An Introduction to IPv6 in Windows Vista

1
An Introduction to IPv6 in Windows Vista

• How will it effect IT Professionals and their
  networks?
• Presented by Ed Horleyehorley_at_gmail.com
• Date November 2005

2
Agenda

• Why IPv6?
• Market forces pushing IPv6 adoption
• Shortcomings and challenges of IPv4
• Coexistence with IPv4
• IPv6 Addressing Overview

3
Agenda

• IPv6 in Windows Vista
• IPv6 deployment options
• Impact on IT Professionals
• Resource Links
• Question and Answers

4
Why IPv6?

• Mobility
• Mobile Operators using 3GPP UMTS / Internet
  Multimedia Services (IMS)
• Nokia, Motorola and others making use of mobile
  IPv6 in their devices
• Ad-hoc networks think police, fire and
  emergency services push to talk requirements

5
Why IPv6?

• Security
• Unlike IPv4, IPv6 has IPSec directly integrated
  into it
• Any IPv6 communication can automatically do
  authentication, message integrity and encryption
  or any combination of those
• Every host on an IPv6 network could, in theory,
  validate exactly who they are communicating with

6
Why IPv6?

• Addressing
• Address depletion for large network providers -
  think mobile operators, governments, universities
• Diverse address options
• Imagine 4.29 1020 IP addresses per every square
  inch of the earth, including the water

7
Why IPv6?

• What is unique about IPv6?
• Enables next generation network-based
  applications without additional expense or
  expertise using migration technologies
• Does not require wholesale network infrastructure
  replacement
• Does not require IPv4 networks to run IPv6
  infrastructure or routing protocols
• Global Addressing Pool is HUGE(IPv6 has 3.4
  1038 addresses)

8
Why IPv6?

• What is unique about IPv6?
• Eliminates the need for NAT
• Eliminates the need for private address space
  (RFC1918)
• Scales much better then IPv4
• IPSec is built in for secure host-to-host
  communication
• Mobile IPv6 is built in and does not require
  server side routing or gateway services

9
Market forces pushing IPv6 adoption

• Converged next generation networks that are doing
  Voice, Video and VPN services
• Peer-to-peer networks and n-tier computing
• Next generation ASPs

10
Market forces pushing IPv6 adoption

• Mobile Internet Services -  Internet Multimedia
  Services (IMS)
• End to end security requirements
• Auto configuration for home and mobile devices

11
Market forces pushing IPv6 adoption

• Rapid adoption of IPv6 in Japan, Korea, Taiwan,
  India and other Asian and Pacific Rim countries
  the US is lagging in IPv6
• It is a US Government Department of Defense
  requirement by 2008!
• Major technology companies like Cisco, Microsoft,
  Sun, Linux, BSD, Nokia are universally supporting
  IPv6 in their products

12
Shortcomings and challenges of IPv4

• Some current limitation of IPv4 include
• Network Address Translation deployments in
• Enterprises and some Service Providers
• SOHO and Home
• WiFi hotspot locations
• Mixed use of Public and Private IP Address Space
• Network based firewalls that prevent end-to-end
  session establishment

13
Shortcomings and challenges of IPv4

• Mobility is increasing in use and popularity but
  it is not supported in the infrastructure as a
  seamless solution
• Security solutions are point solutions or
  appliances that do not addresses the shortcomings
  of the protocol

14
Coexistence with IPv4

• There is NO requirement to change any
  infrastructure to support IPv6 in your existing
  IPv4 network they can coexist without issue
• Windows Vista will automatically use the
  appropriate IPv6 technology based on the network
  it discovers

15
Coexistence with IPv4

• Migration technologies allowing IPv6 to run on
  IPv4
• ISATAP (tunneling transition technology)
• 6to4 (tunneling transition technology)
• Teredo (NAT traversal technology)

16
Coexistence with IPv4

• Migration from IPv4 to IPv6 will take some time!
  Thats OK!
• Windows Vista can run with BOTH IPv6 and IPv4
  addressing at the same time
• Windows Vista runs IPv4 better then Windows XP or
  Windows Server 2003 due to new Dual IP layer
  architecture

17
IPv6 Addressing Overview

• IP Addresses are in hex format not decimal
• A sample IPv6 address
• fe805efec0a8ed01 (link local address)
• Hosts can have multiple IPv6 addresses depending
  on their requirements

18
IPv6 in Windows Vista

• IPv4 and IPv6 are side by side at the IP layer
  but have a universal TCP/UDP Transport layer
  above
• IPv6 will be used by default by Vista this is a
  good thing
• If you do not want to have IPv6 running on your
  network (explicitly turned off IPv6 that is) you
  will have to run some netsh commands to turn it
  off 1

19
IPv6 in Windows Vista

• Windows Vista supports both managed and unmanaged
  deployments
• Applications that are IPv6 aware will make use of
  the protocol automatically
• The new firewall and IPSec management tools for
  Vista all support IPv6 natively

20
Windows Vista - Native IPv6

• Native IPv6
• IPv6 native routing protocols are already
  supported by most vendors (Cisco, Juniper, and
  others) BGP, OSPF, RIPng, IS-IS
• Most are providing software upgrades to support
  native IPv6 deployments on existing hardware
  (Cisco IOS 12.3 mainline code has IPv6 support)
• Native deployment will become more desirable as
  more applications make use of IPv6

21
Windows Vista - Native IPv6

• Problems
• Most ISPs are not providing native IPv6
  transport
• In the US Hurricane Electric, Cable and
  Wireless, MCI and others
• Most firewalls are not currently supporting IPv6
  natively

22
Windows Vista ISATAP

• It is a standard IETF RFC 4214
• Intrasite Automatic Tunnel Addressing Protocol
• ISATAP is a tunneling technology
• Allows communication across an IPv4 intranet by
  tunneling IPv6 inside IPv4 packets

23
Windows Vista ISATAP

• Designed to allow companies to run IPv6
  internally
• Does NOT require any native IPv6 routers or
  routing protocols on the network
• Makes use of a single ISATAP router (Cisco router
  or Windows Server 2003 host) to specify a 64-bit
  prefix

24
Windows Vista ISATAP

• Makes use of a DNS entry to determine where the
  ISATAP router is located to get the prefix
• Can act as a router for IPv6 tunnels (6to4) and
  native IPv6 hosts
• ISATAP address configuration looks like
• lt64-bit prefixgt05efew.x.y.z
• w.x.y.z is a public or private IPv4 address
  assigned to the host

25
Windows Vista ISATAP

• IPv6 addresses consist of a site prefix the
  IPv4 address
• Example 3ffeffff12345678/64 is the prefix
• IPv4 address is 192.168.2..1
• IPV6 address is 3ffeffff123456785efe192.168
  .2.1

26
Windows Vista 6to4

• It is a standard IETF RFC 3056
• 6to4 is a tunneling technology
• Allows communication across the IPv4 Internet by
  tunneling IPv6 inside IPv4 packets

27
Windows Vista 6to4

• 6to4 addresses include IPv4 address information
• The prefix for 6to4 begins with 2002
• the remainder of the address is a colon separated
  hexadecimal notation of the IPv4 address
• Formatted like 2002wwxxyyzzwwxxyyzz
• wwxxyyzz is the public IP in hex format
• If there is a public IP address, Windows auto
  configures a 6to4 address using that public IP

28
Windows Vista 6to4

• Queries by default 6to4.ipv6.microsoft.com to
  obtain an IPv4 address of a 6to4 relay
  server/router
• It can also use the well known anycast IPv4
  address of 192.88.99.1 to obtain the closest 6to4
  relay server/router
• So an example IPv4 address would look like
• IPv4 address 207.213.246.1 is represented as
  cfd5f601 (convert decimal to hex)
• Its 6to4 address 2002 cfd5f601 cfd5f601

29
Windows Vista 6to4 and ISATAP
IPv6 Packet
IPv6 Header
Extension Headers
Upper Layer Protocol Data Unit
Encapsulation For ISATAP and 6to4
IPv6 Header
Extension Headers
Upper Layer Protocol Data Unit
IPv4 Header
IPv4 Packet
IPv4 header Protocol field set to 41
30
Windows Vista - Teredo

• Teredo provides IPv4 NAT traversal capabilities
  by tunneling IPv6 over the top of IPv4 using UDP
• Teredo provides IPv6 connectivity when behind an
  Internet IPv4 NAT device
• Is designed to be a universal method for NAT
  traversal for most types of NAT used
• Public Teredo prefix is not yet defined by IANA

31
Impact on IT Professionals

• Allows for exciting new services to be developed
• The promise of Ad-hoc networking is a reality
  with IPv6
• The ability to have true mobile IP, regardless of
  gateway or when moving from wired to wireless

32
Impact on IT Professionals

• The next generation in network computing
• Moving from client/server to
• n-tier computing and
• peer-to-peer computing
• Change in Enterprise practices
• Changes in IDS, Firewall, HIPS, NIPS, Proxy
  services, Packet Analysis, Security and IPSec
  Postures and Policies

33
Impact on IT Professionals

• Can I test with IPv6 now before Vista comes
  out?YES!
• Use Windows XP Pro SP2 or Windows Server 2003 to
  try out IPv6 on your network
• What do I need to do?Simply load the IPv6 stack
  and you ready to go!

34
Impact on IT Professionals
35
Impact on IT Professionals

• To configure IPv6 you need to make use of the
  netsh command

36
Resource Links

• Microsoft
• Cable Guy Article netsh commands to turn off
  IPv6
• http//www.microsoft.com/technet/community/columns
  /cableguy/cg1005.mspx
• Cable Guy Articles about IPv6
• http//www.microsoft.com/technet/community/columns
  /cableguy/cg0701.mspx
• http//www.microsoft.com/technet/community/columns
  /cableguy/cg0902.mspx
• http//www.microsoft.com/technet/community/columns
  /cableguy/cg1002.mspx
• http//www.microsoft.com/technet/community/columns
  /cableguy/cg0403.mspx
• http//www.microsoft.com/technet/community/columns
  /cableguy/cg0304.mspx
• http//www.microsoft.com/technet/community/columns
  /cableguy/cg0904.mspx
• http//www.microsoft.com/technet/community/columns
  /cableguy/cg0305.mspx

37
Resource Links

• Cisco
• IPv6 Reference Links
• http//www.cisco.com/en/US/products/ps6553/product
  s_ios_technology_home.html
• http//www.cisco.com/en/US/products/ps6553/prod_pr
  esentation_list.html
• IETF
• IPv6 Working Group
• http//www.ietf.org/html.charters/ipv6-charter.htm
  l

38
Resource Links

• General references
• IPv6 Forum
• http//www.ipv6forum.com/
• North American IPv6 Task Force
• http//www.nav6tf.org/
• California IPv6 Task Force
• http//www.cav6tf.org/
• Merit Networks Network Research and Technology
• http//www.merit.edu/nrd/projects/ipv6.html
• The NLANR Active Measurement Project
• http//watt.nlanr.net/IPv6/
• Moonv6
• http//www.moonv6.org/
• Internet Society
• http//www.isoc.org/

39
Questions and Answers
40
Contact Info

• Ed Horley ehorley_at_gmail.com
• Blog www.howfunky.com

41
About Ed Horley

• Ed Horley is a Sr. Network Engineer for j2 Global
  Communications, better known as eFax. Ed
  currently designs, supports and maintains j2's
  international and domestic collocation sites
  along with j2's core data center IP
  infrastructure. He is experienced in e-commerce
  web content delivery, large scale e-mail
  delivery, firewalls, IPSec VPN's, and specializes
  in routing, switching and DNS issues.
• Ed is a former Cisco Certified Network
  Professional (CCNP), a current Microsoft
  Certified Professional (MCP) and a current
  Microsoft Most Valuable Professional (MVP). He
  graduated from the University of the Pacific in
  1992 with a BS in Civil Engineering.
• When he is not playing on network gear you can
  find him out on the lacrosse field as an Umpire
  for Women's Lacrosse. He is currently married to
  his wonderful wife Krys and has two children,
  Briana and Aisha. He lives and works in Walnut
  Creek, CA.