Why is my Address not Unique? Discovering Entropic issues in IPv6 Addresses

Session Number

CMPS 30

Advisor(s)

Dr. Dave Levin and Erik Rye, University of Maryland

Discipline

Computer Science

Start Date

17-4-2025 11:25 AM

End Date

17-4-2025 11:40 AM

Abstract

The Internet Protocol (IP) undergirds the modern Internet, providing addresses to network devices and routing data packets between them. The first widely adopted version, IP version 4 (IPv4) uses 32-bit addresses to identify unique hosts. While ~4 billion unique addresses seemed sufficient, the explosion of Internet-connected devices over the last twenty years has depleted the pool of available IPv4 addresses.

With the limited addresses remaining, a global shift to IP Version 6 (IPv6) is underway. IPv6 uses 128-bit addresses, providing a pool 296 times larger than IPv4. To ensure uniqueness, the last 64 bits or Interface Identifier (IID) must be sufficiently random. However, the collected addresses show that millions share the same IID.

This paper asks, why are there IIDs that repeat in the seemingly infinite address space? To answer this, we take addresses from the IPv6 Observatory and remove any that have insufficient entropy or deterministically generate their IID using the interface’s link layer address (Extended Unique Identifier-64) to find the source of this problem. From those entropic addresses, we examine allocation to Autonomous System Numbers (ASN) and identify affected Internet Service Providers (ISPs). Using routers from those ISPs, we discover why these random addresses are not random.

Share

COinS
 
Apr 17th, 11:25 AM Apr 17th, 11:40 AM

Why is my Address not Unique? Discovering Entropic issues in IPv6 Addresses

The Internet Protocol (IP) undergirds the modern Internet, providing addresses to network devices and routing data packets between them. The first widely adopted version, IP version 4 (IPv4) uses 32-bit addresses to identify unique hosts. While ~4 billion unique addresses seemed sufficient, the explosion of Internet-connected devices over the last twenty years has depleted the pool of available IPv4 addresses.

With the limited addresses remaining, a global shift to IP Version 6 (IPv6) is underway. IPv6 uses 128-bit addresses, providing a pool 296 times larger than IPv4. To ensure uniqueness, the last 64 bits or Interface Identifier (IID) must be sufficiently random. However, the collected addresses show that millions share the same IID.

This paper asks, why are there IIDs that repeat in the seemingly infinite address space? To answer this, we take addresses from the IPv6 Observatory and remove any that have insufficient entropy or deterministically generate their IID using the interface’s link layer address (Extended Unique Identifier-64) to find the source of this problem. From those entropic addresses, we examine allocation to Autonomous System Numbers (ASN) and identify affected Internet Service Providers (ISPs). Using routers from those ISPs, we discover why these random addresses are not random.