Internet Protocol version 6 (IPv6) is the next-generation Internet protocol version, or, the protocol of the next generation Internet. IPv6 was first developed due to IPv4 address depletion. Because insufficient IPv4 address space restricted the Internet development, IPv6 was introduced to expand the address space. Using 128-bit addresses, IPv6 provides a much larger address space than IPv4. Estimated conservatively, more than 1000 IPv6 addresses are assignable on each square meter of the Earth's surface. IPv6 eliminates the address depletion problem and provides better solutions to end-to-end IP connections, service quality, security, multicast, mobility, plug-and-play, and other features. Hence, IPv6 has wide application prospects.
At present, most IPv6-capable local area networks (LANs) support IPv4/IPv6 dual stack access. Terminals in such a LAN obtain their IPv6 addresses through stateless address configuration or the Dynamic Host Configuration Protocol (DHCP).
IPv6 stateless address configuration is based on the IPv6 Neighbor Discovery Protocol (NDP). IPv6 NDP uses five types of ICMPv6 messages to perform functions such as address resolution, neighbor reachability detection, duplicate address detection, router discovery, prefix discovery, address autoconfiguration, and redirection. IPv6 stateless address configuration does not authenticate the requesting terminals.
Designed for IPv6 addressing, the Dynamic Host Configuration Protocol for IPv6 (DHCPv6) assigns a requesting terminal an IPv6 address and other configuration parameters. DHCP address allocation does not authenticate the requesting terminals.
When a terminal configured with IPv4 and IPv6 addresses intends to access the network, the IPv4 address needs to pass portal authentication, whereas the IPv6 address can lead the terminal to the external network through a distribution layer device without any authentication. In addition, IPv4 authentication is unrelated to the IPv6 protocol stack.
Hence, existing IPv4/IPv6 dual stack access methods do not authenticate IPv6 address allocation and network access, that is, they lack effective control over IPv4/IPv6 dual stack access.