IPV6

4-1

Module 4 Configuring and Troubleshooting IPv6 TCP/IP

Contents: Lesson 1: Overview of IPv6 4-3

Lesson 2: IPv6 Addressing 4-12

Lesson 3: Coexistence with IPv6 4-22

Lesson 4: IPv6 Transition Technologies 4-28

Lab A: Configuring an ISATAP Router 4-35

Lesson 5: Transitioning from IPv4 to IPv6 4-41

Lab B: Converting the Network to Native IPv6 4-46

4-2 Configuring and Troubleshooting a Windows Server® 2008 Network Infrastructure

Module Overview

Support for Internet Protocol version 6 (IPv6), a new suite of standard protocols for the Internet’s Network layer, is built into Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2.

IPv6 is a technology that will help ensure that the Internet can support a growing user base and the increasingly large number of IP-enabled devices. The current Internet Protocol Version 4 (IPv4) has served as the underlying Internet protocol for almost thirty years. Its robustness, scalability, and limited feature set is now challenged by the growing need for new IP addresses, due in large part to the rapid growth of new network-aware devices.

Objectives After completing this module, you will be able to:

• Describe the features and benefits of IPv6.

• Implement IPv6 addressing.

• Implement an IPv6 coexistence strategy.

• Describe and select a suitable IPv6 transition solution.

• Transition from IPv4 to IPv6.

• Troubleshoot an IPv6-based network.

Configuring and Troubleshooting IPv6 TCP/IP 4-3

Lesson 1 Overview of IPv6

IPv6 is becoming more common, but while adoption is slow, it is important to understand how this technology affects current networks and how to integrate IPv6 into those networks. The following lesson will cover the benefits of IPv6 and how it compares with IPv4.

Objectives After completing this lesson, you will be able to:

• Describe the benefits of IPv6.

• Describe the differences between IPv4 and IPv6.

• Describe the IPv6 address space.

• Convert between binary and hexadecimal.


Benefits of IPv6

The IPv6 protocol provides the following benefits:

• Large address space: A 32-bit address space allows for 2^32 or 4,294,967,296 possible addresses; a 128-bit address space allows for 2^128 or 340,282,366,920,938,463,463,374,607,431,768,211,456 (or 3.4x10^38 or 340 undecillion) possible addresses.

• Hierarchical addressing and routing infrastructure: The IPv6 address space is designed to be more efficient for routers, which means that even though there are many more addresses, routers can process data much more efficiently because of address optimization.

• Stateless and Stateful address configuration: IPv6 has auto-configure capability without a Dynamic Host Configuration Protocol (DHCP), and it can discover router information so that hosts can access the Internet; this is a Stateless address configuration. A Stateful address configuration is when you use the DHCPv6 protocol. Stateful configuration has two additional configuration levels: one in which DHCP provides all the information, including the IP address and configuration settings, and another that provides just configuration settings.

• Required support for IPsec: The IPv6 standards require support for the AH and ESP headers that are defined by IPsec. Although support for specific IPsec authentication methods and cryptographic algorithms are not specified, IPsec is defined from the start as the way to protect IPv6 packets.

• Restores end-to-end communication: The global addressing model for IPv6 traffic means that translation between different types of addresses is not needed, such as the translation done by NAT devices for IPv4 traffic. This simplifies communication because you do not need to use NAT devices. For example, video conferencing and other peer to peer applications.

• Prioritized delivery: IPv6 contains a field in the packet that allows network devices to determine that the packet should be processed at a specified rate; this allows traffic prioritization. For example, when you are streaming video traffic, it is critical that the packets arrive in a timely manner. You can set this field to ensure that network devices determine that the packet delivery is time-sensitive.


• Support for single-subnet environments: IPv6 has much better support of automatic configuration and operation on networks consisting of a single subnet. You can use this to create temporary ad-hoc networks through which you can connect and share information.

• Extensibility: IPv6 has been designed so that you can extend it with much fewer constraints than IPv4.


Differences Between IPv4 and IPv6

When the IPv4 address space was designed, it was unimaginable that it could be exhausted. However, due to changes in technology and an allocation practice that did not anticipate the explosion of Internet hosts, the IPv4 address space became so consumed that by 1992, it was clear that a replacement would be necessary. With IPv6, it is hard to conceive that the IPv6 address space will be consumed.

The decision to make the IPv6 address 128 bits in length was designed so it can be subdivided into hierarchical routing domains that reflect the modern-day Internet’s topology. The use of 128 bits allows for multiple levels of hierarchy and flexibility in designing hierarchical addressing and routing that is currently lacking on the IPv4-based Internet.

Note The IPv6 addressing architecture is described in Request for Comments (RFC) 4291.

IPv4 and IPv6 Comparison

The following table highlights the differences between IPv4 and IPv6:

IPv4 IPv6

Source and destination addresses are 32 bits (4 bytes) in length.

Source and destination addresses are 128 bits (16 bytes) in length.

IPsec support is optional. Support for IPsec headers and trailers is required.

No identification of packet flow for Quality of Service (QoS) handling by routers is present within the IPv4 header.

Packet-flow identification for QoS handling by routers is included in the IPv6 header using the Flow Label field.

Fragmentation is done by both routers and the sending host.

Fragmentation is not done by routers, only by the sending host.


(continued)

IPv4 IPv6

Header includes a checksum. Header does not include a checksum.

Header includes options. All optional data is moved to IPv6 extension headers.

Address Resolution Protocol (ARP) uses broadcast ARP Request frames to resolve an IPv4 address to a link-layer address.

ARP Request frames are replaced with multicast Neighbor Solicitation messages.

Internet Group Management Protocol (IGMP) is used to manage local subnet group membership.

IGMP is replaced with Multicast Listener Discovery (MLD) messages.

Internet Control Message Protocol (ICMP) Router Discovery, which is optional, is used to determine the IPv4 address of the best default gateway.

ICMP Router Discovery is replaced with required ICMPv6 Router Solicitation and Router Advertisement messages.

Broadcast addresses are used to send traffic to all nodes on a subnet.

There are no IPv6 broadcast addresses. Instead, a link-local scope all-nodes multicast address is used.

Must be configured either manually or through DHCP.

Does not require manual configuration or DHCP.

Uses host address (A) resource records in the Domain Name System (DNS) to map host names to IPv4 addresses.

Uses host address (AAAA) resource records in DNS to map host names to IPv6 addresses.

Uses pointer (PTR) resource records in the IN-ADDR.ARPA DNS domain to map IPv4 addresses to host names.

Uses PTR resource records in the IP6.ARPA DNS domain to map IPv6 addresses to host names.

Must support a 576-byte packet size (possibly fragmented).

Must support a 1280-byte packet size (without fragmentation).

IPv6 Equivalents to IPv4

The following table highlights the IPv6 equivalents to IPv4:

IPv4 Address IPv6 Address

Internet address classes Not applicable in IPv6

Multicast addresses (224.0.0.0/4) IPv6 multicast addresses (FF00::/8)

Broadcast addresses Not applicable in IPv6

Unspecified address is 0.0.0.0 Unspecified address is ::

Loopback address is 127.0.0.1 Loopback address is ::1

Public IP addresses Global unicast addresses

Private IP addresses (10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16)

Unique-local addresses (FD00::/8)


(continued)

IPv4 Address IPv6 Address

Autoconfigured addresses (169.254.0.0/16) Link-local addresses (FE80::/64)

Text representation: Dotted decimal notation Text representation: Colon hexadecimal format with suppression of leading zeros and zero compression

Network bits representation: Subnet mask in dotted decimal notation or prefix length

Network bits representation: Prefix length notation only

DNS name resolution: IPv4 host address (A) resource record

DNS name resolution: IPv6 host address (AAAA) resource record

DNS reverse resolution: IN-ADDR.ARPA domain

DNS reverse resolution: IP6.ARPA domain


IPv6 Address Space

The most obvious distinguishing feature of IPv6 is its use of much larger addresses. IPv4 addresses are expressed in four groups of decimal numbers, such as 192.168.1.1. Each grouping of numbers represents a binary octet. In binary, the preceding number is as follows:

11000000.10101000.00000001.00000001 (4 octets = 32 Bits)

The size of an address in IPv6 is four times larger than an IPv4 address. IPv6 addresses are expressed in hexadecimal (hex).

2001:DB8:0:2F3B:2AA:FF:FE28:9C5A

This might seem complex for end users, but the assumption is that users will rely on DNS names to resolve hosts and rarely will type IPv6 addresses manually. The IPv6 address in hex is also easier to convert to binary and vice versa. This simplifies working with subnets, and calculating hosts and networks.

Hexadecimal Numbering System (Base 16)

When dealing with hex numbers, hex 10 is equal to decimal 16.

In the Hexadecimal Numbering System, some letters represent numbers because in the hex system (base16), there must be 16 unique symbols for each position. Because 10 symbols (0 through 9) already exist, there must be six new symbols for the hex system; hence, A through F are used.

Note Use the Windows calculator in Windows 7 and Windows Server 2008 to work with hex and binary. Open the calculator, click the View menu, and then click Programmer. Type 16, and then click Hex. The calculator will display 10. This aspect of hexadecimal can be complex. After reaching hex 9, the next number is hex “A” (decimal 10), and then “B” (decimal 11) up to “F” or (decimal 15). Notice in the calculator that in hex mode, the buttons A through F appear along the left of the number pad. In Hex mode, click F, and then click Dec. The result is decimal 15.


To convert an IPv6 binary address that is 128 bits in length, break it into eight groups of 16 bits. Convert each of these eight groupings of 16 bits into four hex characters. For each of the 16 bits, evaluate four bits at a time to derive each hex number. You should number each set of four binary numbers 1, 2, 4, and 8, starting from the right and moving left. The first bit [0010] is assigned the value of 1, the second bit [0010] is assigned the value of 2, the third bit [0010] is assigned the valued of 4, and finally, the fourth [0010] bit is assigned the value of 8. To derive the hexadecimal value for this section of four bits, add up the values that are assigned to each bit where the bits are set to 1. In the example of 0010, the only bit that is set to 1 is the bit assigned the 2 value. The rest are set to zero. The hex value of these bits is 2.

Converting From Binary to Hexadecimal The following table describes the 16-bit binary number portion of a 128-bit IP address:

[0010][1111][0011][1011]

Binary 0010 1111

Values of each binary position 8421 8421

Adding values where the bit = 1 0+0+2+0 = 2 8 + 4 + 2 + 1 = 15 or hex F

The following example is a single IPv6 address in binary form. Note that the binary representation of the IP address is quite long. The following two lines of binary numbers is one IP address:

0010000000000001000011011011100000000000000000000010111100111011 0000001010101010000000001111111111111110001010001001110001011010

The 128-bit address is divided along 16-bit boundaries (eight blocks of 16 bits).

0010000000000001 0000110110111000 0000000000000000 0010111100111011 0000001010101010 0000000011111111 1111111000101000 1001110001011010

Each boundary is further broken into sets of four bits. Applying the methodology as previously described, convert the IPv6 address. The following table shows the binary and corresponding hexadecimal values for each set of four bits:

Binary Hexadecimal

[0010][0000][0000][0001] [2][0][0][1]

[0000][1101][1011][1000] [0][D][B][8]

[0000][0000][0000][0000] [0][0][0][0]

[0010][1111][0011][1011] [2][F][3][B]

[0000][0010][1010][1010] [0][2][A][A]

[0000][0000][1111][1111] [0][0][F][F]

[1111][1110][0010][1000] [F][E][2][8]

[1001][1100][0101][1010] [9][C][5][A]


Each 16-bit block is expressed as four hex characters, and is then delimited with colons. The result is as follows:

2001:0DB8:0000:2F3B:02AA:00FF:FE28:9C5A

You can simplify IPv6 representation further by removing the leading zeros within each 16-bit block. However, each block must have at least a single digit. With leading zero suppression, the address representation becomes the following:

2001:DB8:0:2F3B:2AA:FF:FE28:9C5A

Compressing Zeros When multiple contiguous zero blocks occur, you can compress these and represent them in the address as a double-colon (::); this simplifies the IPV6 notation. The computer recognizes “::” and substitutes it with the number of blocks necessary to make the appropriate IPv6 address.

In the following example, the address is expressed using zero compression:

2001:DB8::2F3B:2AA:FF:FE28:9C5A

To determine how many 0 bits are represented by the “::”, you can count the number of blocks in the compressed address, subtract this number from eight, and then multiply the result by 16. Using the previous example, there are seven blocks. Subtract seven from eight, and then multiply the result (one) by 16. Thus, there are 16 bits or 16 zeros in the address where the double colon is located.

You can use zero compression only once in a given address. Otherwise, you cannot determine the number of 0 bits represented by each instance of a double-colon (::).

To convert an address into binary, use the reverse of the method described previously:

1. Add in zeros using zero compression.

2. Add leading zeros.

3. Convert each hex number into its binary equivalent.


Lesson 2 IPv6 Addressing

To enable devices with IPv6, you must know how to configure and assign IPv6 addresses to devices within your organization’s network.


• Describe IPv6 prefixes.

• Describe Unicast IPv6.

• Describe zone IDs.

• Describe address autoconfiguration for IPv6.

• Configure IPv6 Settings on a network client.


IPv6 Prefixes

Like the IPv4 address space, the IPv6 address space is divided by allocating portions of the available address space for various IP functions. The high-order bits (bits that are at the beginning of the 128-bit IPv6 address) define areas statically in the IP space. The high-order bits and their fixed values are known as a format prefix.

Internet Assigned Numbers Authority (IANA) manages IPv6. Additionally, it has defined how the IPv6 address space will be divided initially, and specified the format prefixes.

IPv6 Format Prefixes The following table shows the IPv6 address-space allocation by format prefixes:

Allocation Prefix Binary Value Begins With Fraction of the address space

Reserved 0000 0000 - 1/256

Global unicast addresses 001 2 or 3 1/8

Link-local unicast addresses 1111 1110 1000 FE8 1/1024

Unique local unicast addresses 1111 1100 FD 1/256

Multicast addresses 1111 1111 FF 1/256

The remaining IPv6 address space is unassigned.

The current set of unicast addresses that you can use with IPv6 nodes consists of global unicast addresses, unique-local addresses, and link-local unicast addresses.


IPv6 Prefixes The prefix is the part of the address that indicates the bits that have fixed values or that are the subnet prefix’s bits. Prefixes for IPv6 subnets, routes, and address ranges are expressed in the same way as Classless Inter-Domain Routing (CIDR) notation for IPv4. An IPv6 prefix is written in address/prefix-length notation. For example, 2001:DB8::/48 and 2001:DB8:0:2F3B::/64 are IPv6 address prefixes.

Note IPv4 implementations commonly use a dotted decimal representation of the network prefix known as the subnet mask. IPv6 does not use a subnet mask; it supports only the prefix-length notation.


Unicast IPv6 Address Types

A unicast address identifies a single interface within the scope of the unicast address type. With the appropriate unicast routing topology, packets addressed to a unicast address are delivered to a single interface.

Global Unicast Addresses Global unicast addresses are equivalent to public IPv4 addresses. They are routable and reachable globally on the IPv6 portion of the Internet. The fields in the global unicast address are:

• Fixed portion set to 001: The three high-order bits are set to 001. The address prefix for currently assigned global addresses is 2000::/3. Therefore, all global unicast addresses begin with either 2 or 3.

• Global Routing Prefix: Indicates the global routing prefix for a specific organization’s site. The combination of the three fixed bits and the 45-bit Global Routing Prefix is used to create a 48-bit site prefix, which is assigned to an organization’s individual site. Once the assignment occurs, routers on the IPv6 Internet forward IPv6 traffic that matches the 48-bit prefix to the routers of the organization’s site.

• Subnet ID: The Subnet ID is used within an organization’s site to identify subnets. This field’s size is 16 bits. The organization’s site can use these 16 bits within its site to create 65,536 subnets or multiple levels of addressing hierarchy and an efficient routing infrastructure.

• Interface ID: Indicates the interface on a specific subnet within the site. This field’s size is 64 bits. This is either randomly generated or assigned by DHCPv6. In the past was based on the Media Access Control (MAC) address of the network interface card to which the address was bound.


Link-Local Unicast Addresses Link-local addresses are local-use unicast addresses with the following properties:

• Link-local addresses are used between on-link neighbors and for Neighbor Discovery processes. This allows a computer to request further IPv6 configuration information from IPv6 routers and IPv6 DHCP servers.

• Link-local is the equivalent to Automatic Private IP Addressing (APIPA) addresses in IPv4.

• Link-local addresses always begin with FE8. With the 64-bit interface identifier, the prefix for link-local addresses is always FE80::/64. An IPv6 router never forwards link-local traffic beyond the link.

Note The loopback concept is followed through for IPv6: an unspecified address is 0:0:0:0:0:0:0:0, or ::, while the loopback address is 0:0:0:0:0:0:0:1 or ::1.

Unique Local IPv6 Unicast Addresses Unique local addresses provide an equivalent to the private IPv4 address space for organizations without the overlap in address space when organizations combine.

The first seven bits have the fixed binary value of 1111110. All unique local addresses have the address prefix FC00::/7. The Local (L) flag is set 1 to indicate a local address. The L flag value set to 0 has not yet been defined. Therefore, unique local addresses with the L flag set to 1 have the address prefix of FD::/8.

The next 40 bits must be randomly assigned to give the resulting 48-bit unique local prefix relative uniqueness between organizations.

Note These address types are not mutually exclusive as with IPv4. All hosts get a link-local address on each interface and could also have global unicast addresses, and unique local IPv6 unicast addresses.


Zone IDs

Unlike global addresses, you can reuse local-use addresses. Link-local addresses are reused on each link. Link-local addresses are ambiguous because of this address-reuse capability.

Zone IDs for Local-Use Addresses

You need an additional identifier to specify on which link an address is assigned or located. This additional identifier is a zone identifier (ID), also known as a scope ID, and identifies a connected portion of a network that has a specified scope. The syntax specified in RFC 4007 for identifying the zone that is associated with a local-use address is as follows:

Address%zone_ID

Address is a local-use address and zone_ID is an integer value representing the zone. The values of the zone ID are defined relative to the sending host. Therefore, different hosts might determine different zone ID values for the same physical zone. For example, Host A might use 3 to represent the zone ID of an attached link and Host B might use 4 to represent the same link.

For Windows-based IPv6 hosts, the zone IDs for link-local addresses are defined as follows.

For link-local addresses, the zone ID typically is the interface index of the interface that is either assigned the address or is to be used as the sending interface for a link-local destination. The interface index is an integer starting at 1 that is assigned to IPv6 interfaces, which include a loopback and one or multiple tunnel or local area network (LAN) interfaces. You can view the list of interface indexes by using the netsh interface ipv6 show interface command.

The following is an example of using Windows tools and the zone ID:

ping fe80::2b0:d0ff:fee9:4143%3

In this case, 3 is the interface index of the interface that is attached to the link that contains the destination address.


In Windows, the Ipconfig.exe tool displays the zone ID of local-use IPv6 addresses. The following is an excerpt from the display of the ipconfig command.

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix : wcoast.example.com IP Address. . . . . . . . . . . : 157.60.14.219 Subnet Mask . . . . . . . . . . : 255.255.255.0 IP Address. . . . . . . . . . . : 2001:db8:2a1c:2:1cc8:ef1d:1dd9:8066 IP Address. . . . . . . . . . . : 2001:db8:2a1c:204:5aff:fe56:f5b IP Address. . . . . . . . . . . : fe80::204:5aff:fe56:f5b%4 Default Gateway . . . . . . . . : 157.60.14.1 fe80::20a:42ff:feb0:5400%4

For the link-local addresses that are in the display of the ipconfig command, the zone ID indicates the interface index of the interface that is assigned either the address (for IP Address) or is the interface through which an address is reachable (for Default Gateway).


Address Autoconfiguration for IPv6

The host can proceed through several states as it goes through the autoconfiguration process, and there are several ways to assign an IPv6 address and other configuration settings. Based on how the router is set up, a client might use stateless configuration (no DHCPv6 service), or stateful with a DHCPv6 server involved, to either assign an IP address and other configuration settings, or just assign other configuration settings. The other configuration settings can include DNS servers and domain names.

Autoconfigured Address States

Autoconfigured addresses are in one or more of the following states:

• Tentative: Verification is occurring to determine if the address is unique. Duplicate address detection performs verification. A node cannot receive unicast traffic to a tentative address.

• Valid: The address has been verified as unique, and can send and receive unicast traffic.

• Preferred: The address enables a node to send and receive unicast traffic to and from it.

• Deprecated: The address is valid but its use is discouraged for new communication.

• Invalid: The address no longer allows a node to send or receive unicast traffic.

Types of Autoconfiguration Types of autoconfiguration include:

• Stateless: Address configuration is only based on the receipt of Router Advertisement messages.

• Stateful: Configuration is based on the use of a stateful address configuration protocol such as DHCPv6 to obtain addresses and other configuration options:

• A host uses stateful address configuration when it receives instructions to do so in Router Advertisement messages.

• A host also will use a stateful address configuration protocol when there are no routers present on the local link.


• Both: Configuration is based on receipt of Router Advertisement messages and DHCPv6.

Why Use Stateful Configuration?

Using stateful configuration allows the organizations to control how IPv6 addresses are assigned using DHCPv6.

If there are any specific scope options that you need to configure, such as the IPv6 addresses of DNS servers, then a DHCPv6 server is necessary.

Communication with DHCP Server When IPv6 attempts to communicate with a DHCP server, it will use multicast IPv6 addresses to communicate with the DHCP server. This is different than with IPv4, which uses broadcast IPv4 addresses.


Demonstration: How to Configure IPv6 Client Settings

This demonstration shows how to:

• Configure a DHCP Scope for IPv6 Clients.

• Configure the client computer.


Lesson 3 Coexistence with IPv6

From its inception, IPv6 was designed to have the ability to coexist, long term, with IPv4. This lesson provides an overview of the technologies that support the two IP protocols’ coexistence. In addition the lesson describes different node types and IP stack implementations of IPv6, and then explains how DNS resolves names to IPv6 addresses, and the various types of IPv6 transition technologies.

Objectives

After completing this lesson, you will be able to:

• Describe IP node types.

• Describe methods to provide coexistence of IPv4 and IPv6.

• Configure DNS to support IPv6.

• Explain IPv6 transition technologies.


What Are Node Types?

When planning an IPv6 network, you should know what kind of nodes or hosts are on the network. Describing the nodes in the following ways helps to define their abilities on the network. This is important for tunneling because certain kinds of tunnels require specific node types, including the following:

• IPv4-only node: A node that implements only IPv4 (and has only IPv4 addresses) and does not support IPv6. Most hosts and routers installed today are IPv4-only nodes.

• IPv6-only node: A node that implements only IPv6 (and has only IPv6 addresses) and does not support IPv4. This node is able to communicate only with IPv6 nodes and applications, and is not common today. However, it might become more prevalent as smaller devices, such as cellular phones and handheld computers, use the IPv6 protocol exclusively.

• IPv6/IPv4 node: A node that implements both IPv4 and IPv6.

• IPv4 node: A node that implements IPv4. It can be an IPv4-only node or an IPv6/IPv4 node.

• IPv6 node: A node that implements IPv6. It can be an IPv6-only node or an IPv6/IPv4 node.

For coexistence to occur, the largest number of nodes (IPv4 or IPv6 nodes) can communicate using an IPv4 infrastructure, an IPv6 infrastructure, or an infrastructure that is a combination of IPv4 and IPv6. You will achieve true migration when all IPv4 nodes are converted to IPv6-only nodes. However, for the foreseeable future, you can achieve practical migration when as many IPv4-only nodes as possible are converted to IPv6/IPv4 nodes. IPv4-only nodes can communicate with IPv6-only nodes only when you are using an IPv4-to-IPv6 proxy or translation gateway.


IPv4 and IPv6 Coexistence

To coexist with an IPv4 infrastructure and provide an eventual transition to an IPv6-only infrastructure, you can use the following mechanisms.

Dual IP Layer Architecture

A dual IP layer architecture, implemented in Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2, contains both IPv4 and IPv6 Internet layers with a single implementation of transport layer protocols, such as TCP and UDP.

A dual IP layer architecture contains both IPv4 and IPv6 Internet layers with a single implementation of transport layer protocols, such as TCP and UDP. Dual stack allows for easier migration to IPv6. There are fewer files to maintain to provide IPv6 connectivity. IPv6 is also available without adding any new protocols in the network-card configuration.

Types of packets include:

• IPv4 packets

• IPv6 packets

• IPv6 over IPv4 packets (IPv6 packets encapsulated with an IPv4 header)

Dual Stack Architecture

Dual stack architecture contains both IPv4 and IPv6 Internet layers with separate protocol stacks that contain separate implementations of transport layer protocols, such as TCP and UDP.

The IPv6 protocol driver in Windows Server 2003 and Windows XP, Tcpip6.sys, contains a separate implementation of TCP and UDP.


Types of packets include:

• IPv4 packets

• IPv6 packets

• IPv6 over IPv4 packets

DNS Infrastructure Requirements

You need a DNS infrastructure for successful coexistence because of the prevalent use of names rather than addresses to refer to network resources. Upgrading the DNS infrastructure consists of populating the DNS servers with records to support IPv6 name-to-address and address-to-name resolutions. After you obtain the addresses using a DNS name query, the sending node must select which addresses to use for communication.

Upgrading the DNS infrastructure consists of populating the DNS servers with records to support IPv6 name-to-address and address-to-name resolutions:

• A records for IPv4 nodes

• AAAA records for IPv6 nodes

• PTR records for IPv4 and IPv6 addresses

When using IPv6, DNS can return several addresses of different types for the same host. The set of source and destination addresses that the host decides to use for communications is based on default address selection rules, which you can configure on the host. To view the prefix policies that determine address-selection behavior, open a command prompt and type: netsh interface ipv6 show prefixpolicies. The following represents typical output from this command:

Precedence Label Prefix ---------- ----- -------------------------------- 50 0 ::1/128 40 1 ::/0 30 2 2002::/16 20 3 ::/96 10 4 ::ffff:0:0/96 5 5 2001::/32

IPv6 Over IPv4 Tunneling IPv6 over IPv4 tunneling is the encapsulation of IPv6 packets with an IPv4 header so that IPv6 packets can be sent over an IPv4 infrastructure; this is discussed in a subsequent topic and in the next lesson.


Demonstration: How to Configure DNS to Support IPv6

This demonstration shows how to:

• Configure the bindings for the DNS service.

• Verify the presence of AAAA records in Contoso.com.


What Is IPv6 Over IPv4 Tunneling?

IPv6 over IPv4 tunneling is the encapsulation of IPv6 packets with an IPv4 header so that IPv6 packets can be sent over an IPv4-only infrastructure. Within the IPv4 header:

• The IPv4 Protocol field is set to 41 to indicate an encapsulated IPv6 packet.

• The Source and Destination fields are set to IPv4 addresses of the tunnel endpoints. You can configure tunnel endpoints manually as part of the tunnel interface or they are derived automatically.

Note Unlike tunneling for the Point-to-Point Tunneling Protocol (PPTP) and Layer Two Tunneling Protocol (L2TP), there is no exchange of messages for tunnel setup, maintenance, or termination. Additionally, IPv6 over IPv4 tunneling does not provide security for tunneled IPv6 packets. This means that when you use IPv6 tunneling, it does not need to establish a protected connection first.


Lesson 4 IPv6 Transition Technologies

An eventual successful transition to IPv6 requires interim coexistence of IPv6 nodes in today’s predominantly IPv4 environment. To support this, IPv6 packets are tunneled automatically over IPv4-only routing infrastructures, enabling IPv6 clients to communicate with each other by using Teredo, 6to4, or Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) addresses and tunneling IPv6 packets across IPv4 networks. This lesson provides information about the different transition technologies that are available in Windows. The IPv6 transition technologies include:

• ISATAP: Local intranets use ISATAP tunneling, which takes advantage of autoconfiguration and is the primary way in which IPv6 nodes communicate over an IPv4-only intranet.

• 6to4: Allows IPv6 hosts with public IPv4 addresses to communicate over the IPv4-only Internet.

• Teredo: Teredo allows IPv6 hosts with private IPv4 addresses and located behind NATs to communicate over the IPv4-only Internet.


• Explain ISATAP.

• Explain 6to4.

• Explain Teredo.

• Describe PortProxy.


What Is ISATAP?

ISATAP is an address-assignment technology that you can use to provide unicast IPv6 connectivity between IPv6/IPv4 hosts across an IPv4 intranet. ISATAP hosts do not require any manual configuration and can create ISATAP addresses using standard address autoconfiguration mechanisms. You mainly use ISATAP within an organizations’ site, and although the ISATAP component is enabled by default, it only assigns ISATAP-based addresses if it can resolve the name ISATAP on your network.

Note An ISATAP address based on a private IPv4 address is formatted like this: [64-bit unicast prefix]:0:5EFE:w.x.y.z, while an ISATAP address based on a public IPv4 address is formatted like this: [64-bit unicast prefix]:200:5EFE:w.x.y.z. For example, FE80::5EFE:192.168.137.133 (private) and FE80::200:5EFE:131.107.137.133 (public).

What Is an ISATAP Router?

ISATAP allows IPv6 clients on an IPv4-only intranet to communicate without additional manual configuration. An ISATAP router advertises an IPv6 prefix and can allow the clients to communicate with other IPv6 clients on other IPv6 subnets.

How ISATAP Tunneling Works ISATAP tunneling can be initiated in several ways. The ISATAP router can be located by resolving the name “ISATAP” to an IPv4 address by using the Netsh Interface IPv6 ISATAP set Router command, or, for Windows 7 and Windows Server 2008 R2, configure the ISATAP Router Name Group Policy setting.

To resolve ISATAP in the naming infrastructure, you must define the name ISATAP in DNS, Windows Internet Name Service (WINS), or in the hosts/lmhosts files of the hosts.

After locating the router, the host communicates with it using IPv4. The router provides the host with information about the IPv6 ISATAP prefix and whether it (the router) is a default router.


Note It is important to plan ISATAP implementation carefully; all nodes will be connected to the same IPv6 subnet and AD DS site awareness configured with the Active Directory Sites and Services snap-in will be lost unless also configured for ISATAP-equivalent subnets. For this reason and others, Microsoft recommends that you use ISATAP only for limited testing, rather than for Intranet wide deployment, and instead deploy native IPv6 support for your intranet.


What Is 6to4?

6to4 is a technology that you can use to provide unicast IPv6 connectivity between IPv6 sites and hosts across the IPv4 Internet. 6to4 treats the entire IPv4 Internet as a single link.

In a 6to4 address (2002:WWXX:YYZZ:Subnet_ID:Interface_ID), WWXX:YYZZ is the colon-hexadecimal representation of w.x.y.z, a public IPv4 address.

6to4 Router Functionality in Windows When you enable Internet Connection Sharing (ICS) on a computer running Windows, the following occurs:

• Enables IPv6 forwarding on the 6to4 tunneling and private interfaces.

• The private interface connects to a single-subnet intranet and uses private IPv4 addresses from the 192.168.0.0/24 prefix.

• Determines a 64-bit IPv6 subnet prefix to advertise on the private intranet.

• The 6to4 component derives the intranet subnet prefix from 2002:WWXX:YYZZ:InterfaceIndex::/64, in which InterfaceIndex is the private interface’s index.

• Sends router advertisement messages on the private interface.

The router advertisement messages advertise the Internet Connection Sharing (ICS) computer as a default router and contain the derived 6to4 subnet prefix.


How 6to4 Tunneling Works Within a site, local IPv6 routers advertise 2002:WWXX:YYZZ:Subnet_ID::/64 subnet prefixes so that hosts autoconfigure 6to4 addresses. IPv6 routers within the site deliver traffic between 6to4 hosts. Hosts on individual subnets are configured automatically with a 64-bit subnet route for direct delivery to neighbors and a default route with the next-hop address of the advertising router. IPv6 traffic that does not match any of the subnet prefixes that the site uses is forwarded to a 6to4 router on the site border. The 6to4 router on the site border has a 2002::/16 route that forwards traffic to other 6to4 sites and a default route (::/0) that forwards traffic to a 6to4 relay on the IPv4 Internet.

Example In the example network shown in the slide, Host A and Host B can communicate with each other because of a default route using the next-hop address of the 6to4 router in Site 1. When Host A communicates with Host C in another site, Host A sends the traffic to the 6to4 router in Site 1 as IPv6 packets. The 6to4 router in Site 1, using the 2002::/16 route in its routing table and the 6to4 tunnel interface, encapsulates the traffic with an IPv4 header and tunnels it to the 6to4 router in Site 2. The 6to4 router in Site 2 receives the tunneled traffic, removes the IPv4 header and, using the subnet prefix route in its routing table, forwards the IPv6 packet to Host C.

For example, Host A resides on subnet 1 within Site 1 that uses the public IPv4 address of 157.60.91.123. Host C resides on subnet 2 within Site 2 that uses the public IPv4 address of 131.107.210.49. The table that appears in the slide, lists the addresses in the IPv4 and IPv6 headers when the 6to4 router in Site 1 sends the IPv4-encapsulated IPv6 packet to the 6to4 router in Site 2.


What Is Teredo?

Teredo tunneling enables you to tunnel across the IPv4-only Internet when the clients are behind an IPv4 NAT. Teredo was created because many Internet connections use private IPv4 addresses behind a NAT. Teredo is a last-resort transition technology for IPv6 connectivity. If native IPv6, ISATAP, or 6to4 connectivity is present between communicating nodes, Teredo is not used. As more IPv4 NATs are upgraded to support 6to4, and IPv6 connectivity becomes ubiquitous, Teredo will be used less frequently, until eventually it is not used at all.

Teredo Components The Teredo components are as follows:

• Teredo client: Supports a Teredo tunneling interface through which packets are tunneled to other Teredo clients or nodes on the IPv6 Internet through a Teredo relay.

• Teredo server: Connects to both the IPv4 and IPv6 Internet. The role of the Teredo server is to assist in the initial Teredo client configuration and facilitate the initial communication between Teredo clients in different sites or between Teredo clients and IPv6-only hosts on the IPv6 Internet.

• Teredo relay: Forwards packets between Teredo clients on the IPv4 Internet and IPv6-only hosts on the IPv6 Internet.

• Teredo host-specific relay: Has interfaces on, and connects to, the IPv4 and IPv6 Internet. Additionally, it can communicate directly with Teredo clients over the IPv4 Internet without needing an intermediate Teredo relay. The connectivity to the IPv4 Internet can be through a public IPv4 address or through a private IPv4 address and a neighboring NAT. The connectivity to the IPv6 Internet can be through a direct connection to the IPv6 Internet or through an IPv6 transition technology, such as 6to4.


What Is PortProxy?

You can use the PortProxy service as an application-layer gateway for nodes or applications that do not support IPv6. PortProxy facilitates the communication between nodes or applications that cannot connect using a common address type, Internet layer protocol (IPv4 or IPv6), and TCP port. This service’s primary purpose is to allow IPv6 nodes to communicate with IPv4-only TCP applications.

PortProxy can proxy only TCP data, and it supports only application-layer protocols that do not embed address or port information inside the application-layer data. PortProxy cannot change address information at the application level and is not flexible. Additionally, you will fare better using other tunneling technologies to address many of the issues you typically would address by using PortProxy.

Some areas where PortProxy can be helpful and provide solutions during a transition phase include:

• An IPv4-only node can access an IPv6-only node.

• An IPv6-only node can access an IPv4-only node.

• An IPv6 node can access an IPv4-only service that is running on a PortProxy computer.


Lab A: Configuring an ISATAP Router

Lab Setup For this lab, you will use the available virtual machine environment. Before beginning the lab, you must complete the following steps:

1. On the host computer, click Start, point to Administrative Tools, and then click Hyper-V Manager.

2. In Hyper-V™ Manager, click 6421B-NYC-DC1, and in the Actions pane, click Start.

3. In the Actions pane, click Connect. Wait until the virtual machine starts.

4. Log on using the following credentials:

• User name: Administrator

• Password: Pa$$w0rd

• Domain: Contoso

5. Repeat steps 2 to 4 for 6421B-NYC-RTR and 6421B-NYC-CL2.

Lab Scenario

Contoso has decided to begin the process of migrating their network to IPv6. Your initial task is to prove the principle of the migration by configuring a single client computer for IPv6.

For this project, you must complete the following tasks:

• Configure a new IPv6 network and client.

• Configure an ISATAP Router to enable communication between an IPv4 network and an IPv6 network.


Exercise 1: Configuring a New IPv6 Network and Client

Scenario In this exercise, you will configure NYC-CL2 as an IPv6-only client.

The main tasks for this exercise are as follows:

1. Configure IPv4 Routing.

2. Enable IP routing on NYC-RTR and confirm IPv4 connectivity.

3. Disable IPv6 on NYC-DC1.

4. Disable IPv4 on NYC-CL2.

5. Configure an IPv6 router advertisement for the global address 2001:db8:0:1::/64 network on NYC-RTR.

6. Check the IP configuration on NYC-CL2 to ensure that it is configured with an IPv6 global address in the 2001:db8:0:1::/64 network.

Task 1: Configure IPv4 Routing

1. Switch to NYC-CL2.

2. Verify the Local Area Connection 3 properties:

• IP address: 172.16.16.3

• Subnet mask: 255.255.255.0

• Default gateway: 172.16.16.1

• Preferred DNS server: 10.10.0.10

3. Close all open windows.

4. Switch to NYC-DC1.

5. Verify the Local Area Connection 2 properties:

• Default gateway: 10.10.0.1

6. Close all open windows.

Task 2: Enable IP Routing on NYC-RTR and Confirm IPv4 Connectivity

1. Switch to NYC-RTR.

2. Open the Registry editor.

3. Configure the HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > Services > Tcpip > Parameters > IPEnableRouter value as 1.

4. Close the Registry editor.

5. Restart NYC-RTR.

6. After NYC-RTR restarts, log on with the following credentials:




Note At this point, only IPv4 traffic is routed through the IPv4 routing infrastructure. Because ICMPv4 traffic is blocked by the Windows Firewall by default, you cannot test connectivity with ping.

Task 3: Disable IPv6 on NYC-DC1


2. Disable IPv6 on the Local Area Connection 2 by clearing the Internet Protocol Version 6 (TCP/IPv6) check box in the Local Area Connection 2 Properties.

Task 4: Disable IPv4 on NYC-CL2



3. Open a command prompt, type ipconfig, and then press ENTER.

Note The output should be a link-local IPv6 address that starts with fe80.

Task 5: Configure an IPv6 router advertisement for the global address 2001:db8:0:1::/64 network on NYC-RTR


2. Open a command prompt, and then type the following commands.

netsh interface ipv6 set interface "Local Area Connection 3" forwarding=enabled advertise=enabled netsh interface ipv6 add route 2001:db8:0:1::/64 "Local Area Connection 3" publish=yes

Task 6: Check the IP configuration on NYC-CL2 to ensure that it is configured with an IPv6 global address in the 2001:db8:0:1::/64 network


2. At the command prompt, type ipconfig and then press ENTER.

Note The output should be a link-local IPv6 address that starts with fe80. Two global IP addresses starting with 2001:db8:0:1: should also be included in the output.

3. Close the command prompt.

Results: At the end of this exercise, you will have configured NYC-CL2 for IPv6 only.


Exercise 2: Configuring an ISATAP Router to Enable Communication Between an IPv4 Network and an IPv6 Network

Scenario

In this exercise, you will configure ISATAP to enable connectivity between the new IPv6 client and the remaining IPv4 clients, including NYC-DC1.


1. Add the ISATAP entry in the DNS zone on NYC-DC1.

2. Configure the ISATAP router on NYC-RTR.

3. Enable the ISATAP interface on NYC-DC1.

4. Test connectivity.

Task 1: Add the ISATAP entry in the DNS zone on NYC-DC1


2. Add a new host record in DNS:

• Zone: Contoso.com

• Name: ISATAP

• IP address: 10.10.0.1

Task 2: Configure the ISATAP router on NYC-RTR

Note When substituting the following Interface_Index, ensure that you type your Interface_Index with the brackets {} on either side.


2. Switch to the command prompt. Type each of the following commands and then press ENTER after each command:

Netsh interface ipv6 isatap set router 10.10.0.1 ipconfig

3. Locate the Tunnel adapter isatap.{Interface_Index}: that has a Link-local IPv6 address that contains 10.10.0.1. Note the Interface_Index (including brackets) – you will need it in a moment.

Interface index:

4. Type the following command, replacing Interface_Index with the number (and brackets {}) that you recorded earlier, and then press ENTER:

netsh interface ipv6 set interface “isatap.Interface_Index” forwarding=enabled advertise=enabled


5. At the command prompt, type the following command, replacing Interface_Index with the number (and brackets {}) that you recorded earlier, and then press ENTER:

netsh interface ipv6 add route 2001:db8:0:10::/64 “isatap.Interface_Index” publish=yes

6. Restart NYC-RTR and then log on using the following credentials:



7. Open a command prompt and type ipconfig and press ENTER.

Note The Tunnel adapter associated with the 10.10.0.0/16 network will display an IPv6 address in the 2001:db8:0:10 range.

Task 3: Enable the ISATAP interface on NYC-DC1


2. Open a command prompt and then type the following commands:

Netsh interface isatap set router 10.10.0.1 ipconfig

Note The Tunnel adapter isatap {Interface_Index} (which is the ISATAP adapter) has automatically received an IPv6 address from the ISATAP router.

Task 4: Test connectivity

1. On NYC-DC1, open Windows Firewall with Advanced Security.

2. Create a new inbound rule with the following properties:

• Rule Type: Custom

• Program: Default

• Protocols and Ports: Protocol > ICMPv4

• Scope: Default

• Action: Default

• Profile: Default

• Name: Allow PING


4. Open a command prompt and then type the following commands:

Ping 2001:db8:0:10:0:5efe:10.10.0.10 ipconfig

What is the IPv6 address? Record it here.


5. Open Windows Firewall with Advanced Security.





• Scope: Default

• Action: Default


• Name: Allow PING


8. Open a command prompt, type Ping IPv6_address, and then press ENTER.

Where IPv6_address is the IPv6 address on NYC-CL2 you noted earlier.

Results: At the end of this exercise, you will have configured ISATAP.

Preparing for the next lab

• Do not turn off the virtual machines at this time because you will need them to complete the next lab.


Lesson 5 Transitioning from IPv4 to IPv6

The transition from IPv4 to IPv6 is expected to take years. IPv4 remains the IP standard for the majority of applications and Internet services in use today. However, more and more networks and applications might function well in an IPv6-capable environment, as Windows 7 and Windows Server 2008 R2 are adopted more widely. In this lesson, you will learn about the issues that you must consider when transitioning to IPv6 and review the necessary steps for transitioning to an IPv6-capable infrastructure.


• Describe considerations for migrating from IPv4 to IPv6.

• Describe a process for effectively transitioning to native IPv6.

• Troubleshoot an IPv6-based network.


Discussion: Considerations for Migrating from IPv4 to IPv6

When migrating from IPv4 to IPv6, you must consider the applications that you will use, your network devices, and potential device upgrades that might occur.


Process for Transitioning to IPv6-only

The migration from IPv4 to IPv6 is expected to take considerable time. This was taken into consideration when designing IPv6 and as a result, the transition plan for IPv6 is a multistep process that allows for extended coexistence.

To achieve the goal of a pure IPv6 environment, use the following general guidelines:

• Upgrade your applications to be independent of IPv6 or IPv4. For example, applications can be changed to use new Windows Sockets application programming interfaces (APIs) so that name resolution, socket creation, and other functions are independent regardless of whether you are using IPv4 or IPv6.

• Update the DNS infrastructure to support IPv6 address and PTR records. You might have to upgrade the DNS infrastructure to support the new AAAA records (required) and PTR records in the IP6.ARPA reverse domain (optional). Additionally, ensure that the DNS servers support DNS traffic over IPv6 and DNS dynamic update for AAAA records so that IPv6 hosts can register their names and IPv6 addresses automatically.

• Upgrade hosts to IPv6/IPv4 nodes. You must upgrade hosts to use both IPv4 and IPv6. You also must add DNS resolver support to process DNS query results that contain both IPv4 and IPv6 addresses. You can deploy ISATAP in a limited capacity to test IPv6 and DNS functionality.

• Upgrade routing infrastructure for native IPv6 routing. You must upgrade routers to support native IPv6 routing and IPv6 routing protocols.


Troubleshooting IPv6

To troubleshoot IPv6, depending on the problem, you can:

• Start at the bottom of the stack and move up.

• Start at the top of the stack and move down.

When starting at the top of the stack, the methods you can use to troubleshoot IPv6 include:

• Verify IPv6 connectivity.

• Verify DNS name resolution for IPv6 addresses.

• Verify IPv6-based TCP sessions.

Verifying IPv6 Connectivity You can use the following tasks to troubleshoot problems with IPv6 connectivity:

• Verify configuration

• Verify reachability

• Check packet filtering

• View and manage the IPv6 routing table

• Verify router reliability

Verify Configuration

Ipconfig shows both IPv4 and IPv6. Commands in the Netsh interface IPv6 context only show IPv6 data. You also can use the Netsh.exe to view another computer’s IPv6 configuration data. You can obtain significant information using NETSH.exe, and use it to configure most IPv6 settings. To access the NETSH IPv6 configuration prompt, type: netsh –c “interface ipv6”.


Verify Reachability If a device’s network card has changed, it is possible that the hardware address was not updated in the cache of the computer that is trying to connect.

Ping also has been updated for IPv6. If you need to ping an IPv6 router using its link-local address, you should also supply a zone ID for that router (this is listed when you perform an Ipconfig).

In addition to verifying reachability, you can:

• Check packet filtering:

• Check for IPsec policies

• Check the configuration of firewalls

• Check routers and intermediate firewalls for port filters

• View the IPv6 routing table. This is a fairly advanced step that allows you to discern where your computer is trying to send specific network data.

• Verify the routing path taken using the Tracert tool.

• Verify router reliability using the Pathping tool. This is a method to detect bottlenecks or badly configured network hardware.

Verifying DNS Name Resolution for IPv6 Addresses When verifying network services connectivity, you use many of the same tools and software as with IPv4. When checking for DNS configuration and name resolution, you can verify the DNS configuration using the following tools:

• Ipconfig/all: The display of the ipconfig/all command includes IPv6 addresses, default routers, and DNS settings for all interfaces. The Ipconfig tool only works on the local computer.

• Ipconfig/displaydns and Ipconfig/flushdns: Use these commands to display and flush the DNS client-resolver cache.

Note This is the same for IPv4.

• Ping: Use the Ping tool to test DNS name resolution. Make sure to ping the IPv6 name.

• Nslookup: Use the Nslookup tool to view DNS server responses. Set the query to look for AAAA records with the type=AAAA option.

Verifying IPv6-Based TCP Connections To verify IPv6-based TCP connections:

• Check for packet filtering: This is the same process as it is for verifying IPv6 connectivity, but sometimes packet filtering will block one type of incoming connection, such as File Transfer Protocol (FTP), but allow port 80 (HTTP). It could also block ping requests.

• Verify TCP connection establishment (Telnet): To verify a TCP connection in certain circumstances, such as those previously mentioned, use the Microsoft Telnet Client to directly connect to the address and port of the service being investigated. For example: telnet 2001:db8::1 80.


Lab B: Converting the Network to Native IPv6

Lab Setup For this lab, you will use the available virtual machine environment. The virtual machines must be running following the completion of Lab A.

Lab Scenario The pilot went well. Your manager has asked you to convert the network to IPv6. Your task is to disable ISATAP and enable native IPv6 routing.

For this project, you must transition to a native IPv6 Network.


Exercise 1: Transitioning to a Native IPv6 Network

Scenario In this exercise, you will disable ISATAP and IPv4, and then enable IPv6.


1. Disable the ISATAP router on NYC-RTR.

2. Configure the native IPv6 router on NYC-RTR.

3. Disable IPv4 connectivity.

4. Test connectivity between each IPv6 subnet.

Task 1: Disable the ISATAP router on NYC-RTR

Note When substituting the following Interface_Index, ensure that you type your Interface_Index with the brackets {} on either side.


2. Open a command prompt and then type the following commands.

ipconfig

3. Locate the Tunnel adapter isatap.{Interface_Index}: that has a Link-local IPv6 address that contains 10.10.0.1. Note the Interface_Index (including brackets) – you will need it in a moment.

Interface index:

4. Type the following commands, replacing Interface_Index with the number (and brackets {}) that you recorded earlier.

netsh interface ipv6 set interface “isatap.Interface_Index” forwarding=disabled advertise=disabled netsh interface ipv6 delete route 2001:db8:0:10::/64 “isatap.Interface_Index”

Task 2: Configure the native IPv6 router on NYC-RTR

• Open a command prompt and then type the following commands.

netsh interface ipv6 set interface “Local Area Connection 2” forwarding=enabled advertise=enabled netsh interface ipv6 add route 2001:db8:0:0::/64 “Local Area Connection 2” publish=yes

Task 3: Disable IPv4 connectivity





4. Enable IPv6 on the Local Area Connection 2 by selecting the Internet Protocol Version 6 (TCP/IPv6) check box in the Local Area Connection 2 Properties.

Task 4: Test connectivity between each IPv6 subnet

1. Open Windows Firewall with Advanced Security.





• Scope: Default

• Action: Default


• Name: Allow PING for IPv6

3. At the command prompt, type ipconfig and then press ENTER.

Note the new IPv6 address (global address begins with 2001:) assigned to the Local Area Connection 2. Write down the IPv6 address in the space below.

NYC-DC1 IPv6 address: _____________________________________________


5. Open a command prompt, type Ping global_IP_address, and then press ENTER.

Where global_IP_address is the NYC-DC1 address that you noted previously.

6. At the command prompt, type ipconfig /all and then press ENTER:

Note the IPv6 address (global address begins with 2001:) assigned to the Local Area Connection 2. Write down the IPv6 address in the space below.

NYC-CL2 IPv6 address: _____________________________________________

7. Switch to NYC-DC1 and switch to the Command Prompt.

8. Open a command prompt, type Ping global_IP_address, and then press ENTER

Where global_IP_address is the NYC-CL2 address that you noted previously.

Results: At the end of this exercise, you will have configured an IPv6 only network.

Preparing for the next module

When you finish the lab, revert the virtual machines to their initial state. To do this, complete the following steps:

1. On the host computer, start Hyper-V Manager.

2. Right-click 6421B-NYC-DC1 in the Virtual Machines list and then click Revert.

3. In the Revert Virtual Machine dialog box, click Revert.

4. Repeat these steps for 6421B-NYC-RTR and 6421B-NYC-CL2.


Module Review and Takeaways

Review Questions 1. What are the different types of unicast IPv6 addresses?

2. What are the main reasons why IPv6 is necessary?

3. What is the process called when a client configures itself with an IPv6 address?

4. What kind of IP address does every IPv6 client automatically assign itself?

5. How does the scope of an address affect its ability to communicate on a locally attached subnet?

6. What is the main purpose of Teredo?

Tools

Tool Use for

IPconfig Provides overview data for IPv4 and IPv6.

Route Provides basic information about IPv4 and IPv6 routing tables.

Netsh Provides detailed information about the IPv6 configuration, and it is the primary tool used to configure IPv6 in Windows Server 2008 and Windows Vista. You also can use this command-line tool to configure an IPv6 router.


Documents

IPV6