Features of the IPv6 Protocol for the Windows .NET Server 2003 family

The IPv6 protocol for the Windows .NET Server 2003 family includes the following features:

• Basic stack support
• 6to4
• ISATAP
• 6over4
• PortProxy
• Temporary addresses
• DNS support
• IPSec support
• Static router support
• Address selection
• Site prefixes in router advertisements

Basic Stack Support

The IPv6 protocol for the Windows .NET Server 2003 family supports standard IPv6 protocol stack functionality, including support for:

• Unicast, multicast, and anycast addressing
• The ICMPv6, Neighbor Discovery (ND), and MLD protocols
• Stateless address autoconfiguration
• Correspondent node support for IPv6 mobility

6to4

6to4 is a component of the IPv6 protocol for the Windows .NET Server 2003 family that allows automatic tunneling and IPv6 connectivity between IPv6/IPv4 hosts across the IPv4 Internet. 6to4 hosts use IPv6 addresses derived from IPv4 public addresses. With 6to4, IPv6 sites and hosts can use 6to4-based addresses and the IPv4 Internet to communicate without having to obtain an IPv6 global address prefix from an Internet service provider (ISP), and then having to connect to the IPv6 Internet. For more information about 6to4, see Chapter 11, "Coexistence and Migration."

ISATAP

Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) is an address assignment and automatic tunneling mechanism. It allows IPv6/IPv4 nodes within an IPv4 infrastructure of a site to use IPv6 to communicate with each other and with nodes on an IPv6-enabled network, either within the site or the IPv6 Internet. For more information about ISATAP, see Chapter 11, "Coexistence and Migration."

6over4

6over4, also known as IPv4 multicast tunneling, is an automatic tunneling mechanism that allows IPv6/IPv4 nodes to communicate over an IPv4 multicast-enabled infrastructure with each other and with nodes on an IPv6-enabled network, either within the site or the IPv6 Internet. 6over4 uses the IPv4 infrastructure as a multicast-capable logical link. For more information about 6over4, see Chapter 11, "Coexistence and Migration."

PortProxy

PortProxy is a component of the IPv6 protocol for the Windows .NET Server 2003 family that functions as a TCP proxy to facilitate the communication between nodes or applications that cannot connect using a common Internet layer protocol (IPv4 or IPv6). By using PortProxy, IPv6-only nodes or applications can communicate with IPv4-only nodes or applications and vice versa. For more information about PortProxy, see Chapter 11, "Coexistence and Migration."

Temporary Addresses

To provide a level of anonymity when accessing Internet resources, the IPv6 protocol for the Windows .NET Server 2003 family creates temporary addresses containing randomly derived interface identifiers. Temporary addresses change over time, making it difficult to track someone's Internet usage based on their IPv6 address. For more information about temporary addresses, see Chapter 3, "IPv6 Addressing."

DNS Support

DNS support for IPv6 in the Windows .NET Server 2003 family consists of the following:

• The querying and processing of IPv6 host (AAAA) records in the DNS.
• The sending of DNS traffic over IPv6. DNS queries by default are sent using the well-known site-local IPv6 addresses of FEC0:0:0:FFFF::1, FEC0:0:0:FFFF::2, and FEC0:0:0:FFFF::3. You can also manually con-figure the IPv6 addresses of your IPv6-enabled DNS server by using the netsh interface ipv6 add dns command.
• The dynamic registration of IPv6 host (AAAA) records in the DNS over either IPv4 or IPv6.

The DNS Server service in the Windows .NET Server 2003 family supports the storage and dynamic registration of IPv6 AAAA records over both IPv4 and IPv6.

For more information about DNS support for IPv6, see Chapter 9, "IPv6 and Name Resolution."

IPSec Support

The IPv6 protocol for the Windows .NET Server 2003 family supports processing the AH by using the Message Digest 5 (MD5) hash, and the ESP by using the NULL ESP header and the MD5 hash. There is no support for ESP data encryption. IPSec in the IPv6 protocol for the Windows .NET Server 2003 family is separate from—and not interoperable with—IPSec for the IPv4 protocol. IPSec policies that are configured with the IP Security Policies or Group Policy snap-ins have no effect on IPv6 traffic.

IPSec in the IPv6 protocol for the Windows .NET Server 2003 family does not support the use of IKE to negotiate security associations (SAs). IPSec policies and SAs must be configured manually by using the Ipsec6.exe utility, as described in the section entitled "Ipsec6.exe" later in this chapter.

Static Router Support

A computer running a member of the Windows .NET Server 2003 family can act as a static IPv6 router that performs the following:

• Forwards IPv6 packets between interfaces based on the contents of the IPv6 routing table

  To enable an interface for forwarding, you must use the netsh interface ipv6 set interface InterfaceNameorIndex forwarding= enabled command. You can configure static routes with the netsh interface ipv6 add|set route commands. The Windows .NET Server 2003 family does not provide support for IPv6 routing protocols.

• Sends router advertisements

  The contents of router advertisements are derived automatically from routes in the routing table. To enable the sending of router advertisements on an interface, you must use the netsh interface ipv6 set interface interface=InterfaceNameorIndex advertise=enabled command.

Router advertisements always contain a source link-layer address option and an MTU option. The value for the MTU option is taken from the sending interface's current link MTU. You can change this value with the netsh interface ipv6 set interface interface=InterfaceNameorIndex mtu=Integer command.

A computer running a member of the Windows .NET Server 2003 family advertises itself as a default router (by using a router advertisement with a router lifetime other than zero) only if there is a default route that is configured to be published. To add a default route and publish it, you must use the netsh interface ipv6 add route ::/0 interface=InterfaceNameorIndex nexthop=Ipv6Address metric=Integer publish=yes command. For an example of how to configure a computer running a member of the Windows .NET Server 2003 family as a default router, see Appendix E, "Setting Up an IPv6 Test Lab."

Address Selection

In a DNS environment that contains both host address (A) and IPv6 hostaddress (AAAA) records, the result of a name query for a DNS name might be multiple addresses: zero or more IPv6 addresses and zero or more IPv4 addresses. Based on the configuration of the querying host, address selection rules determine which pair of addresses to use for the subsequent communication. The initiating host must determine which type of address (IPv4 vs. IPv6), and then the scope of the address (public vs. private for IPv4, and link-local vs. site-local vs. global vs. coexistence for IPv6).

You can view the default address selection rules for the IPv6 protocol for the Windows .NET Server 2003 family by using the netsh interface ipv6 show prefixpolicy command to display the prefix policy table. You can modify the prefix policy table by using the netsh interface ipv6 add|set|delete prefixpolicy commands. By default, IPv6 addresses in DNS query responses are preferred over IPv4 addresses.

For more information about address selection, see Chapter 11, "Coexistence and Migration."

Site Prefixes in Router Advertisements

Published on-link prefixes can be configured with a site prefix length. You can use the netsh interface ipv6 add|set route command to include a site prefix length with the address prefix. You can also use the netsh interface ipv6 set route interface=InterfaceNameorIndex siteprefixlength=Integer command to configure a site prefix length (the default length is 48). When a prefix information option in a router advertisement with a site prefix length is received, an entry is created in the site prefix table, which can be viewed by using the netsh interface ipv6 show siteprefixes command.