Resources for IT Professionals

The Cable Guy – July 2001

The Cable Guy – July 2001

Using IPv6 Today

Updated: January 10, 2007

cable_guy

For a list and additional information on all The Cable Guy columns, click here.

By using the IPv6 transition technologies of 6to4 and the Intra-Site Automatic Tunnel Addressing Protocol (ISATAP), IPv6/IPv4 nodes can communicate across private IPv4 intranets and the IPv4 Internet through IPv4-encapsulated IPv6 traffic. When 6to4 and ISATAP are used together, 6to4 provides the first 64 bits of the address (the subnet prefix) and ISATAP provides the last 64 bits of the address (the interface ID).

You can use 6to4 and ISATAP to experiment with IPv6, and begin modifying and testing your applications to operate over both IPv4 and IPv6, without having to wait for the conversion of your intranet or the entire Internet to native IPv6 support.

On This Page

IPv6 Overview
6to4
6to4 Support in Windows XP and Windows Vista
ISATAP
Additional Resources

IPv6 Overview

IPv6 is the replacement for the aging IPv4 protocol, currently in use across the world in TCP/IP-based networks such as intranets and the Internet. IPv6 is not a compatible superset of IPv4, but a replacement for it. An IPv4-only node cannot receive an IPv6-only packet and an IPv6 node cannot receive an IPv4 packet. Host systems that communicate with IPv6 must use an implementation of it. Typical hosts in the near future will be IPv6/IPv4 hosts, using an implementation of both protocols.

A common misconception is that IPv6 cannot be used until IPv6 forwarding is supported by the end-to-end infrastructure, which includes the local intranet of the source host, the Internet (from the local Internet service provider [ISP], to the backbone, and then to the ISP of the destination), and the intranet of the destination host. This is incorrect. In fact, the designers of IPv6 went to great lengths to ensure that it would work from end-to-end, even if it were separated by an infrastructure that did not support the forwarding of native IPv6 packets.

When the end-to-end infrastructure is an IPv4 internetwork, IPv6 treats the IPv4 internetwork as a link layer. IPv6 packets are encapsulated with an IPv4 header and sent from a reachable IPv4 source to a reachable IPv4 destination. There are several transition technologies designed to facilitate the communication of IPv6/IPv4 nodes across an IPv4 infrastructure, including 6to4 and the Intra-Site Automatic Tunnel Addressing Protocol (ISATAP).

An IPv6 address is 128 bits long and, for unicast IPv6 addresses currently in use assigned to interfaces, consists of a subnet identifier (the high order 64 bits) and an interface identifier (the low order 64 bits). 6to4 uses a public IPv4 address to create the 64-bit subnet identifier portion for an IPv6 address. ISATAP uses a locally assigned IPv4 address (public or private) to create a 64-bit interface identifier.

In both cases, IPv4 addresses embedded in portions of the IPv6 address provide the information required to determine the source and destination addresses in the encapsulating IPv4 header (when the IPv6 packet is sent across an IPv4 infrastructure).

Top of page

6to4

6to4 is an address assignment and router-to-router automatic tunneling technology that is used to provide unicast IPv6 connectivity between IPv6 sites and hosts across the IPv4 Internet. 6to4 is described in RFC 3056. 6to4 hosts do not require any manual configuration and create 6to4 addresses through standard IPv6 address autoconfiguration mechanisms. 6to4 routers, however, require additional processing logic for encapsulation and decapsulation and, depending on the implementation, might require additional configuration.

6to4 creates a global address prefix from a public IPv4 address. IPv6 global addresses have the following form:

[Global Site Prefix]:[Subnet ID]:[Interface ID]

Global Site Prefix identifies an organization’s site, Subnet ID identifies a subnet within an organization’s site, and Interface ID identifies a specific interface on a subnet.

6to4 uses the global address prefix 2002:WWXX:YYZZ::/48, where 2002::/16 is reserved for 6to4 addresses and WWXX:YYZZ corresponds to the colon-hexadecimal representation of a public IPv4 address (w.x.y.z) assigned to the host or site. The full address of a 6to4 node is 2002:WWXX:YYZZ:[Subnet ID]:[Interface ID].

Within an IPv6 intranet, local IPv6 routers advertise a 2002:WWXX:YYZZ:[Subnet ID]::/64 prefix so that hosts can create an autoconfigured 6to4 address. 64-bit prefix routes within the IPv6 intranet are used to deliver traffic between 6to4 hosts on separate subnets. Additionally, a 2002::/16 route is used to tunnel IPv6 traffic to other 6to4 hosts outside the intranet. All 6to4 traffic that does not belong within the site is forwarded by the routing infrastructure to the 6to4 router on the border of the IPv6 intranet.

6to4 traffic for another site, received by the 6to4 router, is encapsulated in an IPv4 header and sent to the destination IPv4 address, which corresponds to the public IPv4 address embedded in the Global Routing Prefix portion of the destination IPv6 address.

After 6to4 traffic is received by the IPv4 destination (a 6to4 router), it is decapsulated and forwarded to the appropriate node by the routing infrastructure of the destination IPv6 intranet.

RFC 3056 defines the following terms (see the figure in the "6to4 Support in Windows XP and Windows Vista" section):

6to4 host
An IPv6 host that is configured with at least one 6to4 address.
6to4 router
An IPv4/IPv6 router that forwards 6to4-addressed traffic between 6to4 hosts within a site and other 6to4 routers (or 6to4 relay routers) on an IPv4 internetwork, such as the Internet.
6to4 relay router
An IPv4/IPv6 router that forwards 6to4-addressed traffic between 6to4 routers and hosts on the IPv6 Internet.

When you use 6to4 hosts, an IPv6 routing infrastructure within 6to4 sites, a 6to4 router at site boundaries, and a 6to4 relay router, the following types of communication can occur:

A 6to4 host can communicate with another 6to4 host within the same site.
This type of communication is available through the IPv6 routing infrastructure, which provides reachability to all hosts within the site.
A 6to4 host can communicate with 6to4 hosts in other sites across the IPv4 Internet.
This type of communication occurs when a 6to4 host forwards IPv6 traffic that is destined to a 6to4 host in another site to the local site 6to4 router. The local site 6to4 router encapsulates the IPv6 traffic with an IPv4 header and sends it to the 6to4 router at the destination site on the Internet. The 6to4 router at the destination site removes the IPv4 header and forwards the IPv6 packet to the appropriate 6to4 host.
A 6to4 host can communicate with hosts on the IPv6 Internet.
This type of communication occurs when a 6to4 host forwards IPv6 traffic that is destined for an IPv6 Internet host to the local site 6to4 router. The local site 6to4 router encapsulates the IPv6 traffic with an IPv4 header and sends it to a 6to4 relay router that is connected to both the IPv4 Internet and the IPv6 Internet. The 6to4 relay router removes the IPv4 header and forwards the IPv6 packet to the appropriate IPv6 Internet host.

All of these types of communication use IPv6 traffic without the requirement of obtaining either a direct connection to the IPv6 Internet or an IPv6 global address prefix from an ISP.

Top of page

6to4 Support in Windows XP and Windows Vista

Support for a 6to4 host and router is provided by the 6to4 service that is included with the IPv6 protocol for Windows XP (Service Pack 1 or Service Pack 2) and Windows Vista. The 6to4 service:

Automatically configures 6to4 addresses on a 6to4 tunneling interface for all public IPv4 addresses that are assigned to the computer.
Automatically creates a 2002::/16 route that forwards all 6to4 traffic over the 6to4 tunneling interface. All traffic forwarded by this host to 6to4 destinations is encapsulated with an IPv4 header.
Automatically performs a Domain Name System (DNS) query to obtain the IPv4 address of a 6to4 relay router on the Internet.

Any host that is running the IPv6 protocol for Windows XP and Windows Vista and is configured with an IPv4 public address is automatically configured as a 6to4 host. A 6to4 host can perform its own tunneling and reach 6to4 hosts on the Internet, 6to4 hosts in other sites, or hosts on the IPv6 Internet.

Additionally, if Internet Connection Sharing (ICS) is enabled on an interface that is assigned a public IPv4 address, the 6to4 service:

Enables IPv6 forwarding on the private interface.
Sends Router Advertisement messages that contain a 6to4 address prefix based on the public IPv4 address of the public interface. The Subnet ID in the 6to4 address prefix is set to the interface index of the interface on which advertisements are sent.

By enabling ICS, you can use a computer running the IPv6 protocol for Windows XP and Windows Vista as a 6to4 router, which is capable of encapsulating and forwarding 6to4 traffic to other 6to4 hosts or sites on the Internet. Additionally, it is also capable of forwarding IPv6 Internet traffic to a 6to4 relay router on the Internet.

Each site uses a computer running Windows XP or Windows Vista with ICS enabled on the public interface to create a 6to4 router. Host computers running Windows XP or Windows Vista on private network segments receive the Router Advertisement message that is sent by their site's 6to4 router and contains a 6to4 address prefix. As the result, two 6to4 hosts in separate sites can communicate by using 6to4 addresses over the Internet.

The result of using the 6to4 service is shown in the following figure.

cg070101

See full-sized image.

By using the 6to4 service, computers running Windows XP or Windows Vista can communicate with 6to4 hosts in other sites across the Internet (6to4 host A and 6to4 host B), with 6to4 hosts connected to the Internet (6to4 host A and 6to4 host C), and with hosts on the IPv6 Internet.

Note: Neither ICS nor the 6to4 service is performing network address translation on the IPv6 packets that are being forwarded. ICS is only providing network address translation for IPv4 packets. The 6to4 service uses the ICS configuration to determine the public IPv4 address and the public interface.

Top of page

ISATAP

ISATAP is an address assignment and host-to-host, host-to-router, and router-to-host automatic tunneling technology that is used to provide unicast IPv6 connectivity between IPv6 hosts across an IPv4 intranet. ISATAP is described in RFC 4214.

ISATAP can be used for communication between IPv6/IPv4 nodes on an IPv4 network. ISATAP addresses use the locally administered interface identifier ::0:5EFE:w.x.y.z where:

The 0:5EFE portion identifies an ISATAP interface ID.
The w.x.y.z portion is any unicast IPv4 address, which includes both public and private addresses.

The ISATAP interface identifier can be combined with any 64-bit prefix (including 6to4 prefixes) for IPv6 unicast addresses.

ISATAP Support in Windows XP and Windows Vista

By default, the IPv6 protocol for Windows XP and Windows Vista automatically configures the ISATAP address of FE80::5EFE:w.x.y.z on an IASTAP interface (known as the Automatic Tunneling Pseudo-Interface in Windows XP) for each IPv4 address that is assigned to the node. This ISATAP address, based on the link-local prefix of FE80::/64, allows two hosts to communicate over an IPv4 network by using each other's link-local ISATAP addresses.

The use of link-local ISATAP addresses allows IPv6/IPv4 hosts on an IPv4 intranet to communicate with each other, but not with other IPv6 hosts that are outside of the site. To communicate with IPv6 hosts that are outside of the site, the following additional configuration is required:

A host must receive a router advertisement from a router, typically the site border router that contains a global address prefix.
A host must have a default route that points to an ISATAP address that corresponds to the intranet interface of the site border router.

The site border router is the router between the intranet and the Internet or IPv6 Internet. A site border router can be a 6to4 router that is connected to the Internet. After receiving the router advertisement from the site border router, additional ISATAP addresses that are based on the global prefix are automatically configured.

For example, if the site is connected to the IPv6 Internet and a host (configured with the IPv4 address of 10.40.1.29) receives the global prefix of 2001:db8::/64 in a router advertisement, the ISATAP address of 2001:db8::5EFE:10.40.1.29 is automatically configured. Without a global address prefix and an IPv6 Internet connection, a site can use a 6to4-based global address prefix, connecting through the IPv4 Internet to other 6to4 sites, 6to4 hosts, and the IPv6 Internet. If the site is using the 6to4 address prefix of 2002:836B:1:5::/64 (based on the public address of 131.107.0.1 and a Subnet ID of 5), the ISATAP address of 2002:836B:1:5:0:5EFE:10.40.1.29 is automatically configured.

The following figure shows two ISATAP hosts communicating across the Internet even when each site is using the 192.168.0.0/16 private address space internally. Two hosts using the same IPv4 address in separate sites might have the same ISATAP-derived interface ID, but they still have globally unique IPv6 addresses because of the unique subnet ID that is based on a unique IPv4 public address.

cg070102

See full-sized image.

When ISATAP host A sends an IPv6 packet to ISATAP host B, the source address is 2002:9D36:1:5:0:5EFE:192.168.12.9, and the destination address is 2002:836B:1:5:0:5EFE:192.168.41.30. For Part 1 of the packet's trip from ISATAP host A to ISATAP host B, ISATAP host A encapsulates the IPv6 packet with an IPv4 header that is addressed from 192.168.12.9 to 192.168.204.1 (the IPv4 address of 6to4 router A's private interface). For Part 2, 6to4 router A removes the Part 1 IPv4 header and adds a new IPv4 header that is addressed from 157.54.0.1 (6to4 router A's public interface) to 131.107.0.1 (6to4 router B's public interface). For Part 3, 6to4 router B removes the Part 2 IPv4 header and adds a new IPv4 header that is addressed from 192.168.39.1 (6to4 router B's private interface) to 192.168.41.30 (ISATAP host B).

Top of page

Additional Resources

For more information about Microsoft support for IPv6, consult the following resources:

For any questions or feedback regarding the content of this column, please write to Microsoft TechNet.

For a list and additional information on all The Cable Guy columns, click here.

Top of page