Latif Ladid
Research Fellow, Secan-Lab, University of Luxembourg. Founder & President, IPv6 Forum; Founding Co-Chair, IEEE 5G World Forum, 3GPP PCG Board Member
The number of Internet Connected devices will cross the incredible total of 50 billion by 2025.
The connectivity fabric of IP is used to enable more and more efficient context exchange with a broader range of devices and things. Thus, results the Internet of Things.
Projected to increase device counts by orders of magnitude over the next few decades, IoT’s impact cannot be overstated. Already enabling a rich set of new capabilities in Smart Cities, Smart Grid, Smart Buildings, and Smart Manufacturing, IoT stands to transform virtually every part of modern life that automation or visibility may improve.
Figure 1: IoT growth
1.0 IoT connectivity: Wired and Wireless
No matter the precise forecast, the sheer tsunami of devices coming online in the next months, years, and decades ensures that the future is not exclusively, or even significantly, wired.
Wireless with its adaptability and ease will inevitably dominate the IoT landscape. Exactly which wireless technology or technologies will be used remains relatively unclear, as many new technologies are still emerging, while others are still early in the standards process.
The challenges IPv6 poses to high bandwidth wireless networks are well-known. However, low bandwidth links, like LPWAN (Low Power Wide Area Network), do require optimization and broadly adapt and adopt techniques like IPv6 header compression.
Clause 4.4 is describing the IETF technologies to adapt IPv6 to different constraint media. This problem is not specific to the use of IPv6 but due primarily to the scale of IoT deployment.
The following list summarizes the main different wireless technologies used for IOT:
- IEEE 802.15.4 [1] WPAN: The IEEE 802.15 TG4 was chartered to investigate a low data rate solution with multi-month to multi-year battery life and very low complexity. It is operating in an unlicensed, international frequency band. Potential applications are sensors, interactive toys, smart badges, remote controls, and home automation.
- IEEE 802.11 [19] WLAN (Wireless Local Area Network).
- LPWAN (Low Power and Wide Area Network).
- Cellular Networks (NB-IoT, 5G).
New PLC (Power Line Communications) technologies are also emerging like IEEE 1901.2a [i.2]. These technologies offer the capability to use the same wire for power supply and communication media.
2.0 Motivation for IPv6 in the IoT
2.1 Technical Motivation
2.1.1. Main driver
The main driver is probably the large address space that IPv6 is providing but it is not the only aspect: Auto‑configuration, security and flow identification bring huge advantages to IoT systems as well as being a future proof technology.
2.1.2 Addressability
Global, public, and private address space have been defined for IPv6; therefore, a decision has to be made regarding which type of IPv6 addressing scheme should be used. Global addressing means you should follow the Regional Internet Registries (RIR) policies (such as ARIN https://www.arin.net/policy/nrpm.html) to register an IPv6 prefix that is large enough for the expected deployment and its expansion over the coming years. This does not mean the address space allocated to the infrastructure has be advertised over the Internet allowing any Internet users to reach a given device.
The public prefix can be advertised if representing the entire corporation – or not – and proper filtering mechanisms are in place to block all access to the devices. On the other end, using a private address space means the prefix not be advertised over the Internet, but, in case there is a need for Business-to-Business (B2B) services and connectivity, a private address would lead to the deployment of additional networking devices known as IPv6-IPv6 NPT (Network Prefix Translation, IETF RFC 6296 [i.3]) gateways.
Once the IPv6 addressing structure (see IETF RFC 4291 [i.4] and IETF RFC 4193 [i.5]) and policies are well‑understood and a prefix is allocated to the infrastructure, it is necessary to structure the addresses according to the number of sites and endpoints that would connect to it. This is no different to what an ISP or a large enterprise has to perform.
Internal policies may be defined by the way an IPv6 address is assigned to an end device, by using a global or private prefix.
Three methods to set an IPv6 address on an endpoint are available:
- Manual configuration: This method is appropriate for headend and NMS servers that never change their address, but is inappropriate for millions of end-points, such as meters, because of the associated operational cost and complexity.
- Stateless auto configuration: This mechanism is similar to Appletalk, IPX, and OSI, meaning an IPv6 prefix gets configured on a router interface (interface of any routing device such as a meter in a mesh or PLC AMI network), which is then advertised to nodes attached to the interface. When receiving the prefix at boot time, the node can automatically set up its IPv6 address.
- Stateful auto configuration: Through the use of Dynamic Host Control Protocol for IPv6 (DHCPv6) Individual Address Assignment, this method requires DHCPv6 server and relay to be configured in the network. It benefits from strong security because the DHCPv6 process can be coupled with authentication, authorization, and accounting (AAA), plus population of Domain Name System (DNS) available for headend and NMS applications.
The list above is the minimum set of tasks to be performed, but as already indicated, internal policies and operational design rules should also be established. This is particularly true when considering security and management tasks such as registering IPv6 addresses and names in DNS and in NMSs or establishing filtering and firewalling across the infrastructure.
2.1.3 Security Mechanism
In the past, it was sometimes claimed that the use of open standards and protocols may itself represent a security issue, but this is overcome by the largest possible community effort, knowledge database, and solutions available for monitoring, analysing, and fixing flaws and threats – something a proprietary system could never achieve.
Said otherwise, a private network, IP-based architecture based on open standards has the best understood and remedied set of threat models and attack types that have taken place and have been remedied against, on the open Internet. This is the strongest negation of the now deprecated concept of “security by obscurity” that argues that the use of nonstandard networking protocols increases security and which is unanimously rejected by the network security expert community.
2.1.4 IP up to the end device/end to end principle
The past two decades, with the transition of protocols such as Systems Network Architecture (SNA), Appletalk, DECnet, Internetwork Packet Exchange (IPX), and X.25, showed us that such gateways were viable options only during transition periods with smaller, single-application networks. But proprietary protocol and translation gateways suffer from well-known severe issues, such as high capital expenditures (CapEx) and operating expenses (OpEx), along with significant technical limitations, including lack of end-to-end capabilities in terms of QoS, fast recovery consistency, single points of failure (unless implementing complex stateful failover mechanisms), limiting factors in terms of innovation (forcing to least common denominator), lack of scalability, vulnerability to security attacks, and more. Therefore, using IPv6 end to end (that is, IP running on each and every device in the network) will be, in many ways, a much superior approach for multiservice IoT networks.
See IETF RFC 3027 [i.21] as an example of protocol complications with translation gateways.
Table 1: Taking Advantage of IPv6 Network Services when deploying IoT
Network Services | Layers and Services | Benefits |
---|---|---|
Unique device’s addressing (Network Layer) | From IPv4 (32-bit address space, now deprecated at IANA) to IPv6 (128-bit address space), including multiple scopes (global, private, link)<td “>Multicast (Network layer) | Large address space able to cope with the IoT evolution. Private or public infrastructure |
Address auto-configuration (Network Layer) | Manual (IPv4/IPv6), stateless (IPv6) and stateful (DHCP for IPv4 and IPv6), Prefix Delegation (DHCPv6 PD) | Centralized or distributed address management. Additional DHCP options Zero Touch Provisioning |
Media independency (PHY & MAC layers) | IEEE 802.3 [i.31] Ethernet, IEEE 802.11 [i.19] Wi-Fi, IEEE 802.16 [i.33] WiMAX, IEEE 802.15.4g/e [i.20], [i.22] RF 6LoWPAN, IEEE 1901.2a [i.2] NB‑PLC 6LoWPAN Serial, ATM, FR, SONET/SDH | Media diversity for local and backhaul communications Smooth evolution over long lifetime period (see note) |
Routing (Network Layer) | Static, RIP, OSPF, E-IGRP, IS-IS, MP-BGP, RPL (IPv6 only) | Dynamic reactivity to communication and network device failures. Scalability of deployment |
Data Integrity and Confidentiality, Privacy (all layers) | Layer-2 (MAC specific), Layer-3 (IPSec IPv4/IPv6), Layer-4 (TCP/TLS, UDP/DTLS) and Layer-7 (application dependent authentication & Encryption) Packet filtering, Deep packet inspection (DPI), Intrusion Detection Service (IDS), Flow monitoring |
Multi layered secure networking |
IPv4/IPv6 multicast protocols: IGMP/MLD, PIM, MP-BGP | Scalable software upgrade, group commands | |
Quality of Services (QoS) | Specific MAC layers Class of Services (CoS), i.e. Ethernet, WiMAX IPv4/IPv6 QoS Differentiated Services architecture | Multi services field area networks Prioritization of data traffic Service Level Agreement |
Network Segmentation and isolation | Virtual Private Networks (Layer-3), i.e. IPSec VPN, VRF-Lite | Shared infrastructures but dedicated and isolated traffic paths for critical applications |
Time Distribution | Layer-3, i.e. Network Time Protocol version 4 (NTPv4) | Secure NTP4 for both IPv4 and IPv6 |
Management | DNS, IPFix, SNMP, CoAP, SSH, Telnet, XML/Netconf, etc. | Push and Pull management models Scalable end-point management |
NOTE: IPv6/6LoWPAN is the only IP protocol version defined for IEEE 802.15.4g/e [i.20], [i.22] and IEEE 1901.2 [i.2]. |
3.0 Conclusions
IPv6 can enable and sustain the growth rate of the IoT. It offers a future proof solution.
More and more SDOs (Standardization Development Organization) have decided to either transition to IPv6 or to develop new standards only based on IPv6. This is specifically the case for IoT related standards. 3GPP secretary and CTO of ETSI Adrian Scrase has already announced back in April 2019 the move from E.164 for Machine Type communication to IPv6 addressing for larger scale deployment of IoT.
IPv6 does not only enable the scalability required by the IoT but also provides enhancement from IPv4 in the field of mobility support, stateless address auto-configuration, support of constraint devices and security to mention only a few of them.