Internet Protocol Version 6 (IPv6) and Internet Communication
Applies To: Windows Server 2003 with SP1
This section provides information about:
An introduction to the IPv6 protocol
The benefits of the IPv6 protocol
How the IPv6 protocol can be used across the Internet
How to control the IPv6 protocol to limit the flow of information to and from the Internet
How to monitor and troubleshoot the IPv6 protocol after configuration is complete
An Introduction to the IPv6 Protocol
The current version of the Internet Protocol (known as IP version 4 or IPv4) has not been substantially changed since 1981, when the Internet Engineering Task Force (IETF) published the definitive specification of IP (RFC 791). IPv4 has proven to be robust, easily implemented, and interoperable. It has stood the test of scaling an internetwork to a global utility the size of today's Internet, which is a tribute to the protocol’s initial design.
The initial design, however, did not anticipate the exponential growth of the Internet and the exhaustion of the IPv4 address space, or the effort required to maintain routing information. Because of the way in which IPv4 network IDs are allocated, there are routinely over 70,000 routes in the routing tables of Internet backbone routers. Most current IPv4 implementations are configured either manually or through a stateful address configuration protocol such as the Dynamic Host Configuration Protocol (DHCP). With more computers and devices using IP, there is a need for a simpler and more automatic configuration of addresses and other configuration settings that do not rely on the administration of a DHCP infrastructure.
Another factor driving the development of IPv6 is the need for improved security. Private communication over a public medium like the Internet requires encryption services that protect the data sent from being viewed or modified in transit. There is a standard for providing security for IPv4 packets (known as Internet Protocol security or IPSec). In IPv4, however, this standard is optional and proprietary solutions are prevalent. In IPv6, IPSec support is required.
To address these concerns, the IETF has developed a suite of protocols and standards known as IP version 6 (IPv6). This new version incorporates the concepts of many proposed methods for updating the IPv4 protocol.
For the latest set of RFCs and Internet drafts describing IPv6 and IPv4 coexistence and migration technologies, see the Internet Engineering Task Force (IETF) Web site at:
https://go.microsoft.com/fwlink/?LinkId=29136
(Web addresses can change, so you might be unable to connect to the Web site or sites mentioned here.)
Benefits and Purposes of the IPv6 Protocol
An IPv6 address is four times as large as an IPv4 address. The global addresses used on the IPv6 portion of the Internet are designed to create an efficient, hierarchical, and summarized routing infrastructure that addresses the common occurrence of multiple levels of Internet service providers. On the IPv6 Internet, the backbone routers have an efficient and hierarchical addressing and routing infrastructure that uses smaller routing tables.
IPv6 supports both stateful address configuration (such as address configuration in the presence of a DHCP server) and stateless address configuration (address configuration in the absence of a DHCP server). The support for IPSec is an IPv6 protocol suite requirement. This requirement provides a standards-based solution for network security needs and promotes interoperability between different IPv6 implementations.
The new format of the IPv6 header is designed to minimize header validation and processing. In addition, a new field in the IPv6 header helps to define how traffic is handled and identified for quality of service delivery.
IPv6 can be extended for new features by adding extension headers after the IPv6 header. Unlike the IPv4 header, which can only support 40 bytes of options, the size of IPv6 extension headers is only constrained by the size of the IPv6 packet.
The new Neighbor Discovery protocol in IPv6 is a series of Internet Control Message Protocol for IPv6 (ICMPv6) messages that manage the interaction of neighboring nodes. Neighbor Discovery replaces Address Resolution Protocol (ARP), ICMPv4 Router Discovery, and ICMPv4 Redirect messages with efficient multicast and unicast messages.
The following table compares the key features of the IPv4 and IPv6 protocols.
Comparison of Features in IPv4 and IPv6
IPv4 | IPv6 |
---|---|
Source and destination addresses are 32 bits (4 bytes) in length. |
Source and destination addresses are 128 bits (16 bytes) in length. |
IPSec support is optional. |
IPSec support is required. |
No identification of packet flow for Quality of Service (QoS) handling by routers is present within the IPv4 header. |
Packet flow identification for QoS handling by routers is included in the IPv6 header using the Flow Label field. |
Fragmentation is done by both routers and the sending host. |
Fragmentation is not done by routers, only by the sending host. |
Header includes a checksum. |
Header does not include a checksum. |
Header includes options. |
All optional data is moved to IPv6 extension headers. |
Address Resolution Protocol (ARP) uses broadcast ARP Request frames to resolve an IPv4 address to a link layer address. |
ARP Request frames are replaced with multicast Neighbor Solicitation messages. |
Internet Group Management Protocol (IGMP) is used to manage local subnet group membership. |
IGMP is replaced with Multicast Listener Discovery (MLD) messages. |
ICMP Router Discovery is used to determine the IPv4 address of the best default gateway and is optional |
ICMP Router Discovery is replaced with ICMPv6 Router Solicitation and Router Advertisement messages and is required. |
Broadcast addresses are used to send traffic to all nodes on a subnet. |
There are no IPv6 broadcast addresses. Instead, a link-local scope all-nodes multicast address is used. |
Must be configured either manually or through DHCP. |
Does not require manual configuration or DHCP. |
Uses host address (A) resource records in the Domain Name System (DNS) to map host names to IPv4 addresses. |
Uses host address (AAAA) resource records in the Domain Name System (DNS) to map host names to IPv6 addresses. |
Uses pointer (PTR) resource records in the INADDR.ARPA DNS domain to map IPv4 addresses to host names. |
Uses pointer (PTR) resource records in the IP6.ARPA DNS domain to map IPv6 addresses to host names. |
For more information about Internet Protocol version 6, see the Microsoft Web site at:
https://go.microsoft.com/fwlink/?LinkId=29519
Using the IPv6 Protocol Across the IPv4 Internet
On networks that do not have native support for IPv6 traffic, the IPv6 traffic is transmitted on the network by encapsulating the IPv6 packets with an IPv4 header, a technique known as IPv6 tunneling. One IPv6 tunneling technology that provides IPv6 connectivity across the IPv4 Internet is 6to4.
For more information about 6to4, see "Connection of IPv6 Domains via IPv4 Clouds," in RFC 3056 on the IETF Web site at:
https://go.microsoft.com/fwlink/?LinkId=29898
(Web addresses can change, so you might be unable to connect to the Web site or sites mentioned here.)
If native IPv6 connectivity does not exist, a 6to4-capable computer makes a Domain Name System (DNS) query for 6to4 relay routers. By default, this DNS query is presently set to "6to4.ipv6.microsoft.com" and the response contains a well-known IPv4 anycast address. (An anycast address is one that identifies multiple nodes and interfaces.) As more 6to4 relay routers are added in the future, this address will be assigned to more computers that are owned by various Internet service providers (ISPs).
If the DNS query provides multiple addresses, the host selects an appropriate 6to4 relay router by sending an IPv6 packet to each one and choosing the one that responds first.
Note
6to4 tunneling is enabled when IPv6 services are not native to your network and there is an assigned public IPv4 Internet address.
The use of IPv6 in Microsoft Windows Server 2003 is currently supported only when IPv4 is also installed.
Controlling IPv6 Protocol Traffic
You can stop the ingress or egress of IPv6 traffic on your network by configuring your network firewalls to block all IPv6 packets. For 6to4 traffic, you can configure your firewalls to block all IPv4 packets that include the IPv6 protocol designation of 41 in the Protocol field of the IPv4 packet header.
The default settings for a member of the Users group do not permit those users to install networking protocols. You should limit who is allowed to install the IPv6 protocol stack on network computers by carefully limiting the number of users that have administrative logon credentials.
You can use the Active Directory directory service and Group Policy to filter and control the ability to add new networking protocols or modify existing networking configurations. For more information about these configuration methods, see Appendix B: Resources for Learning About Group Policy. For information about installing and uninstalling IPv6, see the list of procedures in the next subsection.
Procedures for Configuration of the IPv6 Protocol
Installing and uninstalling the IPv6 protocol stack can be done by using the Network Connections folder or the command prompt.
The following procedures tell how to find information about security in relation to IPv6 and describe installing and uninstalling the IPv6 protocol stack by using the Network Connections folder.
To Find Information About Security in Relation to IPv6
View updated product documentation for Windows Server 2003 products on the Web at:
In the table of contents, navigate as follows:
Network Services\Managing Core Network Services\IP Version 6\IPv6 Concepts\IPv6 Overview
View topics below “IPv6 Overview,” especially “Security information for IPv6.”
To Install IPv6 Using the Network Connections Folder
Click Start.
Either click Control Panel and then double-click Network Connections, or point to Settings, click Control Panel, and then double-click Network Connections.
Right-click any local area connection, and then click Properties.
Click Install.
In the Select Network Component Type dialog box, click Protocol, and then click Add.
In the Select Network Protocol dialog box, click Microsoft TCP/IP version 6.
To Uninstall IPv6 Using the Network Connections Folder
Click Start.
Either click Control Panel and then double-click Network Connections, or point to Settings, click Control Panel, and then double-click Network Connections.
Right-click any local area connection, and then click Properties.
Click Microsoft TCP/IP version 6 in the list of installed components, and then click Uninstall.
Restart the computer.
The following two procedures describe installing and uninstalling the IPv6 protocol stack from the command prompt.
To Install IPv6 on a Computer from the Command Prompt
To open a Command Prompt window, click Start, click Run, type cmd, and then click OK.
At the command prompt, type netsh interface ipv6 install, and then press ENTER.
To Uninstall IPv6 from a Computer from the Command Prompt
To open a Command Prompt window, click Start, click Run, type cmd, and then click OK.
At the command prompt, type netsh interface ipv6 uninstall, and then press ENTER.
Restart the computer.
Note
The IPv6 configuration procedures require that you have administrative credentials on the computer.
Monitoring and Troubleshooting the IPv6 Protocol
The following procedures describe ways to view TCP/IP configurations.
To Display the Complete List of TCP/IP Interface Configurations for a Computer from the Command Prompt
To open a Command Prompt window, click Start, click Run, type cmd, and then click OK.
At the command prompt, type ipconfig /all, and then press ENTER.
To Display the TCP/IP Routing Table from the Command Prompt
To open a Command Prompt window, click Start, click Run, type cmd, and then click OK.
At the command prompt, type route print, and then press ENTER.
Troubleshooting a Command-line Installation Error
The installation of the IPv6 protocol stack requires that you have administrative credentials. If you attempt to install the IPv6 protocol from the command line without having the required account credentials, the result is an "Access is denied" error (0x800700005).
Related Links
Web Resources
For more information about 6to4, see "Connection of IPv6 Domains via IPv4 Clouds," in RFC 3056 on the IETF Web site at:
For more information about IP version 6, see the Microsoft Web site at:
For information about security in relation to IPv6, see “To Find Information About Security in Relation to IPv6,” earlier in this white paper.
For more information about IPv6 addressing, see "Internet Protocol Version 6 (IPv6) Addressing Architecture" in RFC 3513 on the IETF Web site at:
For the latest set of RFCs and Internet drafts describing IPv6 standards, see “IP Version 6 Working Group (ipv6)” at the IETF Web site at:
For the latest set of RFCs and Internet drafts describing IPv6 transition technologies, see “Next Generation Transition (ngtrans)” at the IETF Web site at:
https://go.microsoft.com/fwlink/?LinkId=29215
(Web addresses can change, so you might be unable to connect to the Web site or sites mentioned here.)
Printed References
For more information about the IPv6 protocol suite, you can consult the following references.
Davies, J. Understanding IPv6. Redmond, WA: Microsoft Press, 2002.
Hagen, S. IPv6 Essentials. Sebastopol, CA: O'Reilly and Associates, Inc., 2002.