You are here

Just the Facts

Here's a quick primer on the basics of IPv6.

Internet Protocol Version 6 is a suite of protocols designed to overcome the limitations of IPv4 and is integrated into the TCP/IP stack in Microsoft Windows Server 2008 and Vista. Features such as a large address space, simplified routing and built-in security make IPv6 a flexible and compelling choice.

Although complete reliance on the next-generation IP is some years away, IPv6 is becoming more prevalent in everyday computing scenarios. For systems administrators, this is evident in Server 2008, which comes with IPv6 enabled by default in the TCP/IP stack. If not properly configured, it could cause some headaches when installing Active Directory or Exchange.

Making the Leap

Server 2008 Release 2 has one must-have feature that will spur support for IPv6: DirectAccess lets remote users log on to domain controllers as if they were connected directly to an enterprise intranet, without the need to establish a virtual private network.

Reorganizations create some of the biggest challenges for IT departments, and the hurdles all begin at the network level during periods of coexistence, before networks are fully integrated. Because of the limited number of public IPv4 addresses, intranets commonly use Network Address Translation (NAT) to route traffic from private IPv4 address spaces to the Internet via a globally routable public IPv4 address. Yet there’s a high chance that any two organizations will be using the same private address space, so if a host on network A has the same private IPv4 address as a host on network B, traffic can’t be directly routed between the two devices.

Although this approach provides a solution for limited IPv4 addresses, many network protocols cannot easily be traversed across NAT interfaces or must be helped along their way with complicated workarounds. The IPv6 address space is so vast that every system connected to the Internet can be assigned a unique global address, meaning that there shouldn’t be any complex routing or renumbering problems when two networks need to be connected. Removing the connectivity restrictions imposed by IPv4 networks opens up the possibilities for new and more efficient applications to be developed along with reduced costs.

IPv6 Notation and Address Space

IPv6 has a 128-bit address space, which is divided into eight 16-bit blocks, providing 3.4 x1038, or 5.2x1028, addresses for each of the 6.5 billion people on the planet — a number so large it’s unlikely we’ll ever run out. IPv4 notation relies on decimal representation of binary numbers; IPv6 is a little more complicated in that it uses hex. Below you can see IPv6 addresses in binary form and its equivalent in standard hexadecimal notation:











The built-in calculator program in Windows can be used to convert binary to hex, or vice versa, if you switch the view to scientific (View menu > Scientific). Hex notation has a system for compressing zeros where contiguous 16-bit zero blocks are represented by a double colon. Leading zeros are also removed, either when writing or using the calculator. Our hex IPv6 address can therefore be reduced as follows: 2002:a00::260:1dff:fe22:5a85


When an IPv6 host receives an address automatically, regardless of whether there is an available DHCPv6 server or IPv6-capable router on the local network segment, all nodes establish link-local addresses and can communicate with each other. This is similar to Microsoft’s Automatic Private IP Addressing (APIPA) service, which is not native to IPv4, where clients set to automatic configuration will receive an address in the range through, should no Dynamic Host Configuration Protocol server be available. The scope of a link-local address is a single subnet, enabling hosts to create ad-hoc networks without any additional equipment or configuration and communicate with other hosts on the same network segment.

As link-local addresses can be reused on different links, they are additionally identified by what is known as a zone ID, which is derived from the interface index. When IPv6 is present on a given physical network adapter, it has at least two interfaces: a loopback address (::1) and a LAN interface. As interfaces are initialized on an IPv6 node, they are assigned a number, the interface index, starting with the loopback address at 1. Here’s an example of our IPv6 address with a zone ID of 4: 2002:a00::260:1dff:fe22:5a85%4

When using the ping command to test IPv6 connectivity, you should include the zone ID as shown in the example above, so ping knows which interface to send the traffic out of to reach the correct link. Confusingly, each IPv6 node on a link may use a different zone ID. You can view interface indexes on a given host using the netsh command: netsh interface ipv6 show interface

Global IPv6 addresses are equivalent to IPv4 public addresses, and their scope is the entire Internet. It’s important to understand that Internet service providers allocate IPv6 routing prefixes, usually 48 bits in length, as opposed to complete addresses. Sixteen bits remain for corporations to allocate to different subnets, the subnet ID, and 64 bits are left for interface IDs. IIDs can be derived automatically from the interface’s MAC address, in the case of stateless auto configuration; manually assigned; or allocated by a DHCPv6 server.

Figure 1

The global routing prefix and subnet ID make up the network ID. For instance, our hex IPv6 address would have a /64 prefix to indicate that the first 64 bits represent the network ID and the remaining 64 bits the IID: 2002:a00::260:1dff:fe22:5a85/64.

Unique local addresses (ULAs) are similar to IPv4 private addresses and are represented by FD00::/8. The first eight bits are fixed (FD) and the next 40 bits represent a randomly generated global ID. As with global IPv6 addresses, 16 bits remain for a subnet ID, and 64 bits for an IID.

Figure 2

Although it’s useful to understand the different types of IPv6 addresses, unless you’re creating ad-hoc networks or have no requirement for routing traffic outside a network, global addresses are the way to go when planning an IPv6 network.

Stateless and Stateful Configurations

Unlike IPv4, where an interface generally has one IP address, it’s normal for interfaces to be assigned different types of IPv6 addresses simultaneously. All interfaces configure a link-local address and might additionally acquire a ULA or global address.

Stateless configuration refers to the ability of an IPv6 interface to configure an IP address without the presence of a DHCPv6 server on the network segment. IPv6 compatible routers can be programmed to provide Vista with information about ULA or global address prefixes for generating temporary stateless addresses. Windows Server 2008 does not generate temporary stateless addresses by default. Routers can also be set to redirect IPv6 nodes to a DHCPv6 server to receive extra configuration options or non-link-local IP addresses. This is known as stateful configuration.

Sharing the Highway

IPv6 is backwards compatible with IPv4, and most network protocols need no modification to work over IPv6 networks. Exceptions are protocols that hard code IP addresses into their payload, such as the File Transfer Protocol.

Because a complete transition to IPv6 isn’t going to happen overnight, there are various tunneling protocols that facilitate IPv6 communications over existing IPv4 networks. Teredo wraps IPv6 packets in IPv4 User Datagram Protocol datagrams, allowing IPv6 to be used across IPv4 networks with NAT. 

Each host system is assigned a global IPv6 address, issued by a public Teredo server. Although Teredo can be used with most NAT devices, you should note that symmetric NAT is not supported. Microsoft’s Internet Connectivity Evaluation Tool can be used to test whether an XP or Vista host, located behind a NAT router, is able to establish an IPv6 connection tunneled using Teredo over IPv4.



Apr 09 2009