Configure and Troubleshoot Network Protocols (part 3) - Configuring TCP/IP Version 6

3/16/2011 10:35:27 PM

Configuring TCP/IP Version 6

The transition to TCP/IP version 6 (IPv6) has been coming for many years. IPv4 has lasted this long due to life support services such as Classless Internet Domain Routing (CIDR) and Network Address Translation (NAT). In the preceding section, you saw how NAT provides for the reuse of IP addresses within an enterprise, thereby extending the life of IPv4.

CIDR replaced the concept of classful networks and introduced the use of variable length subnet masking (VLSM). VLSM allowed the arbitrary prefix or subnet mask length to suit the needs of the number of IP addresses necessary for a specific subnet. CIDR uses a type of subnet mask shorthand for denoting the subnet mask in number of contiguous bits. For example, to express the dotted decimal subnet mask 255.255.255.0, you use the CIDR notation /24 to specify the 24 1s that are used to make the three octets of the decimal value 255.

But IPv4 is coming to an end. The organization responsible for Internet services stewardship for Canada and the United States is the American Registry for Internet Numbers (ARIN). ARIN announced a critical warning in May 2007 that the IPv4 address pool is dangerously low. It is trying to signal the need for a global effort to migrate to IPv6.

IPv6 also uses the prefix notation introduced with CIDR although the concept of class addresses does not exist with IPv6.

IPv6 Addressing Explained

IPv6 uses a 128-bit address versus the 32-bit address used in IPv4. With that bit of information, you can easily see that one of the large advantages of moving to IPv6 is address space. IPv4 had a theoretical maximum address space of 4.3 billion (2³²) addresses, with a little of over 20% of that address space being unusable for host addressing for one reason or another. IPv6 has the potential address space of 3.4×10³⁸(2¹²⁸) addresses.

There are three types of IPv6 addresses:

Unicast— An address identifier for a single network interface. Packets are sent to the interface identified with this individual address.
Anycast— An address identifier for a set of network interfaces. Packets addressed to an anycast address are delivered to one of the interfaces identified with that address. Within the set of interfaces addressed with the anycast address, the one that is identified as being “nearest” to the sender receives the packet. “Nearest” refers to a metric value based on cost or distance according to the routing protocol in use.
Multicast— An address identifier for a set of interfaces that usually belong to several hosts. A packet addressed to a multicast address is sent to every interface of all hosts identified by that address.

IPv6 addresses use a different convention than IPv4 to represent the address string. The form uses 32 hexadecimal values with colons as the separators every four hexadecimal numerals. The string syntax looks much like this:

x:x:x:x:x:x:x:x

Each x represents from one to four hexadecimal numerals.

Examples follow of the various addressing mechanisms:

2001:03BA0:0000:0000:0A32:0FFF:FE21:0C10

You are also able to eliminate any leading 0s within a delimited set of hexadecimal numerals such as this:

2001:3BA0:0:0:A32:FFF:FE21:C10

Using a further compressed form allows you to represent any contiguous string of 0s with ::. This particular shorthand can be used one time within an address like this:

2001:3BA0::A32:FFF:FE21:C10

This address is the complete compressed form of the original one.

IPv6 address prefixes are similar to IPv4 address prefixes that are written in CIDR notation. For instance,

ipv6-address/prefix-length

where ipv6-address is one of three IPv6 address types using a notation discussed previously and prefix-length is the representation of the number of leftmost contiguous bits of the address that comprises the network or prefix. (Prefix actually refers to the defined network bits of an IP address and subnet mask.)

For example, the following are IPv6 address representations describing the same 60-bit prefix:

123A:BCDE:0000:0000:ABCD:0000:0000:0000/60

123A:BCDE:0:0:ABCD:0:0:0/60

123A:BCDE::ABCD:0:0:0/60

123A:BCDE:0:0:ABCD::/60

There also are various other ways to represent an IPv6 address. They are all explained in RFC-3513 and later made obsolete by RFC-4291.

IPv6 Address Space

The IPv6 address space, much like the IPv4 address space, has been divided into various blocks. The blocks this time were carved up a bit more carefully than IPv4 was initially. You need to recognize the types of existing IPv6 address blocks described in the following sections.

Global Unicast Addresses

The global unicast address space is defined by the prefix 2000::/3 (where the first three bits of a global address must be 001). These IPv6 addresses represent the routed address of the Internet. This scope comprises one-eighth of the IPv6 address space.

Site-Local Addresses

The site-local address space is defined by the prefix FEC0::/10 (the first 10 binary bits are 1111111011). This space was originally designated to operate much like IPv4’s use of the Private IPv4 address space along with NAT. This address space was intended to be used only within a site defined by an organization’s geographic locations. This address space can be reused within an organization and thus lends itself to having duplicate IPv6 addresses within an organization.

Caution

You may be aware of the issue of IPv6 site-local addresses. This address space, as of RFC-3879, is formally deprecated. Existing implementations may continue to use site-local addressing, but future IPv6 implementations are to remove its use. This means that Windows Vista is an existing implementation, and you are expected to be aware of its existence. The concept of the site-local address was replaced by the unique-local IPv6 unicast address space.

Unique-Local IPv6 Unicast Addresses

A replacement for the site-local address, the unique-local IPv6 unicast address space defines site addresses that are unique at each site. The first seven bits of a unique-local IPv6 unicast address have a fixed binary value of 1111110 (in hexadecimal FC00::/7). The next bit that follows is called the Local (L) flag. If this bit is set (11111101; or in hexadecimal FD00::/8), a unique-local address is defined. A 40-bit value referred to as the Global ID follows these 8 bits. The Global ID is a random value that identifies specific sites within an organization to assure site uniqueness. Therefore, the first 48 bits of a unique-local IPv6 unicast address define that it is a unique-local address with a specific identifier for that site. Organizations do not advertise their unique-local addresses outside their organizations.

Link-Local IPv6 Addresses

A link-local IPv6 address is one that is defined to allow nodes on a local link to communicate. These addresses are equivalent to the IPv4 APIPA range except that the interface more than likely also has another address assigned to it for other communication capabilities. The link-local address is defined with the prefix FE80::/64. This 64-bit prefix has another 64-bit interface identifier appended to it to complete the 128-bit address. This address is usually configured automatically and is required for the Neighbor Discovery process. An IPv6 router does not forward link-local traffic.

Multicast Addresses

A multicast address is one used to define a group of hosts. IPv6 addressing uses the special prefix FF00::/8 to denote a multicast address. The third hexadecimal digit from the left is used to flag whether the address is permanently assigned or transient. A 0 (zero) bit is used if the address is permanent, and a 1 bit is used if the address is transient or nonpermanent. Following are just a few of the important multicast address prefixes you need to be aware of:

FF02/16 is a link-local multicast address.
FF05/16 is a site-local multicast address.
FF08/16 is an organizational-local multicast address. This address is restricted to and administered by the organization.
FF0E/16 is a globally scoped multicast address. This address may be routed over the Internet.

Here are a few examples of the preceding multicast addresses:

FF02::1 is an example of the all-nodes address for a local network segment.
FF02::43 refers to all the NTP servers on a local segment.
FF08::43 refers to all the NTP servers within an organization.

Special IPv6 Addresses

IPv6 also has several special-use addresses. Many of these addresses are to be used for transitional services between IPv4 and IPv6.

IPv4-Compatible Address

The IPv6 address format is ::ipv4address, where ipv4address is the actual 32-bit dotted decimal value of an IPv4 address. This is considered obsolete, but Windows Vista still supports it.

IPv4-Mapped Address

In an IPv4-mapped address, the first 80 bits are set to 0, the next 16 bits are set to 1, and the last 32 bits represent an IPv4 address. The IPv6 format for this address is ::FFFF: AC10:10A. This represents the mapped address for 172.16.1.10. IPv4-mapped addresses are used to represent an IPv4 to an IPv6 application.

6to4 Address

The format for a 6to4 address is 2002::/16. This is an automatic tunneling scheme used for unicast communication across an IPv4 Internet with IPv6 networks at the tunnel endpoints.

Intra-Site Automatic Tunnel Addressing Protocol (ISATAP)

Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) is an intranet tunneling mechanism for unicast communication. The IPv6 format uses the locally administered identifier ::5EFE:w.x.y.z, where w.x.y.z is any unicast IPv4 address.

Teredo

The Teredo specification is known as the IPv4 Network Address Translation (NAT) traversal (NAT-T) for IPv6. It allows a seamless tunnel from an IPv6 host through an IPv4 network to another IPv6 host behind an IPv4 NAT. This specification is similar to 6to4 addressing except the router or network device performing NAT is not required to participate in the relay process. The IPv6 address and packet are tunneled in an IPv4 packet starting from a Teredo client. The packet is sent across the IPv4 network (and also the Internet) and through the IPv4 NAT device and transmitted to a Teredo server device that removes the encapsulated IPv6 packet.

Loopback Address

The IPv6 loopback address, unlike its IPv4 counterpart, 127.0.0.1, which wasted an entire 16 million addresses, consumes only a single IPv6 address, ::1.

Using IPv6 Addresses in Examples Within Documentation

To remove the confusion of documentation using addresses within the site-local, unique-local, or global unicast address pool, an attempt is being made to set aside a “sample block” of addresses. IPv6 does not specify a standard for what addressing architecture should be allocated for documentation purposes. There is, however, RFC-3849, which specifies a block of addresses within the global unicast address pool that is meant for creating examples within documentation and other forms of content for training and reference materials. The Internet Assigned Numbers Authority (IANA), which is responsible for IPv4 and IPv6 address allocation, has deemed the address prefix 2001:DB8::/32 to be used as a documentation-only prefix. It is suggested also that this prefix be filtered on local and public networks. The reason for setting aside a block of addresses for documentation is to remove the confusion that was created when IPv4 documentation used addresses within the IPv4 Global and Private IPv4 routing pools.

IPv6 Configuration

The IPv6 protocol is not enabled by default on any network adapter of a newly installed Windows Vista computer. To enable IPv6 and configure it, check the empty box next to Internet Protocol version 6 (TCP/IPv6), as shown Figure 4.

Figure 4. Enabling TCP/IPv6 on an adapter.

Select the Properties button, and you are presented with a dialog box that is similar to the one used to configure the TCP/IPv4 protocol. Figure 5 shows the dialog box to configure a static IPv6 address.

Figure 5. Configuring TCP/IPv6 protocol on a network interface.

You can now type your assigned TCP/IPv6 address. Using the Advanced settings, you are able to configure the different IPv6 addresses that are needed on the local computer. Notice in Figure 5 the absence of a WINS tab because WINS is not used with TCP/IPv6. Due to the complexity of IPv6 addressing, it is highly unlikely you will be manually configuring IPv6 addresses on Windows Vista desktops.

Note

Disabling IPv6 You are not able to uninstall IPv6. You can disable it by deselecting its use on a network connection. In addition, you can use a Registry setting to disable or set preferences for IPv6 use with IPv4. Table 2 outlines the Registry settings for the following Registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tcpip6\Parameters\DisabledComponents

Table 2. Registry DWord Values for Configuring TCP/IPv6 DisabledComponents Registry Key
Configuration Goal	DisabledComponents Value
Disable all tunnel interfaces	0×1
Disable all LAN and PPP interfaces	0×10
Disable all LAN, PPP, and tunnel interfaces	0×11
Use IPv4 in preference to IPv6	0×20
Disable IPv6 over all interfaces and use IPv4 in preference to IPv6	0×FF

IPv6 has several automated ways to issue an IPv6 addresses, as detailed in the following sections.

Stateless Address Autoconfiguration

The stateless address autoconfiguration method uses an IPv6 router discovery protocol. An IPv6 host sends a multicast router solicitation message and receives router advertisement messages from routers responding on the local network. These router advertisement messages contain subnet prefixes from which an IPv6 host determines its IPv6 addresses and its IPv6 router parameters, such as a default router.

Stateful Address Autoconfiguration

Using a DHCPv6-enabled server, an IPv6 host can receive subnet prefixes and other IPv6 configuration information. In addition, an IPv6 host could receive portions of its IPv6 parameters through stateless address autoconfiguration and the rest through stateful address autoconfiguration. In the router advertisement message used to respond to a router solicitation message, a field value indicates that the IPv6 host should also perform stateful address autoconfiguration. A computer could receive some of its IPv6 configuration through stateless address autoconfiguration such as link-local addressing and receive its global addressing or DNS server addressing through stateful address autoconfiguration.

IPv6 Local-Use Address and Zone IDs

When displaying IPv6 addresses from a command line, Microsoft implements a standard for discerning in which interface or zone a local-use address is located. Local-use addresses are link-local and site-local addresses. Because these addresses may be reused, there needs to be some way for the computer to assure itself where an address can be used. The syntax for displaying a Zone ID is

Address%zoneID

where Address is a local-use address and zoneID is an integer that represents the zone relative to the sending computer. Every computer configured for IPv6 tracks its zones independent of all other IPv6 computers. Microsoft uses the interface index as the integer value for the Zone ID on link-local addresses. An example for a link-local address is

Link-local IPv6 Address: fe80::a44e:ee90:937b:f1b0%8

And its corresponding default gateway for that zone ID is

Default Gateway: fe80::214:69ff:fe9d:7cf0%8

where the Zone ID on the default gateway indicates in which interface that address is reachable.

For a site-local address, the Zone ID is the site ID assigned to the site for an organization. Because site-local addressing is deprecated, it is not worth going any further here.