What IPv6 means for industrial Ethernet, part 2: Autoconfiguration, IPsec and EtherNet/IP

IPv6 enables simplified network management through stateless autoconfiguration.

IPv6 enables simplified network management through stateless autoconfiguration.

In our first entry about the implications of IPv6 for industrial automation and control systems, we looked at some specific differences between IPv4 and IPv6, beyond just the move from a 32- to 128-bit address space:

  • For starters, we examined how IPv6 has hierarchical addressing, meaning that it enables shorter routing tables and a more efficient routing backbone than IPv4.
  • The packet header is also condensed, with several fields from IPv4 combined into just a few in IPv6. This design contributes to faster packet processing.
  • Plus, IPv6 relies on prefixes rather than address classes, using them to control functions such as multicasting and anycasting.

This time, we'll wrap up our overview of the general benefits – compliance with IPSec, autoconfiguration etc. – of IPv6 for automated systems. After that, we'll start touching upon what IPv6 means for Ethernet solutions, including EtherNet/IP. As we've discussed before, EtherNet/IP is an increasingly popular industrial network predicated upon unmodified Ethernet infrastructure and the Common Industrial Protocol.

Where IPv6 outdoes IPv4: Autoconfiguration and IPSec conformance
IPv4 systems generally entail more extensive configuration than IPv6 counterparts. Since 1993 [1], IP addresses as well as information about Domain Name System servers have been obtained under IPv4 through the Dynamic Host Configuration Protocol. Similarly, setting up default gateways, network masks and hosts has required manual input from administrators.

IPv6 does contain a successor to the classic DHCP standard, known as DHCPv6, that enables this sort of stateful configuration, with maintenance of tables for dedicated servers. But, it also supports stateless autoconfiguration, which can be useful for networks that only need addresses to be unique and routable and don't require the use of any specific ones.

Under the latter arrangement, each IPv6 Network Interface Card, after it is initialized, automatically builds a link-local address. With Ethernet, the link-local address is usually derived from a Media Access Control address. After the uniqueness of that address is verified, the Ethernet-linked system can communicate with other IPv6 hosts on the link. Later on, the original automatically generated identifier may be appended to any global prefixes issued by ISPs, so that systems may communicate via the Internet.

"Stateless address autoconfiguration is a new concept with IPv6 [2]," observed François Donzé of HP in article for The Internet Protocol Journal. "It gives an intermediate alternative between a purely manual configuration and stateful autoconfiguration. In addition to ease of use with no dedicated server or relay, this mechanism removes problems … such as the mismatch between the [DHCP] server and the router (prefix topology) or the IPv4 need to readdress subnets that have outgrown their prefix. Moreover, automatic renumbering (prefix change) is also possible on nodes using stateless autoconfiguration."

For industrial Ethernet, IPv6 stateless autoconfiguration may not be applicable to fixed address networks, although it has benefits for ad hoc connections. Autoconfiguration is useful for address discovery as well as for situations in which it isn't necessary to use a DHCP server. It also helps with the shift toward mobile computing, with nodes needing to maintain connections while undergoing arbitrary changes in location. Stateless autoconfiguration may be used in tandem with DHCPv6.

Overall, it's worth noting that IPv6 addresses are four times as long as their IPv4 predecessors, which are already hard to manage manually. Improving their configuration while also simplifying network management is most welcome. Beyond autoconfiguration, IPv6 creates other opportunities to streamline industrial automation and control networks. For example, a lot of IPv4 traffic is secured with IPsec through IPsec VPN clients, although IPSec was defined for IPv6. Ultimately, IPv6 could obviate the need for these devices, since IPv6-enabled infrastructure can utilize end-to-end IPSec without the obstacle of Network Address Translation, which has helped extend the life of IPv4.

EtherNet/IP and the move to IPv6
Stepping back, the shift toward IPv6 in industrial settings has been driven less by IPv4 address depletion than the opportunity to obtain better performance as the Internet of Things comes into focus. EtherNet/IP systems in particular have already become an integral part of the IoT, with their usage of the Internet Protocol suite for all communications allowing for the rapid expansion of the connected world.

Given its unique, standards-based design, EtherNet/IP also allows for relatively simple transitions from IPv4 to IPv6. A common sequential workflow includes tunneling, followed by dual stack and translation:

  • Tunneling refers to small IPv6 implementations on top of the larger IPv4 network [3]
  • Dual stack involves running heterogeneous IPv4 and IPv6. Users are still in control of address translation, but a stateful address translator is not central to the system. Instead, on-site equipment is connected to a translation service from the ISP.
  • Finally, with translation, IPv6 traffic is converted to IPv4 through datagrams.

Although not every system is an EtherNet/IP one, this well defined process for supporting IPv6 even on a protocol originally designed for IPv4, like EtherNet/IP, gives a sense of what IPv6 can do for industrial Ethernet.

[1] http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_7-2/ipv6_autoconfig.html

[2] ibid.

[3] http://www.industrial-ip.org/en/industrial-ip/ethernet-ip/what-is-ipv6-and-how-to-use-it-in-your-manufacturing-network

Comments are closed.