The Internet is running out of IP addresses. To
resolve this problem, a relatively new technology is being deployed to
give us more addresses. This technology is IPv6 and is completely
integrated into Windows Server 2008 R2.
You might wonder why there is
need for more address space when good old IPv4 provides somewhere in
the range of four billion addresses. Unfortunately, there are over 6
billion people on the planet and, thus, not enough IP addresses for each
and every person. In this age of ever-advancing technologies and
Internet-enabled devices, it isn’t uncommon for a single individual to
utilize more than one IP address. For example, an individual might have
an Internet connection at home, a workstation in the office, an
Internet-enabled phone, and a laptop to use in a cafe. This problem will
only become more exacerbated as devices such as refrigerators and
coffeemakers become part of the wired world.
IPv6, Internet Protocol Version 6, not only brings a number of new features, such as integrated IPSec, QoS, stateless configuration,
and so on, but, more important, it will also provide over
340,000,000,000,000,000,000,000,000,000,000,000,000 unique
addresses—that’s 3.4 × 1038!
IPv6 provides a number of new features over IPv4: vastly
improved address space, improved network headers, native support for
auto address configuration, and integrated support for IPSec and QoS.
Windows Server 2008 R2’s
networking advances are mostly due to the new TCP/IP stack introduced
with IPv6 in Windows Server 2008. Highlighted in the following list are a
few of the features that are included with Windows Server 2008 R2,
derived from the new TCP/IP stack:
Dual IP layer architecture for IPv6—
Windows 2003 required a separate protocol to be installed to enable
IPv6 support; whereas in Windows Server 2008 R2, IPv6 is enabled and
supported by default. Windows Server 2008 R2 supports the new stack that
integrates IPv4 and IPv6, leveraging the fact that IPv4 and IPv6 share
common layers (transport and framing).
Windows Filtering Platform— All layers of the TCP/IP stack can be filtered, enabling Windows Filtering Platform to be more secure, stack integration.
Protocol stack off-load—
By off-loading TCP and/or other protocols to the Network Driver
Interface Specification (NDIS) miniport and/or network interface
adapters, performance improvements can occur on traffic-intensive
servers.
Restart-less configuration changes—
Leveraging the new TCP/IP stack’s ability to retain configuration
settings, server restarts to enable configuration changes are no longer
necessary.
In the United States,
IPv6 is quietly making its way into the mainstream by starting at the
edge. Broadband providers in California such as Comcast have already
implemented IPv6 for their customers. Countries like China with their
recent implementations have opted to move to IPv6 as a default.
Note
From an
implementation perspective, Microsoft Internet Acceleration Server (ISA)
2006 does not support IPv6. As a matter of fact, installing the IPv6
protocol stack on an ISA 2006 server is a security risk as it exposes
the server directly to the Internet. This has made it difficult for many
organizations to start deploying IPv6 in a meaningful way.
One of the few IPv6 ready applications is the DirectAccess technology introduced in Windows Server 2008 R2.
Going forward, Microsoft
Forefront Threat Management Gateway 2010 (TMG) fully supports IPv6 and
allows many organizations to step into the IPv6 world.
IPv6 Addressing
With
the increased address space, there is a change in the addressing. IPv6
is 128 bits, normally displayed in eight sets of four 16-bit hexadecimal
digits. Hexadecimal digits range from A through F and 0 through 9 (see Table 1).
Table 1. Number Conversion
| Decimal | Hexadecimal | Binary |
|---|
| 0 | 0 | 0000 |
| 1 | 1 | 0001 |
| 2 | 2 | 0010 |
| 3 | 3 | 0011 |
| 4 | 4 | 0100 |
| 5 | 5 | 0101 |
| 6 | 6 | 0110 |
| 7 | 7 | 0111 |
| 8 | 8 | 1000 |
| 9 | 9 | 1001 |
| 10 | A | 1010 |
| 11 | B | 1011 |
| 12 | C | 1100 |
| 13 | D | 1101 |
| 14 | E | 1110 |
| 15 | F | 1111 |
The reason for displaying
the digits in hexadecimal is to cut down on the length of the address.
For example, an IPv6 address in binary form would be as follows:
0010000000000001 0000110110111000
1111101110010010 0000000000000000
0000000000000000 0000000000000000
1001000111000010 0000000000010010
This makes for a very long address to have to type in. However, displayed in hexadecimal, the same address would be as follows:
FC00:0db8:fb92:0000:0000:0000:91c2:0012
This is much shorter. This can be abbreviated even more as the following:
These methods of
shortening the IPv6 address, such as the abbreviated form , help make the IPv6 addressing more manageable.
Still, this is a huge
change from the 32-bit IPv4 addressing, where an address would be
something like 172.16.1.11. Trying to remember 32 hexadecimal digits
versus 4 decimal numbers is a significant change, when DNS itself was
created so that users would not have to remember the 4 decimal numbers.
Comprehending IPv6 Addressing
Comprehending IPv6 addressing
can become a steep uphill challenge, as well as hard on the fingers due
to all the typing. The addresses are so long that abbreviation
mechanisms and conventions are used to ease the burden. However, this
makes learning the addressing that much more difficult.
Here are a few rules and tips
to assist with the future IPv6 change, as well as some conventions that
reduce the typing needed to enter the addresses:
IPv6 DNS records show as AAAA records (or quad A).
With
IPv6 prefixes, a / slash in IPv6 defines the network with addresses
(for example, fc00:db8:1234::/48 is
fc00:1234:5678:0000:0000:0000:0000:0000 through FC00:0db8:1234:FFFF:
FFFF: FFFF: FFFF: FFFF). Thus, FC00:db8:1234::/48 implies that the first
48 bits are assigned to the network portion of the address—4 bits for
each hexadecimal digit, visible or not, totaling 16 bits for each
segment and 48 bits for three segments. This leaves 80 bits remaining
out of a total of 128 bits in the address. 80 bits translates into five
groups of four hexadecimal digits. Because each hexadecimal digit
represents 4 bits, four multiplied by four, and then by five (for the
five groupings), makes 80. After you get the hang of it, it is similar
to dealing with “/24” being three groups of eight represented as
255.255.255.0 in IPv4.
With
IPv6 zero compression, consecutive groups of zeros can be subbed with a
double “:” (colon). This means that
FC00:db8:bc92:0000:0000:1293:91c2:0012 would be the same as
FC00:db8:fb92::1293:91c2:0012.
Note
The caveat is that there can
be only one double colon used in an IPv6 address to compress
consecutive groups of zeros. Otherwise, it would not be possible to
determine how many zeros were compressed.
RFC
2732 dictates that IPv6 address can be used in a URL syntax. As an
example, FBAC:FA9A:B6A54:3910:A81C:C1A8:B6A4:A2BB can be literally used
in a URL as long as it is enclosed in brackets [ and ], as seen in this
example: http://[FBAC:FA9A:B6A54:3910:A81C:C1A8:B6A4:A2BB].
Loopback for IPv6 is ::1. This might be the only case where an IPv6 address is shorter than the equivalent IPv4 address.
These conventions make it much easier to enter the addresses, if not quite as easy as IPv4 addresses.
Note
The fc00::/7 prefix is the
private reserved IPv6 address range. The private ranges in IPv6 are
called the unique local addresses (ULA) and are not globally routable.
This is equivalent to the 10.x.x.x, 172.16-31.x.x, and 192.168.x.x IPv4
private addresses.
The unique local address
range (fc00::/7) is further divided into 2 /8 address ranges. The first
is the fc00::/8 range, which is available for private use. The second is
the fd00::/8 range, which is to include a random 40-bit string. The
local link address is assigned the fe80::/10 range, which is from the
second range.
