Header Ads

Explore IPv6 with Windows XP


Forward-looking organizations are beginning to evaluate the benefits of moving to the next version of TCP/IP—IPv6, which, among other benefits, eliminates the need for the patchwork of fixes, such as Network Address Translation, that has invaded many a networked environment over the past few years.

It is necessary to rework many TCP/IP stacks and applications to take advantage of the new architecture and features. You’re in luck if you’re running Windows XP because it’s in the beginning stages of making use of IPv6. I’ll show you how to enable IPv6 under XP and give you some tips on what to look out for.

IPv6 has been included in both Windows XP Professional, and Home Edition. At first, it was positioned as developer release, which meant no support for ordinary users. But Microsoft announced official support for IPv6 with Service Pack-1 (XP SP-1). XP SP-1 has some additional functionalities in install and IPv6 commands. I will basically follow procedures common to XP and XP SP-1 below, and add explanation about the differences between two versions.

Not quite ready for prime time

IPv6 is not recommended for production use yet. While IPv6 functionality is present in Windows XP, it’s definitely not as well supported as IPv4, the current version of TCP/IP. This lack of functionality is evident because even the earliest stages of enabling IPv6 support in the new OS are difficult to configure. For instance, everything related to IPv6 is performed at the command line. Also, none of the current GUI utilities present in XP will show you any IPv6 information, even when it is enabled and you’re actively using it.

Installing and verifying the stack


As a separate service to Windows XP, you must install IPv6 before you can use it. This installation can only be performed while you’re logged on as an administrative user. In my examples, I’ll always be logged in as Administrator.

Installation

To install IPv6, start a command prompt session and type the following:
Ipv6 install

You’ll be greeted with a very simple message: “Installing…,” followed by “Succeeded.”

Verification

Once IPv6 is installed, make sure that the stack is actually up and operational with the command below, which will give you a list of the IPv6 interfaces present on your system:
Ipv6 if

Windows’ response to this command is quite lengthy, as shown in Table A.

Table A


C:\Documents and Settings\Administrator>ipv6 if
Interface 4: Ethernet: Local Area Connection
uses Neighbor Discovery
uses Router Discovery
link-layer address: 00-50-56-40-4c-ee
preferred link-local fe80::250:56ff:fe40:4cee, life infinite
multicast interface-local ff01::1, 1 refs, not reportable
multicast link-local ff02::1, 1 refs, not reportable
multicast link-local ff02::1:ff40:4cee, 1 refs, last reporter
link MTU 1500 (true link MTU 1500)
current hop limit 128
reachable time 21000ms (base 30000ms)
retransmission interval 1000ms
DAD transmits 1
Interface 3: 6to4 Tunneling Pseudo-Interface
does not use Neighbor Discovery
does not use Router Discovery
link MTU 1280 (true link MTU 65515)
current hop limit 128
reachable time 16500ms (base 30000ms)
retransmission interval 1000ms
DAD transmits 0
Interface 2: Automatic Tunneling Pseudo-Interface
does not use Neighbor Discovery
does not use Router Discovery
router link-layer address: 0.0.0.0
EUI-64 embedded IPv4 address: 0.0.0.0
preferred link-local fe80::5efe:172.16.1.82, life infinite
link MTU 1280 (true link MTU 65515)
current hop limit 128
reachable time 27500ms (base 30000ms)
retransmission interval 1000ms
DAD transmits 0
Interface 1: Loopback Pseudo-Interface
does not use Neighbor Discovery
does not use Router Discovery
link-layer address:
preferred link-local ::1, life infinite
preferred link-local fe80::1, life infinite
link MTU 1500 (true link MTU 4294967295)
current hop limit 128
reachable time 35500ms (base 30000ms)
retransmission interval 1000ms
DAD transmits 0

The IPv6 interface list

As you can see, this is a very different list of interfaces from those you get when you work with IPv4. For this example, I have a total of four IPv6 interfaces present in my Windows XP test system (Table B). The first three interfaces should be the same in most of the systems that you use. Interfaces four and up vary from system to system, depending on the hardware in use.

Table B


Interface number Name Description
1 Loopback Pseudo-Interface If you have used the IPv4 address 127.0.0.1 to test network connectivity, you already know what this interface is used for. This interface provides an IPv6 loopback interface with the address ::1 or fe80::1
2 Automatic Tunneling Pseudo-Interface As its name implies, this is an interface used for automatic tunneling.
3 6to4 Tunneling Pseudo-Interface This interface provides an IPv6 to IPv4 tunnel.
4 Network adapters Interfaces four and up are created on the fly and are dependent on the hardware that exists in the workstation.

Windows XP IPv6 interface explanation

As a second step in making sure that your Windows XP machine’s IPv6 stack is operational, you can use the ping command, aptly named ping6 for IPv6. To ping the loopback interface in IPv4, you used the command ping 127.0.0.1 because that was the address of the loopback interface on your machine. For IPv6, you can use either of the following commands; the results are shown in Table C.

ping6 ::1
ping6 fe80::1


Table C
C:\Documents and Settings\Administrator>ping6 ::1

Pinging ::1
from ::1 with 32 bytes of data:

Reply from ::1: bytes=32 time=4ms
Reply from ::1: bytes=32 time<1ms bytes="32" bytes="32">

Ping statistics for ::1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 4ms, Average = 1ms


Statistics using IPv6 to ping the loopback interface

Using the IPv6 commands

The Windows XP IPv6 command provides significant functionality for installing and using IPv6 in XP. In addition to this command, XP provides ping6 and tracert6, which perform the same functions as their IPv4 counterparts. Also, XP’s telnet and FTP clients work with IPv6 addresses.

Add or delete an IPv6 Address:
  • From a windows command line invoke the netsh tool by typing “netsh” and then pressing the enter key.
  • Next change the context of netsh to interface by typing “interface” and press enter.
  • Change the context of the interface to ipv6 mode by typing “ipv6” and pressing enter.
  • The command to add an address has the form of “add address [interface=] [address=]
a. Example: add address interface="Local Area Connection 2" 2001:1945:feed:deef::1

Deletion can be handled in the same manner by using keyword delete instead of keyword add.

IPv6 Home LAN Topology Assumptions

This article assumes that the vast majority of home network topologies have (or will have in the near future) the following properties:

  • A single home router
  • One subnet per household
  • IPv4 and/or IPv6-capable computers and devices
  • The home router serving as the network security boundary.

Figure 1 shows a network reference topology of a home network, which consists of a single subnet, four computers, and a Voice over IP (VoIP) phone. As a growing trend, home networks now consist of multiple wired and wireless segments. Figure 1 also shows a second wireless router to illustrate a common case of wireless expansion in the home?most new wireless access points (APs) come with integrated router functionality whether the home user needs it or not. Further discussion about the differences between routers and wireless APs can be found in the following section.

Figure 1 : A Single Home Router

In Figure 1, Home Router A implements network address translator (NAT) functionality for IPv4 traffic and router functionality for IPv6 traffic. The home LAN is a leaf network of the IPv6 Internet. Physical network configuration may be more complex, involving Ethernet switches, wireless APs, VoIP adapters, and other connectivity solutions.

A "pure" home router is a device with two Ethernet ports: a wide area network (WAN) port connected to the ISP and a local area network (LAN) port for the home network. However, often home routers are also integrated with other functionalities such as being a broadband modem (digital subscriber line [DSL] or cable), multi-port LAN switch, wireless AP, etc. Figure 2 illustrates the conceptual breakdown of this integration trend. Note that such integration does not alter the core router functionality.

Figure 2: Router integration with other devices

One Subnet per Household

The underlying assumption in this article is that homes consist of a single subnet. From a home network addressing perspective, multi-subnet configurations and intra-home routing are unwarranted. Exceptions to the single subnet design might include:

  • Mistaken double NATs. This commonly occurs when an integrated wireless router (instead of a bridged wireless AP) is added to the home network.
  • Layered security barriers, or perimeter networks (also known as DMZs). For example, parents may want to separate confidential or sensitive computers away from their children's Internet-facing gaming computers.

In a single-subnet home network, all wired or wireless segments must be bridged transparently. When an integrated router is added to this existing network (for wireless or Ethernet switching), the integrated device must either:

  • Turn off its own router functionality and only operate as a wireless AP or bridge, or
  • Provide multiple LAN ports and clearly instruct users to connect all segment cables to LAN ports only and to avoid any use of the WAN port (see Figure 3).

Microsoft further recommends including double NAT detection functionality in the home router. When an integrated router obtains a private IPv4 address for its WAN port through the Dynamic Host Configuration Protocol (DHCP), it is most likely due to a double NAT configuration. In contrast, a private IPv4 address obtained through Point-to-Point Protocol over Ethernet (PPPoE), Layer Two Tunneling Protocol (L2TP), or similar WAN/ISP mechanisms are most likely due to an ISP service that is limited to private IPv4 addresses, and is not necessarily an indication of misconfiguration. This is not an entirely accurate technique for detecting double NATs. For example, a DHCP server may be purposefully configured to hand out private IPv4 addresses. Microsoft strongly recommends that customers be warned about the potential network misconfiguration and provided guidelines for fixing the problem.

Figure 3: Router functionality bypass (LAN switching)

When to expect the full version

Current IPv6 functionality is still in the dark ages with its command-line-only interface. Microsoft is slated to release Windows XP Service Pack 1 on August 14, 2002. One of the significant changes will be in the area of IPv6. With XP SP1, Microsoft will release a fully supported, fully GUI-integrated version of IPv6. With this much backing from Microsoft, you can be sure IPv6 will slowly begin to supplant IPv4 as organizations acquire hardware and software that can support it.