Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

IPv6 will allow them to track you down. Not!

Andrew Sullivan, Principal Architect, Dyn | Jan. 2, 2014
Everyone from marketers to law enforcement officials seem to hold the same misconception that IPv6 is going to make it possible to expose people in a way that IPv4 does not.

There has been a surge of questions of late regarding IPv6 and whether it can be used to better identify individuals on the Internet.  Everyone from marketeers to law enforcement officials seem to hold the same misconception that IPv6 is going to make it possible to expose people in a way that IPv4 does not.

It is true that IPv6 will change addressing on the Internet.  Many of us hope it restores the ability to identify an actual network endpoint -- a feature that we lost a number of years ago in IPv4.  But some appear to be imagining a future where each machine has its very own address, and that these addresses will be easily traced whenever a person visits a website, plays a game online, or even opens an email.  

In fact, IPv6 actually has features that are designed to foil these sorts of plans. Also, because of the enormous IPv6 address space, it's rather unlikely that a single machine will have a single IPv6 address.

To make sense of the discussion, we need some history.  

As the world started to run out of IPv4 addresses (which is some time ago now), two things happened. First, we changed the way that addresses were given out, so that fewer addresses would be allocated at a time. Second, NAT (Network Address Translation) was invented.

A NAT is a mechanism where one network address is mapped to another address. For example, in your home network you might have a cable modem. It probably has one "public" IPv4 address: an address that is routable on the Internet. You probably have some sort of gateway or router (like a wireless access point). That gateway gives out addresses to your tablet, your phone, your Xbox, and so on. Each of these devices gets an address, usually one from a special "private" range specified in RFC 1918.

When one of your devices wants to connect to a service on the Internet, the gateway takes the connection to the device, remembers the private address for it, and connects to the Internet service using the public address.  The gateway translates between the private address and the public one, keeping track so that the different devices can all use the same public address.  So each device in your network has its own address, but as far as the rest of the Internet is concerned they're all at the same address.  You don't have to use NAT this way, but it's a common way to use it.  

As IPv4 addresses get more scarce, NATs are getting larger. We have a NAT in our office. Some ISPs are now running what are called "carrier grade" or "large scale" NAT so there can be hundreds or thousands of machines behind a single address. And unlike the household case above, those "hidden" nodes often have no relation to one another.  So yes, in most networks today, it's difficult to identify someone by their address.


1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.