IT Know-It-All

Most of these caveats are really with the software specified and not IPv6 itself:

• Windows XP natively supports IPv6, but it does not provide its IPv6 address to DDNS and cannot use IPv6 for file sharing, remote desktop or name resolution transport.
• Windows Server 2003 natively supports IPv6, but it cannot use IPv6 for file sharing, terminal services or DNS transport.
• There is no general-purpose IPv6-to-IPv4 or IPv4-to-IPv6 translator, although application-specific proxies like multihomed DNS resolvers and web proxies can be implemented

Here are some things you can’t yet do with IPv6:

• PXE Boot: There is no Preboot eXecutable Environment boot standard for IPv6 yet, and one will need to be developed before the ability makes its way into boot firmware.
• NAT: Network Address Translation was created to slow down IPv4 address exhaustion, so it is not needed for IPv6. However, many users seem to think that NAT enhances security (I largely disagree), and some have tried to develop a form of NAT during the IPv4-to-IPv6 transition phase so a group of IPv4-only hosts might communicate over a NAT device with IPv6-only hosts. But the transition NAT attempts have run into problems and aren’t considered general-purpose transition solutions. Ideally all hosts on the internet can directly address each other, so NAT should disappear with IPv4.
• WINS: Windows Internet Name Service maps NetBIOS names to IPv4 addresses, but Microsoft has moved to DNS for client-server name resolution and is developing PNRP for peer name resolution. Do not expect WINS to be implemented for IPv6 name resolution or to use IPv6 to transport queries.

There is a chicken-and-egg problem with getting people to migrate to IPv6, but IPv6 shouldn’t scare anyone who is familiar with IPv4.

Notation

IPv4 is notated four dotted decimal-formatted octets (value of 0-255), such as 192.168.5.34 . IPv6 is formatted in hexadecimal with colon separators every two bytes: 2001:db8:0000:0000:0000:0000:0000:0001 . It is fine to leave out leading zeros in each set: 2001:db8:0:0:0:0:0:1 . For one run of zeros, two colons can represent them all: 2001:db8::1 . You can’t use two double colons because the value of the number could not then be determined. Since colons are reserved characters many placed you might want to use a literal address, IPv6-aware programs accept bracketed literal IPs: [2001:db8::1] . Hexadecimal formatting is helpful in conjunction wtih CIDR netmask notation as each hex digit is 4 bits, and each set of numbers between colons (including leading zeroes) is 16 bits. ::1 is the IPv6 equivalent to 127.0.0.1 . :: is the equivalent to 0.0.0.0 . ff02::1 is the closest analog to 255.255.255.255, but IPv6 uses multicasts instead of broadcasts, so various protocols may have their own multicast address rather than this “all nodes” link-local multicast address.

Routing and Subnets

Both IPv4 and IPv6 use CIDR notation for routing. It’s just that we now have 128 bits instead of 32. The smallest subnet you should see is a /64 which leaves the last 64 bits for the host address. This may sound huge, but it is intended to leave room for 64-bit globally unique identifiers. In fact stateless autoconfiguration transliterates the 48-bit MAC into a unique 64-bit Extended Unique Identifier to act as the host portion of the address. (Actually it is 63-bit since bit 7 is reserved as a flag indicating whether the EIU-64 is globally unique or not.) So far the trend seems to be to assign end users blocks of /48. Again, this may sound huge, but the goal is for a hierarchical routing system. A /48 gives a consumer 65,536 network prefixes of /64 size, so they can grow a lot and not need an unmatched block that will complicate core routing tables.

Local Addressing

Network interface MAC addresses play a big role in local communication in both protocols. In IPv4 the ARP protocol resolves physical addresses for a given IP address. In IPv6 this is replaced by the Neighbor Discovery Protocol (NDP) which finds link-local neighbors as well as listens for router advertisements and has some other enhancements over ARP. NDP does not use MAC directly, but each IPv6 host has a link-local address whose scope is limited to the physical subnet. The end user will not use this address, but the inner workings of IPv6 use this address extensively in communicating over the link.

The IPv6 link-local communication is analagous to IPv4’s reserved 169.254.0.0/16 range of autoconfiguration addresses. An IPv4 host may assign itself an IP from this range if it has no other configuration guidance, but it can only communicate on the local subnet. On Ethernet networks the IPv6 link-local address is based on a transliteration of the 48-bit MAC, so each MAC will result in one unique global 64-bit host address following a network prefix of fe80::/10 . Future network interfaces may have 64-bit identifiers, and IPv6 is ready for them. The analog to “arp -a” is to show the neighbors; in Windows this is “netsh interface ipv6 show neighbors”; in Linux this can be “ip neigh show”. This will generally show you the public addresses and not the link-local addresses.

If you find yourself needing or wanting to ping or otherwise access a link-local address, you may have to specify a scope. I generally haven’t needed to use link-local addresses, but when toying around I had trouble pinging one until I specified the scope. In Windows you do this by appending a percent sign and number at the end of the address. The number is the interface number to specify the ping will happen on that interface. An example: “ping fe80::214:d1ff:fe1a:a533%11″. You may also notice these scope designations when reviewing “ipconfig /all”. The number is the index number of the interface as shown in “netsh interface ipv6 show interfaces”.

Private Addressing

The private address ranges of 10.0.0.0/8, 192.168.0.0/16 and 172.16.0.0/12 were originally set aside for private networks. With the popularity of NAT many people will recognize these address ranges as their home or work LAN addresses. Although IPv6 should eliminate the need for NAT, there may still be the desire for private IPv6 networks. Unique Local Addressing defines the fc00::/7 prefix for private use. A site should be assigned a prefix of fcrr:rrrr:rrrr::/48 with the “r”s being a random 40-bit number. This is to avoid everybody using the same private addressing so there is no ambiguity when merging private networks, connecting private networks with VPN or having a mobile device move between private networks. If you want a private IPv6 address for your home LAN or lab, this is what you are supposed to use.

Site-local addressing is now deprecated, but you might see private addresses of the fec0::/10 block.

Unicast, Broadcast, Multicast

IPv4 can do all of these, but unicasting and broadcasting make up the vast majority of IPv4 communication. IPv6 does not have the concept of broadcasting. Instead multicasting is used extensively to address a set of hosts. Multicast addresses begin with ff00::/8 and have a few bits to designate scope. The multicast can be link-local, site-local or a number of other scopes.

Application Support

The APIs for IPv4 typically work for IPv6 since their use is quite similar, so in theory the applications would not need to be changed to work over IPv6. But applications that input or store literal addresses may need to be updated to store and parse literal IPv6 addresses. Protocols such as SMB that store the source or destination address in their packets need to be updated to support IPv6 addressing or to avoid storing the address in the transported packets. (CIFS, the successor to SMB, works over IPv6.)

Since IPv6 eliminates the need for NAT, many applications will be improved. VoIP and network gaming will no longer need to rely on UPnP  or connection brokers since they will be able to directly address any other host on the internet.

Over and over again I see IPv6 touted as being designed to handle 2^128 hosts, but this is not correct. Sure, that’s how long the address is, but to say that its capacity is 2^128 is missing the whole point.

Let’s look back at IPv4’s design. It has a 32-bit address, but it is divided into a network address and host address. Which portion of the address is network and which is the host is specified by the network mask. There were three different network sizes specified: A, B and C. As the internet became more populated there were problems with assigning network address blocks and routing them properly, so they switched to classless inter-domain  routing where more specific network sizes could be specified and assigned. This helped delay address exhaustion, but it made routing more cumbersome because there was no organization to which network address might be on which router, so the routing tables grew large and the routers spend more time figuring out where to send data.

With IPv6 we are still dividing the whole address into a network address and a host address, but this time they have made the address space large enough so the host address can always be the same size, and the network address can be routed in a much more efficient hierarchical fashion. People used to IPv4 seem to think that IPv6 assignments waste colossal amounts of addresses, but the aim is to have a globally unique host address plus a network address scope that will simplify routing for the foreseeable future and beyond.

The last 64 bits of an IPv6 address is the host address, and it ideally will be globally unique. Bit 7 is a flag to indicate whether the address is globally unique or not, so the host address portion has 2^63 globally unique addresses and 2^63 non unique addresses. Human-assigned addresses like 2001:db8::1 and 2001:db8::dead:beef aren’t likely to inadvertently set bit 7 to 1. Unique host addresses are EIU-64 addresses which are basically a longer MAC address. In fact IPv6 autoconfiguration transforms the 48-bit MAC address to a unique 64-bit EIU-64 address.

Every subnet should be a /64, meaning it should have a 64-bit network address and 64-bit host address. (Network mask is /64 or ffff:ffff:ffff:ffff:0000:0000:0000:0000). One could specify and route  smaller subnets, but it would break IPv6 autoconfiguration and go against the design of globally unique host addressing. If you have a larger block of addresses assigned—say a /48 like many tunnel brokers assign—still only use one /64 out of it for each subnet, or again autoconfiguration is broken, and have you really already used up 2^63 or 2^64 addresses on that subnet? I didn’t think so.

Aside from the larger address space, IPv6 behaves much like IPv4. Some of the specifics look different but have analogous functions between them. For now I’ll cover some of the more basic differences an end user might notice.

People are intimidated by the long addresses, as if 192.168.254.3 was short and intuitive back in the day. Really, how often does one type in an IP address? And how often are you not able to cut and paste it with a mouse? Moreover, there are multiple peer name resolution protocols (Apple bonjour, MS PNRP) that should further reduce the need to type in IP addresses. However, if you should find the need to type one in, you might need to enclose it in brackets when entering it in a web browser or other application, because the colon has special meaning. e.g. http://[2001:db8::1]/ or http://[2001:db8::1]:8080/ .

Linux ping utilities only work for IPv4, but they have ping6 and traceroute6 to use with IPv6 whether you’re typing in the address or a name. Windows commands will work with either but have a -6 switch if you want to force IPv6 or -4 to force IPv4.

When looking at your IPv6 IP address you will likely find you have several, and certainly at least two. I will elaborate in another post, but for now be aware there may be link local addresses which are effectively local MAC addresses, the public address, possibly one or more “privacy” addresses, 6to4 addresses and  Teredo addresses. In Windows you’re usually wanting the “IPv6 Address” line listed under your main network adapter. In Linux you have fewer by default and want to pick the one not starting with fe80: through febf: .

Operating systems and applications have varying support for IPv6. Windows XP and newer have native IPv6, Windows Vista and newer has it enabled by default. Modern Linux distributions support IPv6 and may or may not have it enabled by default.

Windows XP cannot use IPv6 for file sharing or remote desktop, but Vista and Windows 7 can. Some applications would be capable of using IPv6 but don’t recognized IPv6 addresses when you type them in. It can be hit and miss, but basic operating system support is pretty well established, and more and more applications are learning to accept and look up IPv6 addresses.