Debunking the IPv6 Has More Security and QoS Myths

I thought that in the year 2011 …when the we’ve had so much talk about IPv6, lots of the smoke about what IPv6 is capable of and what it isn’t capable of would have cleared. Unfortunately not. Today I read this piece from CNET and I went “really? in this age, some major tech website still writes this kind of thing?”. Here are some of the claims they make about the new IPv6 ready DLink routers:

[a] “Enhanced network security: Plug in an IPv6-enabled D-Link router and the new security feature is automatically turned on.”

Exactly what new security feature are we talking about here? Just to clarify what has been done several times allover the web, even though implementation of IPsec is mandatory for IPv6, its usage is NOT and so IPv6 does not yield any new security benefits over IPv4. In fact, poorly managed, IPv6 is a security risk as it could completely bybass all that air-tight security you did for IPv4 on your network edge.

[b] “Increased network speeds and accessibility: As Web sites start to offer content over IPv6 and ISPs deploy IPv6 service, an IPv6-compliant router offers faster connection speeds and provides access to Web sites and applications that have transitioned. With its better design, IPv6 has integrated quality of service, so traffic is classified by voice, video, and data, and transported accordingly, resulting in faster network speeds.”

Puff!!!! Again, IPv6 doesn’t currently offer anything in QoS that IPv4 does not. And sorry to break it to you, but your connection speed is still going to depend upon how much bandwidth you have and not the IP version you are using.

To understand the source of this myth, look at the figure below which show the IPv4 header next to an IPv6 one. With respect to QoS, notice that:

  • The field responsible for QoS (specifically enables a packet to be marked for special treatment) in IPv4 was “ToS” ie Type of Service. This field is 8 bits long. In v6, the field was renamed to the more appropriate “Traffic Class” but same size and brings nothing new.
  • In IPv6, there is one new field … the “Flow Label” which is the source of this myth. The flow label in theory is meant to identify upper layer flows so that a router can identify upper layer flows without having to look beyong layer 3 (which could be time-consuming and slower). In reality, that field’s usage has not been defined and so it is currently unused. Therefore …right now, IPv6 offers nothing new to QoS that IPv4, thus making the assertion that IPv6 is faster false.

IPv4 and IPv6 Headers Compared

Even I used to propagate these myths which are based off of the original intentions of the IPv6 designers …but as time has gone on, we must do a reality check …the major benefit of IPv6 today is more address space and with that …maybe a return to the original end-to-end model of the Internet. Who know what cool innovations will result from that?