Log In
Or create an account ->
Imperial Library
Home
About
News
Upload
Forum
Help
Login/SignUp
Index
Understanding IPv6, Third Edition
Dedication
A Note Regarding Supplemental Files
Foreword
Preface
Introduction
Who Should Read This Book
What You Should Know Before Reading This Book
Organization of This Book
Appendices of This Book
About the Companion Content
System Requirements
IPv6 Protocol and Windows Product Versions
A Special Note to Teachers and Instructors
Disclaimers and Support
Acknowledgments
Support & Feedback
Errata
We Want to Hear from You
Stay in Touch
1. Introduction to IPv6
Limitations of IPv4
Consequences of the Limited IPv4 Address Space
Features of IPv6
New Header Format
Large Address Space
Stateless and Stateful Address Configuration
IPsec Header Support Required
Better Support for Prioritized Delivery
New Protocol for Neighboring Node Interaction
Extensibility
Comparison of IPv4 and IPv6
IPv6 Terminology
The Case for IPv6 Deployment
IPv6 Solves the Address Depletion Problem
IPv6 Solves the Disjoint Address Space Problem
IPv6 Solves the International Address Allocation Problem
IPv6 Restores End-to-End Communication
IPv6 Uses Scoped Addresses and Address Selection
IPv6 Has More Efficient Forwarding
IPv6 Has Support for Security and Mobility
Testing for Understanding
2. IPv6 Protocol for Windows
Architecture of the IPv6 Protocol for Windows
Features of the IPv6 Protocol for Windows
Installed, Enabled, and Preferred by Default
Basic IPv6 Stack Support
IPv6 Stack Enhancements
GUI and Command-Line Configuration
Integrated IPsec Support
Windows Firewall Support
Temporary Addresses
Random Interface IDs
DNS Support
Source and Destination Address Selection
Support for ipv6-literal.net Names
LLMNR
PNRP
Literal IPv6 Addresses in URLs
Static Routing
IPv6 over PPP
DHCPv6
ISATAP
6to4
Teredo
PortProxy
IP-HTTPS
NAT64/DNS64
Group Policy Settings for Transition Technologies
Application Support
Application Programming Interfaces
Windows Sockets
Winsock Kernel
Remote Procedure Call
IP Helper
Win32 Internet Extensions
.NET Framework
Windows Runtime
Windows Filtering Platform
Windows Management Instrumentation Version 2
Manually Configuring the IPv6 Protocol
Configuring IPv6 Through the Properties of Internet Protocol Version 6 (TCP/IPv6)
General Tab
Advanced TCP/IP Settings
Configuring IPv6 with Windows PowerShell
Configuring Addresses
Adding Default Gateways
Adding DNS Servers
Configuring IPv6 with the Netsh.exe Tool
Configuring Addresses
Adding Default Gateways
Adding DNS Servers
Disabling IPv6
IPv6-Enabled Tools
Ipconfig
Route
Ping
Tracert
Pathping
Netstat
Displaying IPv6 Configuration with Windows PowerShell
Get-NetIPInterface -AddressFamily IPv6
Get-NetIPAddress -AddressFamily IPv6
Get-NetRoute -AddressFamily IPv6
Get-NetNeighbor -AddressFamily IPv6
Displaying IPv6 Configuration with Netsh
Netsh interface ipv6 show interface
Netsh interface ipv6 show address
Netsh interface ipv6 show route
Netsh interface ipv6 show neighbors
Netsh interface ipv6 show destinationcache
References
Testing for Understanding
3. IPv6 Addressing
The IPv6 Address Space
IPv6 Address Syntax
Compressing Zeros
IPv6 Prefixes
Types of IPv6 Addresses
Unicast IPv6 Addresses
Global Unicast Addresses
Link-Local Addresses
Zone IDs for Link-Local Addresses
Unique Local Addresses
Special IPv6 Addresses
Transition Addresses
Multicast IPv6 Addresses
Solicited-Node Address
Mapping IPv6 Multicast Addresses to Ethernet Addresses
Anycast IPv6 Addresses
Subnet-Router Anycast Address
IPv6 Addresses for a Host
IPv6 Addresses for a Router
Subnetting the IPv6 Address Space
Step 1: Determining the Number of Subnetting Bits
Step 2: Enumerating Subnetted Address Prefixes
Using the Binary Method
Using the Hexadecimal Method
Using the Decimal Method
IPv6 Address Allocation Strategies
IPv6 Interface Identifiers
EUI-64 Address-Based Interface Identifiers
IEEE 802 Addresses
IEEE EUI-64 Addresses
Obtaining Interface Identifiers for IPv6 Addresses
Converting IEEE 802 addresses to IPv6 interface identifiers
IEEE 802 address conversion example
Temporary Address Interface Identifiers
IPv4 Addresses and IPv6 Equivalents
References
Testing for Understanding
4. The IPv6 Header
Structure of an IPv6 Packet
IPv4 Header
IPv6 Header
Values of the Next Header Field
Comparing the IPv4 and IPv6 Headers
IPv6 Extension Headers
Extension Headers Order
Hop-by-Hop Options Header
Option Type Field
Pad1 Option
PadN Option
Jumbo Payload Option
Router Alert Option
Destination Options Header
Home Address Option
Summary of Option Types
Routing Header
Fragment Header
IPv6 Fragmentation Process
IPv6 Reassembly Process
Authentication Header
Encapsulating Security Payload Header and Trailer
IPv6 MTU
Upper-Layer Checksums
References
Testing for Understanding
5. ICMPv6
ICMPv6 Overview
Types of ICMPv6 Messages
ICMPv6 Header
ICMPv6 Error Messages
Destination Unreachable
Packet Too Big
Time Exceeded
Parameter Problem
ICMPv6 Informational Messages
Echo Request
Echo Reply
Comparing ICMPv4 and ICMPv6 Messages
Path MTU Discovery
Changes in PMTU
References
Testing for Understanding
6. Neighbor Discovery
Neighbor Discovery Overview
Neighbor Discovery Message Format
Neighbor Discovery Options
Source and Target Link-Layer Address Options
Prefix Information Option
Redirected Header Option
MTU Option
Route Information Option
Neighbor Discovery Messages
Router Solicitation
Router Advertisement
Neighbor Solicitation
Neighbor Advertisement
Redirect
Summary of Neighbor Discovery Messages and Options
Neighbor Discovery Processes
Conceptual Host Data Structures
Address Resolution
Address Resolution Example—Part 1
Address Resolution Example—Part 2
Neighbor Unreachability Detection
Neighbor Cache Entry States
Neighbor Unreachability Detection and Dead Gateway Detection
Duplicate Address Detection
Duplicate Address Detection Example—Part 1
Duplicate Address Detection Example—Part 2
Router Discovery
Router Discovery Example—Part 1
Router Discovery Example—Part 2
Redirect Function
Redirect Example—Part 1
Redirect Example—Part 2
Redirect Example—Part 3
Host Sending Algorithm
IPv4 Neighbor Messages and Functions and IPv6 Equivalents
References
Testing for Understanding
7. Multicast Listener Discovery and MLD Version 2
MLD and MLDv2 Overview
IPv6 Multicast Overview
Host Support for Multicast
Router Support for Multicast
Receive All IPv6 Multicast Traffic
Forward IPv6 Multicast Traffic
Receive and Process MLD or MLDv2 Multicast Listener Report and MLD Multicast Listener Done Messages
Query Attached Subnets for Host Membership Status
Communicate Group Membership to Other IPv6 Multicast Routers
MLD Packet Structure
MLD Messages
Multicast Listener Query
Multicast Listener Report
Multicast Listener Done
Summary of MLD
MLDv2 Packet Structure
MLDv2 Messages
The Modified Multicast Listener Query
MLDv2 Multicast Listener Report
Summary of MLDv2
MLD and MLDv2 Support in Windows
References
Testing for Understanding
8. Address Autoconfiguration
Address Autoconfiguration Overview
Types of Autoconfiguration
Autoconfigured Address States
Autoconfiguration Process
DHCPv6
DHCPv6 Messages
DHCPv6 Stateful Message Exchange
DHCPv6 Stateless Message Exchange
DHCPv6 Support in Windows
DHCPv6 Client
DHCPv6 Relay Agent
DHCPv6 Stateless and Stateful Server
IPv6 Protocol for Windows Autoconfiguration Specifics
Autoconfigured Addresses for the IPv6 Protocol for Windows
References
Testing for Understanding
9. IPv6 and Name Resolution
Name Resolution for IPv6
DNS Enhancements for IPv6
LLMNR
LLMNR Message Structure
Source and Destination Address Selection
Source Address Selection Algorithm
Destination Address Selection Algorithm
Fixing IPv6 Brokenness in Windows Server 2012 and Windows 8
Example of Using Address Selection
Name Resolution Support in Windows
Hosts File
DNS Resolver
DNS Server Service
DNS Dynamic Update
DNS Zone Transfers
Source and Destination Address Selection
LLMNR Support
Support for ipv6-literal.net Names
Peer Name Resolution Protocol
Name Resolution Policy Table
DNS Security Extensions
References
Testing for Understanding
10. IPv6 Routing
Routing in IPv6
IPv6 Routing Table Entry Types
Route Determination Process
Strong and Weak Host Behaviors
Example IPv6 Routing Table for Windows
The Get-NetRoute Command
The netsh interface ipv6 show route Command
The route print Command
End-to-End IPv6 Delivery Process
IPv6 on the Sending Host
IPv6 on the Router
IPv6 on the Destination Host
IPv6 Routing Protocols
Overview of Dynamic Routing
Routing Protocol Technologies
Distance Vector
Link State
Path Vector
Routing Protocols for IPv6
RIPng for IPv6
OSPF for IPv6
Integrated IS-IS for IPv6
BGP-4
Static Routing with the IPv6 Protocol for Windows
Configuring Static Routing with Windows PowerShell
Configuring Static Routing with Netsh
Configuring Static Routing with Routing and Remote Access
Dead Gateway Detection
References
Testing for Understanding
11. IPv6 Transition Technologies
Overview
Node Types
IPv6 Transition Addresses
Transition Mechanisms
Using Both IPv4 and IPv6
Dual IP Layer Architecture
Dual-Stack Architecture
IPv6-over-IPv4 Tunneling
DNS Infrastructure
Address Records
Pointer Records
Address Selection Rules
Tunneling Configurations
Router-to-Router
Host-to-Router and Router-to-Host
Host-to-Host
Types of Tunnels
Configured Tunnels
Automatic Tunnels
Traffic Translation
NAT64/DNS64
PortProxy
References
Testing for Understanding
12. ISATAP
ISATAP Overview
ISATAP Tunneling
ISATAP Tunneling Example
ISATAP Components
Router Discovery for ISATAP Hosts
Resolving the Name “ISATAP”
Using the ISATAP Router Name Group Policy Setting
Using the Set-NetIsatapConfiguration -Router Windows PowerShell Command
Using the netsh interface isatap set router Command
ISATAP Addressing Example
ISATAP Routing
ISATAP Communication Examples
ISATAP Host to ISATAP Host
ISATAP Host to IPv6 Host
Configuring an ISATAP Router
Example Using Windows PowerShell Commands
Example Using Netsh Commands
ISATAP in Windows Server 2012 and Windows 8
References
Testing for Understanding
13. 6to4
6to4 Overview
6to4 Tunneling
6to4 Tunneling Example
6to4 Components
6to4 Addressing Example
6to4 Routing
6to4 Support in Windows
6to4 Host/Router Support
6to4 Router Support
Automated 6to4 Router Configuration
Manual 6to4 Router Configuration
6to4 Communication Examples
6to4 Host to 6to4 Host/Router
6to4 Host to IPv6 Host
Network Monitor Capture
Example of Using ISATAP and 6to4 Together
Part 1: From ISATAP Host A to 6to4 Router A
Part 2: From 6to4 Router A to 6to4 Router B
Part 3: From 6to4 Router B to ISATAP Host B
References
Testing for Understanding
14. Teredo
Introduction to Teredo
Teredo Benefits
Teredo Support in Microsoft Windows
Teredo and Protection from Unsolicited Incoming IPv6 Traffic
Network Address Translators (NATs)
Teredo Components
Teredo Client
Teredo Server
Teredo Relay
Teredo Host-Specific Relay
The Teredo Client and Host-Specific Relay in Windows
Teredo Addresses
Teredo Packet Formats
Teredo Data Packet Format
Teredo Bubble Packets
Teredo Indicators
Authentication Indicator
Origin Indicator
Teredo Routing
On-Link Teredo Client Destinations
Intersite Teredo Client Destinations
IPv6 Internet Destinations
Windows-Based Teredo Server and Relay
Configuring a Teredo Server
Configuring a Teredo Relay
References
Testing for Understanding
15. IP-HTTPS
Introduction to IP-HTTPS
IP-HTTPS Traffic
IP-HTTPS Components
Establishing an IP-HTTPS Connection
IP-HTTPS Client Routing
Configuring IP-HTTPS Client Settings
IP-HTTPS Features in Windows Server 2012 and Windows 8
Summary
References
Testing for Understanding
16. NAT64/DNS64
Introduction to NAT64/DNS64
Limitations of NAT64/DNS64
How NAT64/DNS64 Works
Configuration Requirements for NAT64/DNS64
DNS Name Query and Response
Step 1: Initial Name Query
Step 2: Proxied Name Queries
Step 3: Name Query Responses
Step 4: Constructed Name Query Response
IPv6 Traffic from the IPv6-Only Node
Step 1: Initial Packet from the IPv6-Only Node
Step 2: Translated IPv4 Packet to the IPv4-Only Node
Step 3: Response IPv4 Packet from the IPv4-Only Node
Step 4: Translated Response Packet to the IPv6-Only Node
Configuring NAT64/DNS64 in Windows Server 2012
Summary
References
Testing for Understanding
17. IPv6 Security Considerations
IPv6 Security Considerations
Authorization for Automatically Assigned Addresses and Configurations
Recommendations
Prevention of Rogue IPv6 Routers
Recommendations
Protection of IPv6 Packets
Recommendations
Host Protection from Scanning and Attacks
Address Scanning
Port Scanning
Recommendations
Control of Tunneled Traffic on Your Intranet
Recommendations
Control of What Traffic Is Exchanged with the Internet
Recommendations
Summary
References
Testing for Understanding
18. DirectAccess
Overview of DirectAccess
How DirectAccess Uses IPv6
DirectAccess Client Traffic over the IPv4 Internet
DirectAccess Client Traffic over the Intranet
Force Tunneling
DirectAccess and IPv6 Routing
DirectAccess and the Role of IPsec
Encryption
Data Integrity
DirectAccess and the Role of the NRPT
NRPT Exemptions
Network Location Detection
Network Location Awareness
Network Location Detection Process
How DirectAccess Works
DirectAccess Client on the Intranet
DirectAccess Client on the Internet
Summary
References
Testing for Understanding
19. Deploying IPv6 on an Intranet
Introduction
Planning for IPv6 Deployment
Platform Support for IPv6
Application Support for IPv6
Network Management Infrastructure Support for IPv6
Unicast IPv6 Addressing Architecture
Tunnel-Based IPv6 Connectivity
ISATAP
6to4
Teredo
Manually Configured Tunnels
Disabling Tunneling Technologies
Other IPv6 Transition Technologies
Native IPv6 Connectivity
Unicast Routing
Multicast Routing
Name Resolution with DNS
Secure DNS Dynamic Updates and Non-Domain Joined Windows-Based Hosts
Native IPv6 Addressing Allocation
Host-Based Security and IPv6 Traffic
Controlled or Prioritized Delivery for IPv6 Traffic
Using Active Directory Sites and Services
Using Quality of Service
Deploying IPv6
Obtain Global Address Space
Set Up an IPv6 Test Network
Begin Application Migration
Inventory Your Applications
Scope the Work and Schedule Application Migration
Configure DNS Infrastructure to Support AAAA Records and Dynamic Updates
Upgrade IPv4-Only Hosts to IPv6/IPv4 Hosts
Begin Deploying a Native IPv6 Infrastructure
Connect Portions of Your Intranet over the IPv4 Internet
Connect Portions of Your Intranet over the IPv6 Internet
Summary
References
Testing for Understanding
20. IPv6 on the Microsoft Corporate Network
Introduction
Characteristics of the Microsoft Corpnet
History of IPv6 in Microsoft
2001: Starting Out
2002–2004: Expansion
2005–2006: Enabling the Enterprise Backbone
2007–2010: Handling Growth
Deployment Philosophy
Current Deployment of IPv6 on the Microsoft Corpnet
Short and Long-Term Plans for IPv6 on the Microsoft Corpnet
Deployment Details
Addressing Plan and Routing Infrastructure
DirectAccess
Security for IPv6 Traffic on the Microsoft Corpnet
Deployment Planning and Recommendations
Overall Planning
Determine the Business Need
Determine the IPv6 Technology Gaps That Exist Across Your Entire Infrastructure
Train Operations Staff
Deployment Recommendations
Use Native IPv6 over IPv6 Transition Technologies
Configure Active Directory Sites and Services for IPv6 Subnets
Deprecate the Use of WINS
Summary
Testing for Understanding
A. IPv6 RFC Index
General
Addressing
Applications
Sockets API
Transport Layer
Internet Layer
Network Layer Security
Link Layer
Routing
IPv6 Transition Technologies
B. Testing for Understanding Answers
Chapter 1: Introduction to IPv6
Chapter 2: IPv6 Protocol for Windows
Chapter 3: IPv6 Addressing
Chapter 4: The IPv6 Header
Chapter 5: ICMPv6
Chapter 6: Neighbor Discovery
Chapter 7: Multicast Listener Discovery and MLD Version 2
Chapter 8: Address Autoconfiguration
Chapter 9: IPv6 and Name Resolution
Chapter 10: IPv6 Routing
Chapter 11: IPv6 Transition Technologies
Chapter 12: ISATAP
Chapter 13: 6to4
Chapter 14: Teredo
Chapter 15: IP-HTTPS
Chapter 16: NAT64/DNS64
Chapter 17: IPv6 Security Considerations
Chapter 18: DirectAccess
Chapter 19: Deploying IPv6 on an Intranet
Chapter 20: IPv6 on the Microsoft Corporate Network
C. Setting Up an IPv6 Test Lab
IPv6 Test Lab Setup
Hardware and Software Requirements
Steps for Configuring the IPv6 Test Lab
Step 1: Set Up the Base Configuration Test Lab
Step 2: Configure the Test Lab for the Corpnet2 Subnet
Configure DC1
Configure EDGE1
Configure APP1
Verify IPv4 Connectivity to the Corpnet2 Subnet
Step 3: Demonstrate Default IPv6 Connectivity
Demonstrate Default IPv6 Configuration and Link-local Connectivity on the Same Subnet
Demonstrate Link-local Connectivity Between Subnets
Step 4: Demonstrate ISATAP-Based IPv6 Connectivity
Configure ISATAP for the Contoso Intranet
Demonstrate ISATAP Connectivity on the Contoso Intranet
Step 5: Demonstrate Native IPv6 Connectivity
Remove ISATAP Connectivity
Configure Native IPv6 Connectivity
Demonstrate Native IPv6 Connectivity
Step 6: Demonstrate 6to4-Based Connectivity
Configure 6to4-Based Connectivity
Demonstrate 6to4-Based Connectivity
Snapshot the Configuration
Additional IPv6 Test Lab Exercises
Demonstrate DHCPv6
Configure DC1 as the DHCPv6 Server
Demonstrate the Use of DHCPv6 by CLIENT1
Restore the IPv6 Test Lab
Demonstrate DNS Zone Transfers over IPv6
Configure APP1 as a DNS Server
Demonstrating DNS Zone Transfers over IPv6
Restore the IPv6 Test Lab
Demonstrate an IPv6-Only Environment
Configure and Demonstrate an IPv6-Only Intranet
Restore the IPv6 Test Lab
D. IPv6 Reference Tables
E. Link-Layer Support for IPv6
Basic Structure of IPv6 Packets
LAN Media
Ethernet: Ethernet II
Network Monitor Capture
Ethernet: IEEE 802.3 SNAP
IEEE 802.11
Frame Control Field
Token Ring: IEEE 802.5 SNAP
FDDI
WAN Media
PPP
X.25
Frame Relay
ATM: Null Encapsulation
ATM: SNAP Encapsulation
IPv6 over IPv4
References
F. Windows Sockets Changes for IPv6
Added Constants
Address Data Structures
in6_addr
sockaddr_in6
sockaddr_storage
Wildcard Addresses
in6addr_loopback and IN6ADDR_LOOPBACK_INIT
Core Sockets Functions
Name-to-Address Translation
Address-to-Name Translation
Using getaddrinfo
Address Sorting
Address Conversion Functions
Socket Options
New Macros
References
G. Mobile IPv6
Overview
Mobile IPv6 Components
Mobile IPv6 Transport Layer Transparency
Mobile IPv6 Messages and Options
Mobility Header and Messages
Type 2 Routing Header
Home Address Option for the Destination Options Header
ICMPv6 Messages for Mobile IPv6
Home Agent Address Discovery Request
Home Agent Address Discovery Reply
Mobile Prefix Solicitation
Mobile Prefix Advertisement
Modifications to Neighbor Discovery Messages and Options
Modifications to the Router Advertisement Message
Modified Prefix Information Option
Advertisement Interval Option
Home Agent Information Option
Mobile IPv6 Data Structures
Binding Cache
Binding Update List
Home Agents List
Correspondent Registration
Return Routability Procedure
Detecting Correspondent Nodes That Are Not Mobile IPv6–Capable
Mobile IPv6 Message Exchanges
Data Between a Mobile Node and a Correspondent Node
Indirect Delivery via the Home Agent
Direct Delivery
Binding Maintenance
Home-Agent Binding Maintenance
Correspondent Node Binding Maintenance
Home Agent Discovery
Mobile Prefix Discovery
Mobile IPv6 Processes
Attaching to the Home Link
Moving from the Home Link to a Foreign Link
Attaching to the Foreign Link
Mobile Node Initiates Communication with a New Correspondent Node
A New Correspondent Node Communicates with a Mobile Node
A Node on the Home Link Communicates with the Mobile Node
Mobile Node Changes Its Home Address
Moving to a New Foreign Link
Returning Home
Mobile IPv6 Host Sending Algorithm
Mobile IPv6 Host Receiving Algorithm
References
H. Teredo Protocol Processes
Initial Configuration for Teredo Clients
Network Monitor Capture
Maintaining the NAT Mapping
Initial Communication Between Teredo Clients on the Same Link
Initial Communication Between Teredo Clients in Different Sites
Cone NAT
Restricted NAT
Initial Communication from a Teredo Client to a Teredo Host-Specific Relay
Cone NAT
Restricted NAT
Initial Communication from a Teredo Host-Specific Relay to a Teredo Client
Cone NAT
Restricted NAT
Initial Communication from a Teredo Client to an IPv6-Only Host
Cone NAT
Restricted NAT
Initial Communication from an IPv6-Only Host to a Teredo Client
Cone NAT
Restricted NAT
References
Glossary
Index
About the Author
Copyright
← Prev
Back
Next →
← Prev
Back
Next →