nternet Protocol version 6 has been "emerging" for some time, having first been defined as a protocol specification almost five years ago. In that time, the Internet world has, at best, had time to become aware of the advantages IPv6 brings in terms of increased address space, greater security, more efficient routing, cleaner, end-to-end connectivity, built-in quality of service and dynamic IP mobility.

At worst, many in that same community have turned a blind eye to those advantages. Instead, they have chosen to concentrate on the installed IPv4 infrastructure and extend its capabilities using techniques such as network address translators (NATs), non-native IP Security (IPSec) implementations and additions such as Mobile IPv4 to tackle the problem of IP mobility for handheld devices.

However, the unprecedented and unpredicted rise in the number of these handheld devices-and their associated applications-is now forcing a surge in support for IPv6, particularly for Mobile IPv6.

The most immediate issue is the number of IP addresses needed to support the billions of devices expected to be deployed in the coming years. Add to that the promotion of "push" technologies for those services-which demand end-to-end connectivity-and the need for secure mobile transactions for "m-commerce," and it becomes clear that the IPv4 model quickly breaks down.

"With IPv4's 32-bit addressing scheme, you get 4 billion addresses-50 percent of which are already taken," said Basavaraj Patil, chair of the Internet Engineering Task Force's IP Mobility Working Group, and senior systems designer at Nokia (Irving, Texas). "Compounding the issue is an assignment structure which gives an efficiency of only 60 percent-hence we're running out of addresses fast."

The inefficiency stems from the breakdown of IP addresses into private networks defined as Class A, B and C. These in turn are augmented by NATs to increase the number of local addresses, as well as the use of a technique known as classless interdomain routing to increase the network capacity. "The use of NATs has basically destroyed the transparency of the Internet, and the end-to-end or peer-to-peer model on which it's based," said Latif Ladid, president of the IPv6 Forum (www. IPv6forum.com) and vice president of Ericsson Telebit A/S (Luxembourg).

The end-to-end model is key to the concept of push technologies. On connecting to the Internet, the user gets a unique address. "However," said Ladid, "when you disconnect and reconnect, you're assigned the next available address. As a result, it doesn't recognize the user and therefore the user can't take advantage of the site's potential push capabilities."

The need to enable push technology, combined with the lack of IP addresses in the current network, are two major reasons for the surge in IPv6 interest, Ladid said.

"This is why the 3GPP Third Generation Partnership Project and 3GPP2 in the U.S. are eagerly awaiting IPv6," he said. "Apparently we'll have 1.5 billion people connected via mobile phones by 2005 and 3 billion by 2010-expect 30 percent to be using IP." This isn't even counting those moving around with 802.11b- and Bluetooth-enabled devices. "These companies don't even realize what's happening and don't know what the issues are," said Ladid.

A global concern
Along with the 3GPP and the European Commission, other parts of the world have shown a sense of urgency about the matter.

Last September, Prime Minister Yoshiro Mori of Japan vouched for IPv6 in front of the Japanese parliament, declaring that by 2005 Japan would have 100 percent deployment in government, education and industry. And in February, the Korean government followed suit by promising to spend $80 billion by 2005 to develop and deploy IPv6.

While address space and push technologies are major motivators for the drive to IPv6, they are only part of the story. Two other features of the proposed protocol stand out: namely, how mobile users are handled, and security.

The current implementation of Mobile IPv4 employs the concept of a foreign agent (FA) and home agent (HA). As the user enters a new network-while traveling, for instance-the FA assigns the user a new care-of (CO) address. The FA has to communicate that address through a tunnel back to the HA on the user's home network. Now, the packets from the corresponding node to the mobile unit always have to go through the HA.

"This creates a triangulation inefficiency issue that doesn't exist with Mobile IPv6, as IPv6 supports an autoconfiguration capability," said Terry Boland, director of wireless core and IP services at Nortel Networks (Richardson, Texas).

The triangulation issue is no small matter, with 500 million IP addresses anticipated by 2005 (30 percent of 1.5 billion phone users) and 1 billion by 2010. Assuming 1 percent are roaming, that's 5 million travelers who need unique CO addresses that will house them in a foreign network and give them instant connections using their own IP address.

"This will not work today," said Ladid, "as the triangular routing alone will eat up spectrum. Also, with IPv4 you have to key in your CO address yourself. In IPv6 it's automatic, thanks to the autoconfiguration feature." Manual input is a big barrier to ease of use, according to Ladid, and considering the push to get mobile devices into everyone's hands, this is not a minor issue.

However, there's one hiccup with Mobile IPv6-it hasn't been fully defined yet. "That's why the Mobile IPv4 architecture has been done over the last number of years," said Patil. "It's already an RFC 2002 request for comments, whereas Mobile IPv6 is still evolving, so you can't build products and solutions yet." One of the outstanding issues is how exactly to do the autoconfiguration, which can be either stateful or stateless.

With stateless autoconfiguration, the mobile device automatically listens to the updates on the visitor network and then generates a new address (unique address for that visitor network) based on the subnet it's visiting, as well as the unique link identifier that the mobile is using. It then has to verify it's a unique address and that there's no duplication in the network. The device will then place that address inside the IPv6 header. It embeds its original home address when it sends the packet to its home network.

"There are a couple of problems with this mechanism," said Boland. "The first is the lack of willingness on the part of the operators to implement it, as they tend to want to control the IP-address allocation for billing and tracking purposes." In addition, the problem of getting device manufacturers and operators to decide and work together on how it should be done is not trivial.

Another problem with stateless autoconfiguration is the time taken to check for duplicate addresses to ensure the device is unique.

The alternative is do stateful addressing with dynamic host configuration protocol (DHCP) whereby the network, under the operator's control, issues the address. "That's probably the way in which it'll be implemented," said Boland.

The problem arises when roaming with a dual-stack architecture and interoperating between Mobile IPv4 and Mobile IPv6. "As soon as you do that, you introduce a kind of NAT," said Ladid. "That change breaks security, as the IP addresses are the identifiers, and as soon as you touch them, IPSec breaks down." This is a grave concern in the light of the "always on" connectivity model being promoted, which leaves the handheld device open to hacking.

Another problem, according to Patil, is that over the last few months, the IETF has realized that IPSec doesn't scale as well as originally thought. "As a result, the IETF has stepped back and decided to reengineer this thing and make a solution that's actually deployable and not just something that works in theory," he said.

For Mobile IPv6, that means some major surgery on the way the protocol has been done. "The good part is, that the IETF has identified that this is work that needs to be done as soon as possible, and they've appointed two area directors Erik Nordmark from Sun Microsystems and Thomas Narten from IBM Corp. to essentially shepherd progress," said Patil.

So far, the group has decided that trying for a mobile security solution that's unbreakable isn't really feasible. "We originally looked at PKI private key infrastructure, but the feeling now is that the global PKI will not happen any time soon, and if you have a protocol that relies on this, you essentially will put it in a deadlock situation," said Patil.

Options being considered instead, include purpose-built keys, which don't rely on PKI. "These can generate asymmetric keys on the fly," Patil noted, "and can still potentially verify these because of the fact that you have a home agent in the network."

It must be noted however, that the goal of IP security is simply to prevent an IP session from being hijacked and from having packets routed. Applications like m-commerce run at higher layers on the stack, on top of secure sockets layer (SSL) or transport-layer security (TLS). The m-commerce application in the personal digital assistant will take care of ID and authentication procedures.

"Thanks to SSL and TLS, even if packets are rerouted, that information is useless to them," said Patil. "However, security is still the most important item to get finished before the next IETF meeting in London in August. We won't put it out without security having been solved," he said.

The next step, said Patil, is to get solutions out the door to get interoperability issues taken care of, with an RFC expected to be done by October.

IPv6 implementations
There are a number of IPv6 implementations running, such as the 6-Bone project (http://6bone.net), comprising an all-IPv6 backbone for test purposes.

Worldcom Inc. also has its own IPv6 network, called very high-performance backbone network service (VBNS). According to Vint Cerf, senior vice president of Internet architecture and technologies at Worldcom, "we're offering IPv6, though there aren't a lot of takers-other than those who are interested in IPv6 as a forward-looking opportunity. However," he added, "we've been listening with some interest to the 3G groups and their plans."

Code lag
The problem, as Cerf perceives it, is that there isn't enough code being developed for interoperability testing. "Cisco has produced IPv6 code, and we've been running their software for some time now. However, Juniper has not yet done so, and I'm not sure they've committed to doing it yet. My view is they will be persuaded as more and more vendors say they need that capability."

Cerf sees the pressure coming when the number of IPv6 devices increases on the network, as they'll need to be serviced. Then he predicts a mass, industrywide push to get IPv6 implemented. "We're trying to stay ahead of the game by getting as much of that work as possible with the VBNS network, but we haven't yet deployed that-into our UUNet backbone for example-and probably won't do that until there's a significant customer demand."

Another motivating factor for IPv6 is that it has greatly simplified the features in IPv4, which allows the protocol to run much faster. "This is important," Cerf said, "as we're all migrating upward in terms of bandwidth to the backbone and the net. The higher the speeds that we have to go, the more the simplified headers help. So IPv6 has been fashioned with that in mind."

Though Cerf believes the biggest barrier is the lack of production-ready code from vendors, that'll be solved when the ISPs insist on it. "That'll happen when there are a bunch of devices that can't be supported any other way. I'm seeing 2002 as being probably the year that we really get busy on this stuff." The only technical hurdles Cerf anticipates have to do with integrating IPv6 into pre-existing protocols, and dealing with the potential scaling effects likely to confront the network from having a very large number of terminations.

However, according to Ladid, tackling those issues, especially from the wireless side, is not so easy. "This concept mobile IP is new and driven by the non-IP world telecom, and no one knows really what wireless IP really means," he said.

According to Ladid, "You have to get this person who understands-in an expert way-the concepts of wireless and IP (IPv6 in this case). We don't have many of those around the world-they still have to be born. Some within the IETF will make it happen-though some mistakes will be made along the way."