Arguments against disabling IPv6

Hello! Dorian again with a blog article regarding IPv6.

The main background of writing this blog post is that until now best practice says “If you aren’t using it, disable it! ” or our customers see lots of talk on message boards saying “Your Internet is slow? DisableIPv6! That’ll fix it! ” and they develop the wrong idea about what IPv6 does and how it works.

This way we’ve noticed that a lot of customers ask how they can disable IPv6 in the supported way. The answer to this Question is in KB929852 that shows ways to disable certain components, how to alter the in prefix policies or how to deactivate everything except the IPv6 loopback interface.

How to disable certain Internet Protocol version 6 (IPv6) components in Windows Vista, Windows 7 and Windows Server 2008

Even if this is the “supported” way to deactivate IPv6, Microsoft does not recommend that customers disable IPv6 if they are not planning to use it in the network. Please take into considerations that you “might” face issues or problems and that at some time after you open a Service Request we might need to request you to (re)enable IPv6 just to see if the problems were caused by the deactivation itself.

Some of this possible issues are:

When IPV6 is disabled via registry hacks in or via unbinding in the NIC bindings, UDP 389 ceases to respond. This behavior is a known behavior and is referenced briefly in kb 816103.

Be aware that the LDAP test over UDP may not work against domain controllers that are running Windows Server 2008. One reason for this can be that you have disabled IPv6 on the Domain Controller. To re-enable IPv6, set the value discussed in the article below to the default of "0".

What occurs here is that a check is performed to see what the maximum response can be and it calls into an API specific to IPv6 for the result. The return is a null value as the protocol is not enabled. There is a possibility that there may be an additional check included to see if more than one IP protocol is bound to the adapter, however our official stance on IPv6 is not to disable it on 2008 or later platforms.

Exchange 2007 recommended disabling IPv6 to fix an issue with Outlook Anywhere. The Exchange 2007 limitation was fixed in Exchange 2010. The customers that disabled IPV6 and later upgraded to Exchange 2010, then ran into issues because IPV6 was disabled.

Disabling IPv6 costs you money. There is no default GPO that allows IPv6 to be disabled. Depending on how it is disabled, re-enabling it can be challenging. We have several customers that heard this and decided to disable IPv6 in Vista, anyway. When Windows 7 rolled around, the same customers wanted to deploy DirectAccess, and began complaining how hard it was to find all the machines that had v6 disabled and get it re-enabled on those clients. Disabling v6 increased their management costs for very little benefit, and re-enabling IPv6 cost them again. Our goal is to help customers lower TCO, not raise it.

IPv6 is required by the Common Engineering Criteria. All Microsoft products for the enterprise should support IPv6. Future versions of our products may require it.

Additional Refferences:

The IPv6 Blog

Disabling IPv6 Doesn't Help (By Sean Siler)

The Argument against Disabling IPv6

It is unfortunate that some organizations disable IPv6 on their computers running Windows Vista or Windows Server 2008, where it is installed and enabled by default. Many disable IPv6-based on the assumption that they are not running any applications or services that use it. Others might disable it because of a misperception that having both IPv4 and IPv6 enabled effectively doubles their DNS and Web traffic. This is not true.

From Microsoft's perspective, IPv6 is a mandatory part of the Windows operating system and it is enabled and included in standard Windows service and application testing during the operating system development process. Because Windows was designed specifically with IPv6 present, Microsoft does not perform any testing to determine the effects of disabling IPv6.

If IPv6 is disabled on Windows Vista, Windows Server 2008, or later versions like Windows7 or Windows Server 2008 R2, some components will not function. Moreover, applications that you might not think are using IPv6—such as Remote Assistance, HomeGroup, DirectAccess, and Windows Mail—could be. Additionally the P2P APIs require IPv6, and those are public APIs. If IPv6 is disabled, programs that use the P2P APIs will break. This could impact application compatibility for third party apps.

Therefore, Microsoft recommends that you leave IPv6 enabled, even if you do not have an IPv6-enabled network, either native or tunneled.

Let’s think even further about the transition to IPv6 and the benefits of being IPv6 ready:

Customers CANNOT learn IPv6 in a weekend. They need time to roll this out, in a slow phased migration. This is what Microsoft has recommended from the beginning. If customers wait until the day their ISP says “Sorry, we’re out of IPv4 addresses !” to start thinking about IPv6, they are in deep trouble. Right now according to the NRO Less than 10% of IPv4 Addresses Remain Unallocated.

More info regarding this here:
Less than 10% of IPv4 Addresses Remain Unallocated, says Number Resource Organization                 

As of 30 September 2010 according to ARIN Stats we got only around 5% of the IPv4 Address Space left. Don’t fall behind, start your IPv6 planning now !

IPv6 Learning Roadmap now available (by Joe Davies)          

The IPv6 Learning Roadmap provides an organized and sequential list of Web and print resources that you can use to build your understanding of IPv6, starting with prerequisites and then adding level 100 (introductory), level 200 (intermediate), and level 300 (advanced) knowledge.

As a final conclusion:
IPv6 was designed to have no impact to the customer environment in production. No double queries, no DNS entries, no tunneling through the firewall, no performance degradation. If you feel like you have seen any of these and can provide data for troubleshooting, please feel free to open an incident with Microsoft so that we can discuss it.