- Firewall and VPN Concerns
- IPv6 WAN Types
- Address Format
- IPv6 Subnetting
- Special IPv6 Subnets
- Neighbor Discovery
- Router Advertisements
- Address Allocation
- IPv6 and NAT
- IPv6 and pfSense
- Controlling IPv6 Preference for traffic from the firewall itself
Around the world, the availability of new IPv4 addresses is declining. The amount of free space varies by region, but some have already run out of allocations and others are rapidly approaching their limits. As of January 31, 2011, IANA allocated all of its space to regional internet registries (RIRs). In turn, these RIR allocations have run out in some locations such as APNIC (Asia/Pacific), RIPE (Europe), and LACNIC (Latin America and Caribbean) for /8 networks. Though some smaller allocations are still available, it is increasingly difficult to obtain new IPv4 address space in these regions. ARIN (North America) ran out on September 24th, 2015.
To account for this, IPv6 was created as a replacement for IPv4. Available in some forms since the 1990s, factors like inertia, complexity, and the cost of developing or purchasing compatible routers and software has slowed its uptake until the last few years. Even then, it’s been rather slow with only 8% of Google users having IPv6 connectivity by July 2015.
Over the years, support for IPv6 in software, operating systems, and routers has improved so the situation is primed to get better. Still it is up to ISPs to start delivering IPv6 connectivity to users. It’s a catch-22 situation: Content providers are slow to provide IPv6 because few users have it. Meanwhile, users don’t have it because there isn’t a lot of IPv6 content and even less content available only over IPv6. Users don’t know they need it so they don’t demand the service from their ISPs.
Some providers are experimenting with Carrier Grade NAT (CGN) to stretch their IPv4 networks farther. CGN places their IPv4 residential customers behind another layer of NAT further breaking protocols that already don’t deal with one layer of NAT. Mobile data providers have been doing this for some time, but the applications typically found on mobile devices aren’t affected since they work as if they’re behind a typical SOHO router style NAT. While solving one problem, it creates others as observed when CGN is used as a firewall’s WAN, when tethering on a PC, or in some cases attempting to use a traditional IPsec VPN without NAT-T, or PPTP. ISPs employing CGN should be used only if there is no other choice.
There are many books and web sites available with volumes of in-depth information on IPv6. The Wikipedia article on IPv6, http://en.wikipedia.org/wiki/IPv6, is a great resource for additional information and links to other sources. It’s worth using as a starting point for more information on IPv6. There are also many good books on IPv6 available, but be careful to purchase books with recent revisions. There have been changes to the IPv6 specification over the years and it’s possible that the material could have changed since the book’s printing.
Hangouts Archive to view the July 2015 Hangout on IPv6 Basics