Configuring TCP/IP
Version 6
The transition to TCP/IP
version 6 (IPv6) has been coming for many years. IPv4 has lasted this
long due to life support services such as Classless Internet Domain
Routing (CIDR) and Network Address Translation (NAT). In the preceding
section, you saw how NAT provides for the reuse of IP addresses within
an enterprise, thereby extending the life of IPv4.
CIDR replaced the concept
of classful networks and introduced the use of variable length subnet
masking (VLSM). VLSM allowed the arbitrary prefix or subnet mask length
to suit the needs of the number of IP addresses necessary for a specific
subnet. CIDR uses a type of subnet mask shorthand for denoting the
subnet mask in number of contiguous bits. For example, to express the
dotted decimal subnet mask 255.255.255.0, you use the CIDR notation /24
to specify the 24 1s that are used to make the three octets of the
decimal value 255.
But
IPv4 is coming to an end. The organization responsible for Internet
services stewardship for Canada and the United States is the American
Registry for Internet Numbers (ARIN). ARIN announced a critical warning
in May 2007 that the IPv4 address pool is dangerously low. It is trying
to signal the need for a global effort to migrate to IPv6.
IPv6 also uses the
prefix notation introduced with CIDR although the concept of class
addresses does not exist with IPv6.
IPv6 Addressing
Explained
IPv6 uses a 128-bit address versus
the 32-bit address used in IPv4. With that bit of information, you can
easily see that one of the large advantages of moving to IPv6 is address
space. IPv4 had a theoretical maximum address space of 4.3 billion (232) addresses, with a little of over 20% of that address
space being unusable for host addressing for one reason or another.
IPv6 has the potential address space of 3.4×1038(2128)
addresses.
There are three types of IPv6 addresses:
Unicast— An address identifier for a single network
interface. Packets are sent to the interface identified with this
individual address.
Anycast— An
address identifier for a set of network interfaces. Packets addressed to
an anycast address are delivered to one of the interfaces identified
with that address. Within the set of interfaces addressed with the
anycast address, the one that is identified as being “nearest” to the
sender receives the packet. “Nearest” refers to a metric value based on
cost or distance according to the routing protocol in use.
Multicast— An address identifier for a set of interfaces that
usually belong to several hosts. A packet addressed to a multicast
address is sent to every interface of all hosts identified by that
address.
IPv6 addresses use a
different convention than IPv4 to represent the address string. The form
uses 32 hexadecimal values with colons as the separators every four
hexadecimal numerals. The string syntax looks much like this:
x:x:x:x:x:x:x:x
Each x represents
from one to four hexadecimal numerals.
Examples follow of the various addressing mechanisms:
2001:03BA0:0000:0000:0A32:0FFF:FE21:0C10
You
are also able to eliminate any leading 0s within a delimited set of
hexadecimal numerals such as this:
2001:3BA0:0:0:A32:FFF:FE21:C10
Using a further compressed form
allows you to represent any contiguous string of 0s with ::. This
particular shorthand can be used one time within an address like this:
2001:3BA0::A32:FFF:FE21:C10
This address is the
complete compressed form of the original one.
IPv6 address prefixes are
similar to IPv4 address prefixes that are written in CIDR notation. For
instance,
ipv6-address/prefix-length
where ipv6-address is one of three IPv6 address types using a
notation discussed previously and prefix-length is the representation of the number of leftmost
contiguous bits of the address that comprises the network or prefix. (Prefix actually refers
to the defined network bits of an IP address and subnet mask.)
For example, the
following are IPv6 address representations describing the same 60-bit
prefix:
123A:BCDE:0000:0000:ABCD:0000:0000:0000/60
123A:BCDE:0:0:ABCD:0:0:0/60
123A:BCDE::ABCD:0:0:0/60
123A:BCDE:0:0:ABCD::/60
There also are various
other ways to represent an IPv6 address. They are all explained in
RFC-3513 and later made obsolete by RFC-4291.
IPv6 Address Space
The IPv6 address space, much
like the IPv4 address space, has been divided into various blocks. The
blocks this time were carved up a bit more carefully than IPv4 was
initially. You need to recognize the types of existing IPv6 address
blocks described in the following sections.
Global Unicast
Addresses
The global unicast address space
is defined by the prefix 2000::/3 (where the first three bits of a
global address must be 001). These IPv6 addresses represent the routed
address of the Internet. This scope comprises one-eighth of the IPv6
address space.
Site-Local Addresses
The
site-local address space is defined by the prefix FEC0::/10 (the first
10 binary bits are 1111111011). This space was originally designated to
operate much like IPv4’s use of the Private IPv4 address space along
with NAT. This address space was intended to be used only within a site
defined by an organization’s geographic locations. This address space
can be reused within an organization and thus lends itself to having
duplicate IPv6 addresses within an organization.
Caution
You may be aware of the issue
of IPv6 site-local addresses. This address space, as of RFC-3879, is
formally deprecated. Existing implementations may continue to use
site-local addressing, but future IPv6 implementations are to remove its
use. This means that Windows Vista is an existing implementation, and
you are expected to be aware of its existence. The concept of the
site-local address was replaced by the unique-local IPv6 unicast address
space.
Unique-Local IPv6
Unicast Addresses
A replacement for the
site-local address, the unique-local IPv6 unicast address space defines
site addresses that are unique at each site. The first seven bits of a
unique-local IPv6 unicast address have a fixed binary value of 1111110
(in hexadecimal FC00::/7). The next bit that follows is called the Local
(L) flag. If this bit is set (11111101; or in hexadecimal FD00::/8), a
unique-local address is defined. A 40-bit value referred to as the Global ID follows these 8
bits. The Global ID is a random value that identifies specific sites
within an organization to assure site uniqueness. Therefore, the first
48 bits of a unique-local IPv6 unicast address define that it is a
unique-local address with a specific identifier for that site.
Organizations do not advertise their unique-local addresses outside
their organizations.
Link-Local IPv6
Addresses
A link-local IPv6 address is
one that is defined to allow nodes on a local link to communicate. These
addresses are equivalent to the IPv4 APIPA range except that the
interface more than likely also has another address assigned to it for
other communication capabilities. The link-local address is defined with
the prefix FE80::/64. This 64-bit prefix has another 64-bit interface
identifier appended to it to complete the 128-bit address. This address
is usually configured automatically and is required for the Neighbor
Discovery process. An IPv6 router does not forward link-local traffic.
Multicast Addresses
A multicast address is one used
to define a group of hosts. IPv6 addressing uses the special prefix
FF00::/8 to denote a multicast address. The third hexadecimal digit from the left is used to flag whether the
address is permanently assigned or transient. A 0 (zero) bit is used if
the address is permanent, and a 1 bit is used if the address is
transient or nonpermanent. Following are just a few of the important
multicast address prefixes you need to be aware of:
FF02/16 is a link-local multicast address.
FF05/16 is a site-local multicast address.
FF08/16 is an
organizational-local multicast address. This address is restricted to
and administered by the organization.
FF0E/16 is a globally scoped multicast
address. This address may be routed over the Internet.
Here are a few
examples of the preceding multicast addresses:
FF02::1 is an example of
the all-nodes address for a local network segment.
FF02::43 refers to all the NTP
servers on a local segment.
FF08::43 refers to all the NTP servers within an organization.
Special IPv6 Addresses
IPv6 also has several
special-use addresses. Many of these addresses are to be used for
transitional services between IPv4 and IPv6.
IPv4-Compatible Address
The IPv6 address format is ::ipv4address, where ipv4address is the actual 32-bit dotted decimal value of
an IPv4 address. This is considered obsolete, but Windows Vista still
supports it.
IPv4-Mapped Address
In an IPv4-mapped address, the
first 80 bits are set to 0, the next 16 bits are set to 1, and the last
32 bits represent an IPv4 address. The IPv6 format for this address is
::FFFF: AC10:10A. This represents the mapped address for 172.16.1.10.
IPv4-mapped addresses are used to represent an IPv4 to an IPv6
application.
6to4 Address
The format for a 6to4 address
is 2002::/16. This is an automatic tunneling scheme used for unicast
communication across an IPv4 Internet with IPv6 networks at the tunnel
endpoints.
Intra-Site Automatic
Tunnel Addressing Protocol (ISATAP)
Intra-Site Automatic Tunnel
Addressing Protocol (ISATAP) is an intranet tunneling mechanism for
unicast communication. The IPv6 format uses the locally administered
identifier ::5EFE:w.x.y.z, where w.x.y.z is any unicast IPv4 address.
Teredo
The Teredo specification is
known as the IPv4 Network Address Translation (NAT) traversal (NAT-T)
for IPv6. It allows a seamless tunnel from an IPv6 host through an IPv4
network to another IPv6 host behind an IPv4 NAT. This specification is
similar to 6to4 addressing except the router or network device
performing NAT is not required to participate in the relay process. The
IPv6 address and packet are tunneled in an IPv4 packet starting from a
Teredo client. The packet is sent across the IPv4 network (and also the
Internet) and through the IPv4 NAT device and transmitted to a Teredo
server device that removes the encapsulated IPv6 packet.
Loopback Address
The IPv6 loopback address,
unlike its IPv4 counterpart, 127.0.0.1, which wasted an entire 16
million addresses, consumes only a single IPv6 address, ::1.
To remove the confusion of
documentation using addresses within the site-local, unique-local, or
global unicast address pool, an attempt is being made to set aside a
“sample block” of addresses. IPv6 does not specify a standard for what
addressing architecture should be allocated for documentation purposes.
There is, however, RFC-3849, which specifies a block of addresses within
the global unicast address pool that is meant for creating examples
within documentation and other forms of content for training and
reference materials. The Internet Assigned Numbers Authority (IANA),
which is responsible for IPv4 and IPv6 address allocation, has deemed
the address prefix 2001:DB8::/32 to be used as a documentation-only
prefix. It is suggested also that this prefix be filtered on local and
public networks. The reason for setting aside a block of addresses for
documentation is to remove the confusion that was created when IPv4
documentation used addresses within the IPv4 Global and Private IPv4
routing pools.
|
IPv6 Configuration
The IPv6 protocol is not
enabled by default on any network adapter of a newly installed Windows
Vista computer. To enable IPv6 and configure it, check the empty box
next to Internet Protocol version 6
(TCP/IPv6), as shown Figure 4.
Select
the Properties
button, and you are presented with a dialog box that is similar to the
one used to configure the TCP/IPv4 protocol. Figure 5 shows the dialog box to configure a static IPv6 address.
You can now type your
assigned TCP/IPv6 address. Using the Advanced settings, you are able to
configure the different IPv6 addresses that are needed on the local
computer. Notice in Figure 5 the absence of a WINS tab because WINS is not used with
TCP/IPv6. Due to the complexity of IPv6 addressing, it is highly
unlikely you will be manually configuring IPv6 addresses on Windows
Vista desktops.
Note
Disabling
IPv6 You are not able to uninstall IPv6.
You can disable it by deselecting its use on a network connection. In
addition, you can use a Registry setting to disable or set preferences
for IPv6 use with IPv4. Table 2
outlines the Registry settings for the following Registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tcpip6\Parameters\DisabledComponents
Table 2. Registry DWord Values for Configuring
TCP/IPv6 DisabledComponents Registry Key
Configuration
Goal | DisabledComponents Value |
---|
Disable all tunnel
interfaces | 0×1 |
Disable
all LAN and PPP interfaces | 0×10 |
Disable all LAN, PPP, and
tunnel interfaces | 0×11 |
Use IPv4 in preference
to IPv6 | 0×20 |
Disable
IPv6 over all interfaces and use IPv4 in preference to IPv6 | 0×FF |
IPv6 has several automated
ways to issue an IPv6 addresses, as detailed in the following sections.
Stateless Address
Autoconfiguration
The stateless
address autoconfiguration method uses an IPv6 router discovery protocol.
An IPv6 host sends a multicast router solicitation message and receives
router advertisement messages from routers responding on the local
network. These router advertisement messages contain subnet prefixes
from which an IPv6 host determines its IPv6 addresses and its IPv6
router parameters, such as a default router.
Stateful Address
Autoconfiguration
Using a DHCPv6-enabled
server, an IPv6 host can receive subnet prefixes and other IPv6
configuration information. In addition, an IPv6 host could receive
portions of its IPv6 parameters through stateless address
autoconfiguration and the rest through stateful address
autoconfiguration. In the router advertisement message used to respond
to a router solicitation message, a field value indicates that the IPv6
host should also perform stateful address autoconfiguration. A computer
could receive some of its IPv6 configuration through stateless address
autoconfiguration such as link-local addressing and receive its global
addressing or DNS server addressing through stateful address
autoconfiguration.
IPv6 Local-Use Address
and Zone IDs
When displaying IPv6 addresses from a command line,
Microsoft implements a standard for discerning in which interface or
zone a local-use address is located. Local-use addresses are link-local
and site-local addresses. Because these addresses may be reused, there
needs to be some way for the computer to assure itself where an address
can be used. The syntax for displaying a Zone ID is
where Address is a local-use address and zoneID is an integer that represents the zone
relative to the sending computer. Every computer configured for IPv6
tracks its zones independent of all other IPv6 computers. Microsoft uses
the interface index as the integer value for the Zone ID on link-local
addresses. An example for a link-local address is
Link-local IPv6 Address: fe80::a44e:ee90:937b:f1b0%8
And its corresponding default
gateway for that zone ID is
Default Gateway:
fe80::214:69ff:fe9d:7cf0%8
where the Zone ID on the default
gateway indicates in which interface that address is reachable.
For a site-local address, the
Zone ID is the site ID assigned to the site for an organization. Because
site-local addressing is deprecated, it is not worth going any further
here.