPv4. So the firewall rules will essentially be the same. This is thus duplicated configuration lines, but not duplicating thinking about them.

One exception to this is:

• ARP is replaced with NDP, which is contained in ICMPv6, so make sure to enable ICMPv6 (at least types neighbradv and neighbrsol) on prefixes fe80::/64 and ff02:0:0:0:0:1:ff00::/104, so it can work properly.

(TODO: any other?)

Well, it can be a good opportunity to clean up the addressing scheme. That said, you don't strictly have to, since there is so much room, you could even, for a machine which has IPv4 192.0.2.128, simply give it the IPv6 2001:db8:0:2::128, thus looking very similar to the IPv4.

Essentially the same way as IPv4 dynamic routing, simply alongside IPv4, for instance by running a bgp daemon for IPv4, and another one for IPv6. You can for instance have exactly the same peering policy (at least with your peers who support IPv6).

If you configure your network with stateless configuration, and do not enable its privacy extension, yes, your IPv6 address will contain the MAC address of your network board, which happens to contain information about the manufacturer of the board, when, and where it was built (and thus roughly where it was sold).

But that's only in that case. With static configuration, dhcp dynamic configuration, or stateless configuration with privacy extension (i.e. it basically takes a random address), there is no such issue.

No. All equipments which only talk L2 protocols such as Ethernet do not need to be changed: to them, IPv6 is just another kind of payload among others (86dd for IPv6 instead of 0x0800 for IPv4). The ethernet protocol itself is completely unchanged.

Routers, however, might have to be changed if they are really old, because these have to talk IPv6.

Hopefully, no. You do not need to modify your software if:

• it does not deal with IPv4 addresses at all,
• and it uses IPv4/IPv6-agnostic programming interfaces, with a runtime that supports IPv6

For instance, if your software just passes a (hostname,port) pair to its programming interface, the software does not need any modification. One has to make sure that the runtime behind the programming interface supports IPv6, of course. This is now the case for the vast majority of them.

Most notably, the historical C network programming interface is not completely IPv4/IPv6-agnostic: gethostbyname does not return enough information to be able to not care about the differences between IPv4 and IPv6. getaddrinfo should be used instead, since it provides exactly what you have to give to socket, bind, and connect

Most application protocols are available in IPv6, http/ftp/dns of course, but also dhcp/nfs/etc.

(TODO: more protocols).

Yes, although it is rather called Neighbour Discovery Protocol (NDP) and works a bit differently (but basically it's the same principle).

The principle is that the router just announces the prefix, e.g. 2001:db8:0:2::/64, and machines just pick an IP address within it as they wish: using the MAC address of the ethernet board, or just using a random address. A Duplicate Address Detection (DAD) protocol is used to make sure there is no conflict.

This has the same issue as DHCP: if there is a rogue system emitting prefix announces, machines will pick them.

RDNSS can also be used to announce the address of a DNS server.

This is basically encrypted packet transmission, not systematic in IPv6.

Although not widely used, this allows a machine to roam between IPv6 networks without losing your connections: the machine is carrying a public adress with it, attached to the home LAN of the machine, and packet routing to the machine is automatically done down to the network where the machine happens to go through.