The IPv6 protocol for the Windows .NET Server 2003 family includes the following features:
The IPv6 protocol for the Windows .NET Server 2003 family supports standard IPv6 protocol stack functionality, including support for:
6to4 is a component of the IPv6 protocol for the Windows .NET Server 2003 family that allows automatic tunneling and IPv6 connectivity between IPv6/IPv4 hosts across the IPv4 Internet. 6to4 hosts use IPv6 addresses derived from IPv4 public addresses. With 6to4, IPv6 sites and hosts can use 6to4-based addresses and the IPv4 Internet to communicate without having to obtain an IPv6 global address prefix from an Internet service provider (ISP), and then having to connect to the IPv6 Internet. For more information about 6to4, see Chapter 11, "Coexistence and Migration."
Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) is an address assignment and automatic tunneling mechanism. It allows IPv6/IPv4 nodes within an IPv4 infrastructure of a site to use IPv6 to communicate with each other and with nodes on an IPv6-enabled network, either within the site or the IPv6 Internet. For more information about ISATAP, see Chapter 11, "Coexistence and Migration."
6over4, also known as IPv4 multicast tunneling, is an automatic tunneling mechanism that allows IPv6/IPv4 nodes to communicate over an IPv4 multicast-enabled infrastructure with each other and with nodes on an IPv6-enabled network, either within the site or the IPv6 Internet. 6over4 uses the IPv4 infrastructure as a multicast-capable logical link. For more information about 6over4, see Chapter 11, "Coexistence and Migration."
PortProxy is a component of the IPv6 protocol for the Windows .NET Server 2003 family that functions as a TCP proxy to facilitate the communication between nodes or applications that cannot connect using a common Internet layer protocol (IPv4 or IPv6). By using PortProxy, IPv6-only nodes or applications can communicate with IPv4-only nodes or applications and vice versa. For more information about PortProxy, see Chapter 11, "Coexistence and Migration."
To provide a level of anonymity when accessing Internet resources, the IPv6 protocol for the Windows .NET Server 2003 family creates temporary addresses containing randomly derived interface identifiers. Temporary addresses change over time, making it difficult to track someone's Internet usage based on their IPv6 address. For more information about temporary addresses, see Chapter 3, "IPv6 Addressing."
DNS support for IPv6 in the Windows .NET Server 2003 family consists of the following:
The DNS Server service in the Windows .NET Server 2003 family supports the storage and dynamic registration of IPv6 AAAA records over both IPv4 and IPv6.
For more information about DNS support for IPv6, see Chapter 9, "IPv6 and Name Resolution."
The IPv6 protocol for the Windows .NET Server 2003 family supports processing the AH by using the Message Digest 5 (MD5) hash, and the ESP by using the NULL ESP header and the MD5 hash. There is no support for ESP data encryption. IPSec in the IPv6 protocol for the Windows .NET Server 2003 family is separate from—and not interoperable with—IPSec for the IPv4 protocol. IPSec policies that are configured with the IP Security Policies or Group Policy snap-ins have no effect on IPv6 traffic.
IPSec in the IPv6 protocol for the Windows .NET Server 2003 family does not support the use of IKE to negotiate security associations (SAs). IPSec policies and SAs must be configured manually by using the Ipsec6.exe utility, as described in the section entitled "Ipsec6.exe" later in this chapter.
A computer running a member of the Windows .NET Server 2003 family can act as a static IPv6 router that performs the following:
To enable an interface for forwarding, you must use the netsh interface ipv6 set interface InterfaceNameorIndex forwarding= enabled command. You can configure static routes with the netsh interface ipv6 add|set route commands. The Windows .NET Server 2003 family does not provide support for IPv6 routing protocols.
The contents of router advertisements are derived automatically from routes in the routing table. To enable the sending of router advertisements on an interface, you must use the netsh interface ipv6 set interface interface=InterfaceNameorIndex advertise=enabled command.
Router advertisements always contain a source link-layer address option and an MTU option. The value for the MTU option is taken from the sending interface's current link MTU. You can change this value with the netsh interface ipv6 set interface interface=InterfaceNameorIndex mtu=Integer command.
A computer running a member of the Windows .NET Server 2003 family advertises itself as a default router (by using a router advertisement with a router lifetime other than zero) only if there is a default route that is configured to be published. To add a default route and publish it, you must use the netsh interface ipv6 add route ::/0 interface=InterfaceNameorIndex nexthop=Ipv6Address metric=Integer publish=yes command. For an example of how to configure a computer running a member of the Windows .NET Server 2003 family as a default router, see Appendix E, "Setting Up an IPv6 Test Lab."
In a DNS environment that contains both host address (A) and IPv6 hostaddress (AAAA) records, the result of a name query for a DNS name might be multiple addresses: zero or more IPv6 addresses and zero or more IPv4 addresses. Based on the configuration of the querying host, address selection rules determine which pair of addresses to use for the subsequent communication. The initiating host must determine which type of address (IPv4 vs. IPv6), and then the scope of the address (public vs. private for IPv4, and link-local vs. site-local vs. global vs. coexistence for IPv6).
You can view the default address selection rules for the IPv6 protocol for the Windows .NET Server 2003 family by using the netsh interface ipv6 show prefixpolicy command to display the prefix policy table. You can modify the prefix policy table by using the netsh interface ipv6 add|set|delete prefixpolicy commands. By default, IPv6 addresses in DNS query responses are preferred over IPv4 addresses.
For more information about address selection, see Chapter 11, "Coexistence and Migration."
Published on-link prefixes can be configured with a site prefix length. You can use the netsh interface ipv6 add|set route command to include a site prefix length with the address prefix. You can also use the netsh interface ipv6 set route interface=InterfaceNameorIndex siteprefixlength=Integer command to configure a site prefix length (the default length is 48). When a prefix information option in a router advertisement with a site prefix length is received, an entry is created in the site prefix table, which can be viewed by using the netsh interface ipv6 show siteprefixes command.