IPv6 ?
Any change to IPv6 in Vista ? (Compared to XP)Would be nice with a nice GUI for IP configurations, default route, etcNote to mention, would be nice if addresses such as 1234:: was possible, just like in any other IPv6 implementation
December 6th, 2006 3:14am

Changes to IPv6 in Windows Vista & Longhorn Server IPv6 is the long-term replacement for IPv4, the current and widely used Internet layer of the TCP/IP protocol suite that was designed in the late 1970s. IPv6 provides the following benefits for TCP/IP-based networking connectivity: Large address space The 128-bit address space for IPv6 provides ample room to provide every device on the present and foreseeable future Internet with a globally reachable address. Efficient routing With a streamlined IPv6 header and addressing that supports hierarchical routing infrastructures, IPv6 routers on the Internet can forward IPv6 traffic faster than their IPv4 counterparts. Ease of configuration IPv6 hosts can configure themselves by either interacting with a Dynamic Host Configuration Protocol for IPv6 (DHCPv6) server or by interacting with their local router and using stateless address autoconfiguration. Enhanced security The IPv6 standards solve some of the security issues of IPv4 by providing better protection against address and port scanning attacks and by requiring that all IPv6 implementations support Internet Protocol security (IPsec) for cryptographic protection of IPv6 traffic. The changes to IPv6 in Windows Vista and Windows Server "Longhorn" are the following: Dual IP layer architecture Installed and enabled by default Graphical user interface (GUI)-based configuration Full Support for IPsec MLDv2 LLMNR Literal IPv6 addresses in URLs IPv6 over PPP DHCPv6 Random interface IDs Dual IP Layer Architecture The implementation of IPv6 in Windows XP and Windows Server 2003 is a dual stack architecture, which has separate protocol components for IPv4 and IPv6 that are installed through the Network Connections folder. The separate IPv4 and IPv6 protocol components had their own Transport layer that included Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) and framing layer. The Next Generation TCP/IP stack is a single protocol component installed through the Network Connections folder that supports the dual IP layer architecture, in which both IPv4 and IPv6 share common Transport and Framing layers. Because there is a single implementation of TCP, TCP traffic over IPv6 can take advantage of all the performance features of the Next Generation TCP/IP stack. These features include all of the performance enhancements of the IPv4 protocol stack of Windows XP and Windows Server 2003 and additional enhancements new to the Next Generation TCP/IP stack, such as Receive Window Auto Tuning and Compound TCPwhich can dramatically improve performance on high-latency/high-delay connectionsand better support for TCP traffic in high-loss environments (such as wireless LAN networks). Installed and Enabled by Default In Windows Vista and Windows Server "Longhorn," IPv6 is installed and enabled by default as the Internet Protocol version 6 (TCP/IPv6) component from the properties of a connection in the Connections and Adapters folder. In Windows Vista and Windows Server "Longhorn," many operating system components now support IPv6. When both IPv4 and IPv6 are enabled, the Next Generation TCP/IP stack prefers the use of IPv6. For example, if a Domain Name System (DNS) Name Query Response message contains a list of both IPv6 and IPv4 addresses, the Next Generation TCP/IP stack will attempt to communicate over IPv6 first, subject to the address selection rules that are defined in RFC 3484. For more information, see Source and Destination Address Selection for IPv6, the February 2006 The Cable Guy article. The preference of IPv6 over IPv4 offers IPv6-enabled applications better network connectivity because IPv6 connections can use IPv6 transition technologies such as Teredo, which allow peer or server applications to operate behind network address translators (NATs) without requiring NAT configuration or application modification. Enabling IPv6 by default and preferring of IPv6 traffic does not impair IPv4 connectivity. For example, on networks without IPv6 records in the DNS infrastructure, communications using IPv6 addresses are not attempted unless the user or application specifies the destination IPv6 address. To take advantage of IPv6 connectivity, networking applications must be updated to use Windows Sockets functions that are not specific to IPv4 or IPv6. GUI-based Configuration In Windows XP and Windows Server 2003, you must manually configure IPv6 configuration settings with netsh interface ipv6 commands at a Windows command prompt. Windows Vista and Windows Server Longhorn now allow you to also manually configure IPv6 settings through the properties of the Internet Protocol version 6 (TCP/IPv6) component in the Connections and Adapters folder. Full Support for IPsec Internet Protocol security (IPsec) support for IPv6 traffic in Windows XP and Windows Server 2003 is limited. There is no support for Internet Key Exchange (IKE) or data encryption. IPsec security policies, security associations and keys are configured through text files and activated through a command line tool, IPsec6.exe. In Windows Vista and Windows Server "Longhorn," IPsec support for IPv6 traffic is the same as that for IPv4, including support for IKE and data encryption with AES 128/192/256. The IP Security Policies snap-in now supports the configuration of IPsec policies for IPv6 traffic in the same way as IPv4 traffic using either the IP Security Policies snap-in or the new Windows Firewall with Advanced Security snap-in. MLDv2 Windows Vista and Windows Server Longhorn supports Multicast Listener Discovery version 2 (MLDv2), specified in RFC 3810, which allows IPv6 hosts to register interest in source-specific multicast traffic with their local multicast routers. A host running on Windows Vista or Windows Server Longhorn can register interest in receiving IPv6 multicast traffic from only specific source addresses (an include list) or from any source except specific source addresses (an exclude list). LLMNR Windows Vista and Windows Server Longhorn support Link-Local Multicast Name Resolution (LLMNR), which allows IPv6 hosts on a single subnet without a DNS server to resolve each others names. This capability is useful for single-subnet home networks and ad hoc wireless networks. Rather than unicasting a DNS query to a DNS server, LLMNR nodes send their DNS queries to a multicast address on which all the LLMNR-capable nodes of the subnet are listening. The owner of the queried name sends a unicast response. IPv4 nodes can also use LLMNR to perform local subnet name resolution without having to rely on NetBIOS over TCP/IP broadcasts. Literal IPv6 Addresses in URLs The WinINet API in Windows Vista and Windows Server Longhorn now supports RFC 2732 and the use of IPv6 literal addresses in URLs. For example, to connect to the Web server at the IPv6 address 2001:db8:100:2a5f::1, a user with a WinINet-based Web browser (such as Internet Explorer) can type http://[2001:db8:100:2a5f::1] as the URL. Although typical users might not use IPv6 literal addresses, the ability to specify the IPv6 address in the URL is valuable to application developers, software testers, and network troubleshooters. IPv6 over PPP The built-in remote access client now supports the IPv6 Control Protocol (IPV6CP), as defined in RFC 2472, to configure IPv6 nodes on a Point-to-Point Protocol (PPP) link. Native IPv6 traffic can now be sent over PPP-based connections. For example, IPV6CP support allows you to connect with an IPv6-based Internet service provider (ISP) through dial-up or PPP over Ethernet (PPPoE)-based connections that might be used for broadband Internet access. Additionally, IPV6CP supports Layer Two Tunneling Protocol (L2TP)-based virtual private network connections. DHCPv6 The DHCP Client service in Windows Vista and Windows Server Longhorn supports Dynamic Host Configuration Protocol for IPv6 (DHCPv6) defined in RFCs 3315 and 3736. A computer running Windows Vista or Windows Server Longhorn can perform both DHCPv6 stateful and stateless configuration on a native IPv6 network. Random Interface IDs To prevent address scans of IPv6 addresses based on the known company IDs of network adapter manufacturers, Windows Vista and Windows Server Longhorn by default generate random interface IDs for non-temporary autoconfigured IPv6 addresses, including public and link-local addresses. A public IPv6 address is a global address that is registered in DNS and is typically used by server applications for incoming connections, such as a Web server. Note that this new behavior is different than that for temporary IPv6 addresses, as described in RFC 3041. Temporary addresses also use randomly derived interface IDs. However, they are not registered in DNS and are typically used by client applications when initiating communication, such as a Web browser. You can disable this behavior with the netsh interface ipv6 set global randomizeidentifiers=disabled command. You can enable this behavior with the netsh interface ipv6 set global randomizeidentifiers=enabled command. Full Support for IPsec Internet Protocol security (IPsec) support for IPv6 traffic in Windows XP and Windows Server 2003 is limited. There is no support for Internet Key Exchange (IKE) or data encryption. IPsec security policies, security associations and keys are configured through text files and activated through a command line tool, IPsec6.exe. In Windows Vista and Windows Server "Longhorn," IPsec support for IPv6 traffic is the same as that for IPv4, including support for IKE and data encryption with AES 128/192/256. The IP Security Policies snap-in now supports the configuration of IPsec policies for IPv6 traffic in the same way as IPv4 traffic using either the IP Security Policies snap-in or the new Windows Firewall with Advanced Security snap-in. MLDv2 Windows Vista and Windows Server Longhorn supports Multicast Listener Discovery version 2 (MLDv2), specified in RFC 3810, which allows IPv6 hosts to register interest in source-specific multicast traffic with their local multicast routers. A host running on Windows Vista or Windows Server Longhorn can register interest in receiving IPv6 multicast traffic from only specific source addresses (an include list) or from any source except specific source addresses (an exclude list). LLMNR Windows Vista and Windows Server Longhorn support Link-Local Multicast Name Resolution (LLMNR), which allows IPv6 hosts on a single subnet without a DNS server to resolve each others names. This capability is useful for single-subnet home networks and ad hoc wireless networks. Rather than unicasting a DNS query to a DNS server, LLMNR nodes send their DNS queries to a multicast address on which all the LLMNR-capable nodes of the subnet are listening. The owner of the queried name sends a unicast response. IPv4 nodes can also use LLMNR to perform local subnet name resolution without having to rely on NetBIOS over TCP/IP broadcasts. Literal IPv6 Addresses in URLs The WinINet API in Windows Vista and Windows Server Longhorn now supports RFC 2732 and the use of IPv6 literal addresses in URLs. For example, to connect to the Web server at the IPv6 address 2001:db8:100:2a5f::1, a user with a WinINet-based Web browser (such as Internet Explorer) can type http://[2001:db8:100:2a5f::1] as the URL. Although typical users might not use IPv6 literal addresses, the ability to specify the IPv6 address in the URL is valuable to application developers, software testers, and network troubleshooters. IPv6 over PPP The built-in remote access client now supports the IPv6 Control Protocol (IPV6CP), as defined in RFC 2472, to configure IPv6 nodes on a Point-to-Point Protocol (PPP) link. Native IPv6 traffic can now be sent over PPP-based connections. For example, IPV6CP support allows you to connect with an IPv6-based Internet service provider (ISP) through dial-up or PPP over Ethernet (PPPoE)-based connections that might be used for broadband Internet access. Additionally, IPV6CP supports Layer Two Tunneling Protocol (L2TP)-based virtual private network connections. DHCPv6 The DHCP Client service in Windows Vista and Windows Server Longhorn supports Dynamic Host Configuration Protocol for IPv6 (DHCPv6) defined in RFCs 3315 and 3736. A computer running Windows Vista or Windows Server Longhorn can perform both DHCPv6 stateful and stateless configuration on a native IPv6 network. Random Interface IDs To prevent address scans of IPv6 addresses based on the known company IDs of network adapter manufacturers, Windows Vista and Windows Server Longhorn by default generate random interface IDs for non-temporary autoconfigured IPv6 addresses, including public and link-local addresses. A public IPv6 address is a global address that is registered in DNS and is typically used by server applications for incoming connections, such as a Web server. Note that this new behavior is different than that for temporary IPv6 addresses, as described in RFC 3041. Temporary addresses also use randomly derived interface IDs. However, they are not registered in DNS and are typically used by client applications when initiating communication, such as a Web browser. You can disable this behavior with the netsh interface ipv6 set global randomizeidentifiers=disabled command. You can enable this behavior with the netsh interface ipv6 set global randomizeidentifiers=enabled command. Changes to Teredo Teredo is an IPv6 transition technology that allows IPv6/IPv4 nodes that are separated by one or more NATs to communicate end-to-end with global IPv6 addresses. NATs are commonly used on the Internet to preserve the public IPv4 address space by translating the addresses and port numbers of traffic to and from private network hosts that use private IPv4 addresses. Although NATs extend the life of the public IPv4 address space, this functionality comes at the cost of violating the original design principle of the Internet that all nodes should communicate with a unique global address. Because of the reuse of private addresses and the translation between private and public addresses that occur at the NAT, servers and peers that are located on private networks behind NATs cannot communicate without either manually configuring the NAT or modifying application protocols. Although IPv4 traffic for servers and peers that are behind a NAT might have problems traversing a NAT, Teredo-based IPv6 traffic can traverse a NAT without having to configure the NAT or modify application protocols. Teredo IPv6 addresses are global addresses, unique to the entire Internet. Teredo restores global addressing and end-to-end connectivity for IPv6 traffic for an environment that does not support global addressing and end-to-end connectivity for IPv4 traffic. Teredo was first released with the Advanced Networking Pack for Windows XP with Service Pack 1 and is included with Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1. Windows Vista and Windows Server "Longhorn" also support Teredo. In Windows Vista, Teredo is enabled but inactive by default. In order to become active, you must either use an application that requires Teredo, or configure advanced settings on a Windows Firewall inbound rule to allow edge traversal. In Windows Server Longhorn, Teredo is disabled by default. Teredo in Windows Vista and Windows Server "Longhorn" supports the following: Teredo is now enabled for domain member computers. Teredo for Windows XP and Windows Server 2003 automatically disabled itself if the computer was a member of a domain. A domain member computer is more likely to be attached to a network that has deployed either native IPv6 connectivity or Intra-Site Automatic Tunnel Addressing Protocol (ISATAP), an IPv6 transition technology. However, domain member computers can also benefit from Teredo-based IPv6 connectivity. Teredo can now work if there is one Teredo client behind one or more symmetric NATs. A symmetric NAT maps the same internal (private) address and port number to different external (public) addresses and ports, depending on the external destination address (for outbound traffic). Teredo for Windows XP and Windows Server 2003 disables itself if it detects that it is behind a symmetric NAT. This new behavior allows Teredo to work between a larger set of Internet-connected hosts. Security with IPv6 and Teredo Having IPv6 and Teredo enabled by default does not make your computer more vulnerable to attack by malicious users or programs because of the following: Windows Firewall, included with and enabled by default for both Windows Vista and Windows Server "Longhorn", is a stateful host-based firewall for both IPv4 and IPv6 traffic. All of the protections against unwanted, unsolicited, incoming traffic apply to both IPv4 and IPv6 traffic. Windows Firewall allows exceptions for wanted, unsolicited, incoming traffic based on TCP or UDP ports or by specifying a program name and apply to an individual computer. Windows Firewall-based exceptions are much more specific than exceptions configured on typical NATs. The Windows Filtering Platform is a new architecture in Windows Vista and Windows Server "Longhorn" that allows third-party software developers access to the TCP/IP packet processing path, wherein outgoing and incoming packets can be examined or changed before allowing them to be processed further. By tapping into the TCP/IP processing path, ISVs can create firewalls, antivirus software, diagnostic software, and other types of applications and services. The Windows Filtering Platform is designed for both IPv4 and IPv6 traffic. Third-party host-based firewall products that use the Windows Filtering Platform will typically support both IPv4 and IPv6 traffic. Computers running Windows Vista have IPv6, Teredo, and Windows Firewall enabled by default, and are protected from unwanted, unsolicited, incoming IPv6 traffic. Disabling IPv6 Unlike Windows XP, IPv6 in Windows Vista and Windows Server Longhorn cannot be uninstalled. To disable IPv6 on a specific connection, you can do the following: In the Network Connections folder, obtain properties of the connection and clear the check box next to the Internet Protocol version 6 (TCP/IPv6) component in the list under This connection uses the following items. This method disables IPv6 on your LAN interfaces and connections, but does not disable IPv6 on tunnel interfaces or the IPv6 loopback interface. To selectively disable Pv6 components and configure behaviors for IPv6 in Windows Vista, create and configure the following registry value (DWORD type): HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tcpip6\Parameters\DisabledComponents DisabledComponents is set to 0 by default. The DisabledComponents registry value is a bit mask that controls the following series of flags, starting with the low order bit (Bit 0): Bit 0 Set to 1 to disable all IPv6 tunnel interfaces, including ISATAP, 6to4, and Teredo tunnels. Default value is 0. Bit 1 Set to 1 to disable all 6to4-based interfaces. Default value is 0. Bit 2 Set to 1 to disable all ISATAP-based interfaces. Default value is 0. Bit 3 Set to 1 to disable all Teredo-based interfaces. Default value is 0. Bit 4 Set to 1 to disable IPv6 over all non-tunnel interfaces, including LAN interfaces and Point-to-Point Protocol (PPP)-based interfaces. Default value is 0. Bit 5 Set to 1 to modify the default prefix policy table to prefer IPv4 to IPv6 when attempting connections. Default value is 0. For more information about the prefix policy table, see Source and Destination Address Selection for IPv6, the February 2006 The Cable Guy article. To determine the value of DisabledComponents for a specific set of bits, construct a binary number consisting of the bits and their values in their correct position and convert the resulting number to hexadecimal. For example, if you want to disable 6to4 interfaces, disable Teredo interfaces, and prefer IPv4 to IPv6, you would construct the following binary number: 101010. When converted to hexadecimal, the value of DisabledComponents is 0x2A.
Free Windows Admin Tool Kit Click here and download it now
December 6th, 2006 10:32pm

Thanks :)Unfortunatley, the link "Source and Destination Address Selection for IPv6" appears to be obsolete and no longer working, can you confirm that Vista would accept an address such as 2001:db8:100:2a5f:: ?Please advise
December 8th, 2006 10:19pm

It's working for me! Try it again
Free Windows Admin Tool Kit Click here and download it now
December 8th, 2006 11:04pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics