Canadian IT Professional Workshop

Canadian IT Professional Workshop


IPV6 Networking

Part 4-Configuring Network Connectivity

 

         B) Configure IPv6 Network Settings

            0) IPv6- Introduction to IPv6 networking

 

As we looked at IPv4 in the last section, it is a good idea to familiarise yourself with IPv6 before going into Windows 7 IPv6 networking.  Although IPv4 and IPv6 may sound similar, they are indeed very separate entities having completely different technologies

lf with IPv6 before going into Windows 7 IPv6 networking.  Although IPv4 and IPv6 may sound similar, they are indeed very separate entities having completely different technologies.

If you recall from the last section, IPv4 uses a single 32 bit dotted decimal notation scheme to represent an IP address. However IPv6 uses a completely different approach with a 128 bit hexadecimal scheme. As you probably are aware of, hexadecimal uses a base 16 numbering system with 0-9 and 10 represented by an A, 11 by a B and so on.

With this new IPv6 addressing scheme we now have a possible

340,282,366,920,938,463,463,374,607,431,768,211,456   IP addresses (or 2128).  With numbers like this you will definitely want to use your DNS servers as much as possible as it might have been easy to remember 192.168.5.1 with IPv4, it will be very much harder to remember something like fd00:012a:0000:0000:03a6:08d3:2300:a000

An IPv6 address is broken down into eight groups of 16 bits which is represented by 4 hexadecimal numbers. This makes each hexadecimal position four bits wide or one nibble. Each group is separated by a colon (:). This new format is called colon hexadecimal notation.

Although you can represent an entire IPv6 address in binary form, it would far too cumbersome. Instead I will just concentrate on the first group of num

bers to convert. This will be become self-evident later on. For this example I will use fd00 from the IPv6 address fd00:012a:0000:0000:03a6:08d3:2300:a000.

To begin, since I am using the first group I have to fill up 16 bits. To convert I can just use the following chart.

Decimal to hex to binary conversion chart 

So here we can see that

  • f=1111
  • d=1101
  • 0=0000
  • 0=0000

So to finish the conversion we would simply concatenate (or join) the binary numbers together, which would give us 1111 1101 0000 0000. It is important to note here however that even though the third and fourth hexadecimal numbers where zero, they still must occupy 4 bits each

When working with IPv6 addresses you can drop consecutive zero groups by replacing them with ::

So continuing our example, the IPv6 address fd00:012a:0000:0000:03a6:08d3:2300:a000 would become fd00:012a::03a6:08d3:2300:a000, which is getting a little bit more reasonable to read. However, you can only take out one group of consecutive zeros.

As well, leading zeros can be dropped in groups completely so fd00:012a::03a6:08d3:2300:a000 can become fd00:12a::3a6:8d3:2300:a000

IPv6 Address Types 

One big difference with IPv6 and IPv4 is that you can have multiple IPv6 addresses on the same interface. Unlike IPv4 where you set one address per interface, with IPv6 you can set even different types of address to a single interface.

IPv6 has three types of addresses

  1. Unicast- As the name implies this identifies a single interface. There are different types of unicast address as well.
  2. Multicast-This type of address identifies multiple interfaces. Traffic that is multicast is transmitted to all interfaces that are specified by within the address.
  3. Anycast-This type of address also identifies multiple interfaces. However traffic addressed to an anycast address is delivered to the nearest interface as indicated by the address. The nearest interface is also determined by number of hops.

 

Unicast addresses are the ones that you will most likely using the most of. They are four different types of unicast addresses, each with their own special properties.

Global Unicast Addresses-These addresses are globally routable across the Internet and most like the public address in IPv4. Global unicast addresses are identified by their first 3 bits which are 001. This would make an IPv6 address always start with either a 2 or 3 but in real world usage right now, they would always start with 2. The next 45 bits are called the Global Routing Prefix. This the rough equivalent to the network ID with IPv4. Next is the subnet which is 16 bits wide. It is important to note that the subnet (or routing structure) is not visible to the ISP.  The last section is the Interface ID which is 64 bits wide. The interface ID would be the equivalent of the host ID in IPv4. The Interface ID is sometimes derived from the 48 bit MAC address and inserting ff:fe after the first 24 bits (first half of MAC address).

A global unicast address can be summarised by the following diagram

 

A global unicast address can have a possible 35,184,372,088,832 or 245 different addresses. This represents 12.5 % or 1/8 of the available IPv6 addresses available.

Link Local- These addresses most resemble IPv4 APIPA addresses, unlike IPv4 APIPA however this is not a sign of a networking error as a link local is always configured even if there is a DHCP server servicing the subnet. A link local address can be identifies by a 10 bit fixed portion of 1111 1110 10 which equals fe8. The following 54 bits are all zeros followed by a 64 bit Interface ID. As you can see by the following illustration a local link address has no global routing prefix or a subnet, making it impossible to route

Site Local- These IP addresses are the next step up from link local IPs. Unlike link local IP addresses site local IP addresses can be routed beyond their own subnet, however they cannot be routed globally to the Internet. These IP addresses resemble the private IP addresses from IPv4. A site local IP address can be identified by a 10 bit fixed portion of 1111 1110 11 which equals fec. Following the fixed portion is a subnet of 54 bits and an interface ID of 64 bits.

Site local addresses have been depreciated and are not used much anymore.

As well link local and site local can reuse their IP address. Link local IP addresses can be reused on every different link, while site local IP addresses can reuse their IP addresses in every different site. While this makes logical sense in a way, it can be impossible to determine which site or link the IP address resides. To overcome this, a zone ID or scope ID is used. This is show in the format {IPv6 Address}%{zone ID}

For local link addresses the zone ID is usually the interface ID which the address is assigned to. For a site local, the ID is usually the site ID.

Unique Local-These addresses live up to their name as being unique as they can be local and or global in their scope. These addresses are identified by a 7 bit fixed portion of 1111 110.  However the 8th bit is a local flag used to determine if he address is local or not (a 1 means the address is local). This would give a unique local a staring value of fd or if the local flag is not set a value of fc. However as of this writing, a zero value for the local flag has not yet been defined and not been implemented. The next 40 bits would be the global ID followed by a subnet of 16 bits. The interface ID would have the usual 64 bits as well.

Other special types of addresses are the complete zero address which is refereed by ::. This can be used in a routing table as a catch all but would never be seen on an interface or a destination address.

Another special address is the loopback address which is ::1 is the equivalent of 127.0.0.1

Transitioning

Despite all the new address spaces available with IPv6, it still has very little penetration as of yet. One of the reasons is that all the network equipment and devices must be either upgraded or replaced to support IPv6 since IPv6 is not backward compatible with IPv4.

There are three basic types of nodes available on a network, most are self-explanatory.

  1. Ipv4 Only Node- Has only a single IPv4 stack and as such cannot use IPv6.  One of the biggest problems facing IPv6 is all the existing hardware that is not IPv6 compatible. This includes printers, scanners, routers and other network equipment.
  2. IPv6 Only Node- You won’t see very many of these around. These nodes do not support IPv4 at all
  3. IPv4/IPv6 Node-These have both an IPv4 and an IPv6 stack and are usually called dual stacks

There are a few different addresses available for transitioning from IPv4 to IPv6, they are

  1. IPv4 compatible address – These addresses are in the form of ::w.x.y.z where w.x.y.z is the IPv4 32 bit dotted decimal IP address. This used to IPv6/IPv4 nodes that are using IPv6 to communicate over an IPv4 only network. When the IPv4 compatible address is used as a IPv6 destination, all the IPv6 data is encapsulated within an IPv4 header and then sent over the IPv4 only network. This address form however is being depreciated and not used much anymore.
  2. IPv4 mapped address- This address is in the form of ::ffff:w.x.y.z and is used only to represent a IPv4 only node within a IPv6 network. It is never used for a source or destination address.
  3. Intra-site Automatic Tunnel Addressing Protocol (ISATAP)-These addresses have a form of either ::0:5efe:w.x.y.z for a private unicast address or ::200:5efe for a public unicast address. This is used by two IPv4/IPv6 nodes over an IPv4 only intranet node. ISATAP can be used with any unicast type address. For example a link local ISATAP address would be fe80::5efe:192.168.5.21
  4. 6to4 addresses- The addresses are in the form of 2002:wwxx:yyzz:: where wwxx:yyzz is the hexadecimal IPv4 dotted decimal equivalent. These addresses are used by IPv6 nodes to communicate over a IPv4 only network (usually the Internet)
  5. Teredo- These addresses are in the form of 2001:: and are used by IPv6 nodes to communicate over a IPv4 only network (again usually the Internet), even if they are behind a NAT.

 

Some examples of these addresses are

  • ::192.168.5.21 for a IPv4 compatible address
  • ::ffff:192.168.5.21 for a IPv4 mapped  address
  • ::0:5efe:192.168.5.21 for ISATAP,
  • 2002:c0a8:0515:: for 6to4 (c0a8:0515 is the hex equivalent of 192.168.5.21)
  •  2001:c0a8:0515:: for Teredo

 

Teredo

As with a lot of existing networks, IPv4 is usually going to be the only way to communicate over the Internet. This usually because the routers that are in use with existing network simply are not IPv6 capable. To enable IPv6 traffic in these scenarios then you use some alternative method. The method often used is Teredo; this is because Teredo can transverse a NAT while 6to4 translation cannot. In the following example I am going to setup a Teredo connection from scratch with a Windows 7 computer that is art of a domain. It is important to note that there are extra steps involved when using Teredo with a domain and if you are not part of a domain you will be able to skip those steps.

The first step is to ensure the Teredo adapter is installed on the system, by default on Windows 7 machines it is installed and enabled. To see whether or not the Teredo adapter is actually installed, start the device manager, click view and select show hidden devices. From there expand the network adapters. Here you should see the Microsoft Teredo adapter

Here however you can clearly see that the Teredo adapter is not installed, so we will have to install it manually. To install the Teredo adapter right click at the computer name under device manager and click add legacy hardware.

When the Add Hardware Wizard starts be sure to select the “Install the hardware that I manually select from a list option.”

Next from the list you want to select network adapters and then you will need to select Microsoft as the manufacturer and select Teredo Tunneling Adapter

From there it is a next, next and finish to add the adapter to the system.

Now we need to check the actual state of the Teredo adapter and this is done with at an elevated command prompt and using the command NetSh Interface Teredo Show State

Here we can see that the Teredo client is offline because it is in a managed (domain) network. What we need to do is change the client state from client to EnterpriseClient. This is done by NetSh Interface Teredo Set State EnterpriseClient.  This is only done if you are on a domain. If you are not on a domain skip this step.

  Now we have to assign a IPv6 address to the interface. We can’t just set any interface it needs to be a specific Teredo IP address. The one we need to use is 192.168.5.102, converted to a Teredo IP gives us 2001:c0a8:0566::. Now to assign the IP we use the NetSh Interface IPv6 Set Address “Local Area Connection” 2001:c0a8:0566::/48

Now we have to catch all IPv6 traffic and route it through the Teredo adapter, this is done by first getting the ID of the Teredo adapter by using the Route Print command and locating the Teredo tunneling adapter in the interface list. In this example we can see it is ID 22

Now to add the catch-all to route all Iv6 traffic through the Teredo adapter we will use NetSh Interface IPv6 Add Route ::/0 Interface=22 Metric=1

It is very important to include the metric since we are doing a catch-all for all IPv6. The metric is a statistical scale; in this case it ranks the routes starting from 0 onwards. If we don’t include the metric in the route then you take a chance that there is a route already in place that will override our catch-all since it may be ranked higher. I have had times where Teredo simply would not work because the metric was omitted.

Right now you should be able to ping ipv6.google.com and get a response. However you may run into name resolution problems with IPv6. This is due to the fact that the Teredo tunnel will only query DNS servers for the A records (IPv4) by default while IPv6 uses AAAA (quad A) records. To change this default you must create a new key at the registry location HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Parameters. The new key is called AddrConfigControl and it should have a value of 0.

The last setting you should be aware of is in group policy located at Computer Configuration\ Administrative Templates\ Network\ TCPIP Settings\ IPv6 Transition Technologies. The setting to change is Teredo Default Qualified and it should be set to enabled. This will keep Teredo from going to a dormant state when not in use.

If all goes well, you should be able to go to http://test-ipv6.com/ and see something like this

Congratulations ! You are now IPv6 ready !



©2019 OTT-Over The Top Entries (RSS) and Comments (RSS)  Raindrops Theme