Internet Protocol Version 6 (IPv6) and Internet Communication (Windows Server 2003)

  • Article

Applies To: Windows Server 2003 with SP1

Internet Protocol Version 6 (IPv6)

This section provides information about:

  • An introduction to the IPv6 protocol

  • The benefits of the IPv6 protocol

  • How the IPv6 protocol communicates with sites on the Internet

  • How to control the IPv6 protocol to limit the flow of information to and from the Internet

  • How to monitor and troubleshoot the IPv6 protocol after configuration is complete

An Introduction to the IPv6 Protocol

The current version of the Internet Protocol (known as IP version 4 or IPv4) has not been substantially changed since 1981, when the Internet Engineering Task Force (IETF) published the definitive specification of IP (RFC 791). IPv4 has proven to be robust, easily implemented, and interoperable. It has stood the test of scaling an internetwork to a global utility the size of today's Internet, which is a tribute to its initial design.

The initial design, however, did not anticipate the exponential growth of the Internet and the exhaustion of the IPv4 address space, or the effort required to maintain routing information. Because of the way in which IPv4 network IDs are allocated, there are routinely over 70,000 routes in the routing tables of Internet backbone routers. Most current IPv4 implementations are configured either manually or through a stateful address configuration protocol such as the Dynamic Host Configuration Protocol (DHCP). With more computers and devices using IP, there is a need for a simpler and more automatic configuration of addresses and other configuration settings that do not rely on the administration of a DHCP infrastructure.

Another factor driving the development of IPv6 is the need for improved encryption. Private communication over a public medium like the Internet requires encryption services that protect the data sent from being viewed or modified in transit. There is a standard for providing security for IPv4 packets (known as Internet Protocol security or IPSec). In IPv4, however, this standard is optional and proprietary solutions are prevalent.

While standards for quality of service (QoS) exist for IPv4, real-time traffic support relies on the IPv4 Type of Service (TOS) field and the identification of the payload, typically using a User Datagram Protocol (UDP) or Transmission Control Protocol (TCP) port. Unfortunately, the IPv4 TOS field has limited functionality and has different interpretations. In addition, payload identification using a TCP or UDP port is not possible when the IPv4 packet payload is encrypted.

To address these concerns, the IETF has developed a suite of protocols and standards known as IP version 6 (IPv6). This new version, previously named IP-The Next Generation (IPng), incorporates the concepts of many proposed methods for updating the IPv4 protocol. IPv6 is intentionally designed for minimal impact on upper and lower layer protocols by avoiding the arbitrary addition of new features.

For the latest set of RFCs and Internet drafts describing IPv6 and IPv4 coexistence and migration technologies, see the Internet Engineering Task Force (IETF) Web site at:

https://go.microsoft.com/fwlink/?LinkId=29136

(Web addresses can change, so you might be unable to connect to the Web site or sites mentioned here.)

Benefits and Purposes of the IPv6 Protocol

The IPv6 header has a new format that is designed to minimize header validation and processing. An IPv6 address is four times larger than an IPv4 address. The global addresses used on the IPv6 portion of the Internet are designed to create an efficient, hierarchical, and summarized routing infrastructure that addresses the common occurrence of multiple levels of Internet service providers. On the IPv6 Internet, the backbone routers have an efficient and hierarchical addressing and routing infrastructure that uses smaller routing tables.

IPv6 supports both stateful address configuration, such as address configuration in the presence of a DHCP server, and stateless address configuration, or address configuration in the absence of a DHCP server. The support for IPSec is an IPv6 protocol suite requirement. This requirement provides a standards-based solution for network security needs and promotes interoperability between different IPv6 implementations. The new fields in the IPv6 header define how traffic is handled and identified.

Traffic identification, by using a Flow Label field in the IPv6 header, allows routers to identify and provide special handling for packets that belong to a flow. (A flow is a series of packets between a source and destination.) Because the traffic is identified in the IPv6 header, support for quality of service (QoS) can be easily achieved even when the packet payload is encrypted with IPSec.

The new Neighbor Discovery protocol for neighboring node interaction in IPv6 is a series of messages from the Internet Control Message Protocol for IPv6 (ICMPv6) that manage the interaction of neighboring nodes. Neighbor Discovery replaces Address Resolution Protocol (ARP), ICMPv4 Router Discovery, and ICMPv4 Redirect messages with efficient multicast and unicast messages.

IPv6 can be extended for new features by adding extension headers after the IPv6 header. Unlike the IPv4 header, which can only support 40 bytes of options, the size of IPv6 extension headers is only constrained by the size of the IPv6 packet.

The following table compares the key features of the IPv4 and IPv6 protocols.

Comparison of features in IPv4 and IPv6

IPv4 IPv6

Source and destination addresses are 32 bits (4 bytes) in length.

Source and destination addresses are 128 bits (16 bytes) in length.

IPsec support is optional.

IPsec support is required.

No identification of packet flow for QoS handling by routers is present within the IPv4 header.

Packet flow identification for QoS handling by routers is included in the IPv6 header using the Flow Label field.

Fragmentation is done by both routers and the sending host.

Fragmentation is not done by routers, only by the sending host.

Header includes a checksum.

Header does not include a checksum.

Header includes options.

All optional data is moved to IPv6 extension headers.

The Address Resolution Protocol (ARP) uses broadcast ARP Request frames to resolve an IPv4 address to a link layer address.

ARP Request frames are replaced with multicast Neighbor Solicitation messages.

The Internet Group Management Protocol (IGMP) is used to manage local subnet group membership.

IGMP is replaced with Multicast Listener Discovery (MLD) messages.

ICMP Router Discovery is used to determine the IPv4 address of the best default gateway and is optional.

ICMP Router Discovery is replaced with ICMPv6 Router Solicitation and Router Advertisement messages and is required.

Broadcast addresses are used to send traffic to all nodes on a subnet.

There are no IPv6 broadcast addresses. Instead, a link-local scope all-nodes multicast address is used.

Must be configured either manually or through DHCP.

Does not require manual configuration or DHCP.

Uses host address (A) resource records in the Domain Name System (DNS) to map host names to IPv4 addresses.

Uses host address (AAAA) resource records in the Domain Name System (DNS) to map host names to IPv6 addresses.

Uses pointer (PTR) resource records in the IN-ADDR.ARPA DNS domain to map IPv4 addresses to host names.

Uses pointer (PTR) resource records in the IP6.ARPA DNS domain to map IPv6 addresses to host names.

Links must support a 576-byte packet size (possibly fragmented).

Links must support a 1280-byte packet size (without fragmentation).

For more information about IP version 6, see the Microsoft Web site at:

https://go.microsoft.com/fwlink/?LinkId=29519

Overview: Using the IPv6 Protocol in a Non-Native IPv6 Environment

On networks that do not have native support for IPv6 traffic, the IPv6 traffic is transmitted on the network by encapsulating the IPv6 packets within IPv4 packet headers. One such method of transmission is referred to as 6to4 tunneling.

For more information about the 6to4 tunneling technique, see "Connection of IPv6 Domains via IPv4 Clouds," in RFC 3056 on the Internet Engineering Task Force (IETF) Web site at:

https://go.microsoft.com/fwlink/?LinkId=29898

(Web addresses can change, so you might be unable to connect to the Web site or sites mentioned here.)

How the IPv6 Protocol Communicates with Sites on the Internet

Although there are differences between the two protocol versions IPv4 and IPv6, their differences do not prevent them from coexisting or communicating on the IPv4 network.

If native IPv6 connectivity does not exist, a computer makes a Domain Name System (DNS) query for network relay routers that provide IPv6 service as part of the startup process. By default, this DNS query is presently set to "6to4.ipv6.microsoft.com" and the response contains a well-known IPv4 anycast address. (An anycast address is one that identifies multiple nodes and interfaces.) As more IPv6 relay routers are added in the future, this address will be assigned to more computers that are owned by various Internet service providers (ISPs).

If the DNS query provides multiple addresses, the host selects an appropriate relay router by sending an IPv6 packet to each one and choosing the one that responds first.

Note

6to4 tunneling is enabled when IPv6 services are not native to your network and there is a public IPv4 Internet address present on the network access point.

The use of IPv6 in the Microsoft Windows Server 2003 family is currently supported only when IPv4 is also installed.

Controlling the IPv6 Protocol to Limit the Flow of Information to and from the Internet

You can stop the ingress or egress of IPv6 traffic on your network by configuring your network firewall to block all IPv6-specific packets. When the 6to4 tunneling technique is used, you can configure your firewall to block all IPv4 packets that include the IPv6 protocol designation of 41 in the protocol field of the IPv4 packet header.

The default settings for a member of the computer users group do not permit those users to install networking protocols. You should limit who is allowed to install the IPv6 stack on network computers by carefully limiting the number of users that have administrative logon credentials.

You can use the Active Directory directory service and Group Policy to filter and control the user’s ability to add new networking protocols, or to modify existing networking configurations. For more information about these configuration methods, see Appendix B: Resources for Learning About Group Policy (Windows Server 2003). For information about installing and uninstalling IPv6, see the list of procedures in the next subsection.

Procedures for Configuration of the IPv6 Protocol

Installing and uninstalling the IPv6 protocol stack can be done by using the Network Connections folder or the command prompt.

The following two procedures describe installing and uninstalling the IPv6 protocol stack by using the Network Connections folder.

To Find Information About Security in Relation to IPv6

  1. View updated product documentation for Windows Server 2003 products on the Web at:

    https://go.microsoft.com/fwlink/?linkid=29881

  2. In the table of contents, navigate as follows:

    Network Services\Managing Core Network Services\IP Version 6\IPv6 Concepts\IPv6 Overview

  3. View topics below “IPv6 Overview,” especially “Security information for IPv6.”

To install IPv6 using the Network Connections folder

  1. Click Start.

  2. Either point to Control Panel and then double-click Network Connections, or point to Settings, click Control Panel, and then double-click Network Connections.

  3. Right-click any local area connection, and then click Properties.

  4. Click Install.

  5. In the Select Network Component Type dialog box, click Protocol, and then click Add.

  6. In the Select Network Protocol dialog box, click Microsoft TCP/IP version 6.

To uninstall IPv6 using the Network Connections folder

  1. Click Start.

  2. Either point to Control Panel and then double-click Network Connections, or point to Settings, click Control Panel, and then double-click Network Connections.

  3. Right-click any local area connection, and then click Properties.

  4. Click Microsoft TCP/IP version 6 in the list of installed components, and then click Uninstall.

The following two procedures describe installing and uninstalling the IPv6 protocol stack by using the command prompt.

To install IPv6 on a computer using the command prompt

  1. To open a command prompt, click Start, click Run, type cmd, and then click OK.

  2. Type netsh interface ipv6 install, and then press ENTER.

To uninstall IPv6 from a computer using the command prompt

  1. To open a command prompt, click Start, click Run, type cmd, and then click OK.

  2. Type netsh interface ipv6 uninstall, and then press ENTER.

Note

The IPv6 configuration options require that you have administrative credentials on the computer.

Monitoring and Troubleshooting the IPv6 Protocol

The following procedures describe ways to view TCP/IP configurations.

To display the complete list of TCP/IP interface configurations for a computer using the command prompt

  1. To open a command prompt, click Start, click Run, type cmd, and then click OK.

  2. Type ipconfig /all, and then press ENTER.

To display the TCP/IP routing table using the command prompt

  1. To open a command prompt, click Start, click Run, type cmd, and then click OK.

  2. Type route print, and then press ENTER.

    Note

noteNote
For more information about TCP/IP configurations, see "TCP/IP utilities," in the Help and Support Center index.
</div></td>
</tr>
</tbody>
</table>

Troubleshooting a command-line installation error

The installation of the IPv6 protocol stack requires that you have administrative credentials. The command-line prompt will yield the "Access is denied" error (0x800700005) if you attempt to install the IPv6 protocol from the command-line prompt without having the required account credentials.

Online resources

(Web addresses can change, so you might be unable to connect to the Web site or sites mentioned here.)

Printed references

For more information about the IPv6 protocol suite, you can consult the following references:

  • Davies, J. Understanding IPv6. Redmond, WA: Microsoft Press, 2002.

  • Hagen, S. IPv6 Essentials. Sebastopol, CA: O'Reilly and Associates, Inc., 2002.