Condividi tramite


What is IPv6? (TechRef)

Applies To: Windows Server 2008

Introduction to IPv6

Microsoft is delivering support for the emerging update to the Internet Protocol, commonly referred to as IP version 6 — or simply IPv6 (RFC 2460). This protocol suite is based on a standard from the Internet Engineering Task Force (IETF), and it is designed to significantly increase the size of the address space used to identify communication endpoints in the Internet, thereby allowing it to continue its tremendous growth rate. As a core networking protocol in Windows Server® 2008, IPv6 serves as one of two Internet protocols that enable computers running Windows to communicate on intranets and over the Internet.

The recent broad adoption of always-on technologies such as Digital Subscriber Line (DSL) and cable modems, coupled with the pending integration of personal data assistants (PDAs) and cellular phones into always-addressable Mobile Information Appliances, significantly elevates the urgency to expand the address space that Internet-connected systems use to communicate. The address space currently used is defined as part of the Internet Protocol, or IP (the network layer of the TCP/IP protocol suite). The version of IP commonly used today, Version 4 (IPv4), has not been substantially changed since RFC 791 was published in 1981. Since then, IPv4 has proven to be robust, easily implemented, and interoperable. It has withstood the test of scaling an internetwork (a network of networks) to a global utility the size of today’s Internet.

IPv6 will continue the tradition of the IPv4 protocol, which gained much of its acceptance by defining mechanisms to tie systems together over a wide variety of disparate networking technologies. Already defined link-layer mappings for transporting IPv6 include Ethernet, Point-to-Point Protocol (PPP), Fiber Distributed Data Interface (FDDI), Token Ring, Asynchronous Transfer Mode (ATM), Frame Relay, and IEEE 1394. From an architectural perspective, an IPv4-based infrastructure appears to systems that are enabled for IPv6 as a single segment non-broadcast multi-access (NBMA) network. The capability to send IPv6 traffic over existing IPv4 networks will provide an initial reach as broad as the current Internet, limited only by the endpoints’ ability and readiness to make use of it.

New capabilities that are expected to drive rapid adoption include scoped addresses; stateless autoconfiguration, which lowers complexity and management burden; and mandatory IP security (IPSec), which permits end-to-end data authentication and integrity and increases privacy of connections. In addition, technologies that extend the lifetime of IPv4 (such as network address translation, or NATs) frequently do not work with existing applications, and those technologies are already restricting the flexibility to deploy new applications. NATs are popular today because they allow multiple systems to share a single public IPv4 address. However, they tend to enforce a client/server usage model where the client uses private address space with only the server existing in public address space. IPv6 brings back the capability of “end-to-end control of communications,” making networking applications simpler as the network again becomes transparent.

IPv6 in Windows Server 2008

Wireless technologies are emerging in ways that make ad-hoc networks between personal devices more feasible. Setting up systems to work in an ad-hoc mode is challenging enough, but many of these personal devices will also need to perform in the managed environment of the workplace. Switching between these modes is frequently frustrating and is significantly more involved than using either mode on its own. To reduce the complexity, IPv6 has defined an architectural principle that systems are required to simultaneously support multiple addresses. Coupling this capability with scoped addresses results in the ability to move easily and automatically between ad-hoc and managed environments. The IPv6 implementation will automatically adapt itself to the current needs, be it ad-hoc, home, or business connections.

To address concerns about security and privacy, the Microsoft IPv6 implementation includes IPSec, which provides data authenticity, data integrity, and data confidentiality across the array of protocols used by the various applications. Providing the capability at the network layer frees developers from having to add specific security capabilities to every application.

In addition, Microsoft helped standardize temporary addresses. To make stateless autoconfiguration work well and to ensure global uniqueness, the standards community chose the underlying hardware address (the MAC address) for use as part of an IPv6 address. The side effect of this approach is that all communications are traceable to the specific hardware device.

Although it is technically necessary to have a published (over some scope), globally unique address to receive incoming connections, the address of an originator requires only current global uniqueness (not publication). To alleviate this potential privacy concern, Microsoft has authored RFC 3041 to define a locally generated address mechanism where the result is valid only for a period that the local system or application determines. The ability of IPv6 systems to simultaneously support multiple addresses allows each application to use an independent address, an application to use a different address for each service to which it connects, or both.

Peer-to-peer applications that are made easier using IPv6 include IP telephony and video tele-conferencing. These and similar applications are likely to take advantage of the Quality of Service (QoS) features defined for IPv6. Although many QoS features have also been defined as add-ons for IPv4, the mechanism selected was to redefine the meaning for the Type of Service field of the IP header, which caused collisions with historical implementations. The effort to provide QoS for IPv4 has been a struggle due to differing models of deployment. This effort is not wasted though, because it is forcing many details to be worked through — from hardware capabilities to business practices. Systems that are enabled for IPv6 will be able to leverage this effort to provide an array of service levels that are consistent from end to end.

Transitioning from IPv4 to IPv6

The conversion from IPv4 to IPv6 will be a larger task for the industry than was the preparation for year 2000. This protocol change will affect nearly all networked applications, end systems, infrastructure systems, and network architectures. This change must be approached with responsibility to prevent the costly, unproductive missteps that often result from broad, premature availability of technologies. Unlike the year 2000 issue, the conversion to IPv6 has no specific timeline. However, as noted earlier, the rate of IPv4 address consumption is rapidly increasing. Simplicity of deployment will be the key to rapid adoption.

Like IPv4 (where early deployments frequently transited X.25 networks), IPv6 deployment will start at the edge of the network, taking advantage of framing within any available network technology. Internet service providers (ISPs) will deploy native IPv6 routing based on customer demand. However, this conversion may be slow because ISPs will need several years to replace network equipment. Microsoft is taking the approach that encapsulating IPv6 packets within IPv4 will allow incremental deployments of end systems that will, in turn, demonstrate the demand to the ISPs.

To stay on the high-performance path of the existing routers, computers that are running Windows and that are enabled for IPv6 will default to tunneling over IPv4 unless the ISP provides a specific indication to do otherwise and a native IPv6 path exists end to end. The only requirement is that systems that are directly connected to an ISP must receive at least one public IPv4 address. (The address ranges specified in RFC 1918 are not public.) Other systems in a home or business will receive 6to4 (RFC 3056) prefix Router Advertisement messages from the directly-connected system.

In the presence of NATs that are not enabled for IPv6 where only private addresses are available, a supplementary technology will be used. This technology will tunnel IPv6 traffic over NATs by including a User Datagram Protocol (UDP) header that can be used to provide a mechanism for 6to4-type tunneling across the IPv4 Internet. In enterprise environments, an incremental upgrade to IPv6 is possible using the Intra-Site Automatic Tunnel Addressing Protocol (ISATAP). ISATAP allows IPv6-only hosts and subnets to fully co-exist and interoperate with IPv4 hosts and subnets in an intranet. In partnership with 6to4 technology, a comprehensive incremental migration solution is available to businesses that are taking their corporate networks through this transition.

Despite these approaches, the transition will not be easy. Most manufacturers will produce systems that support both IPv4 and IPv6 so that, if connections are not possible using IPv6, the systems can fall back and succeed using IPv4 (if IPv4 connectivity existed before the introduction of IPv6). The overall goal is to ensure a smooth transition and deployments where updated applications can take advantage of the new protocol without breaking existing functionality. To this end, new Windows APIs have been defined to specifically isolate the legacy applications from unintentional exposure to protocol differences, including the larger IPv6 addresses.

The Microsoft implementation of IPv6 is easy to deploy because it includes stateless address autoconfiguration (including temporary addresses), automatic tunneling over existing IPv4 networks, and appropriate use of scoped addresses.

Because IP is a fundamental and pervasive technology within the operating system, it is not feasible to retrofit versions of Windows prior to Windows Server 2003 and Windows XP. However, to maintain backwards compatibility, versions of Windows that are enabled for IPv6 will also provide the capability to natively communicate using IPv4 for the foreseeable future. Although translation between IPv4 and IPv6 will be necessary in some cases (such as late in a transition when new IPv6-only devices need to access yet-to-be-retired IPv4-only systems), it is not expected to be the norm for early deployments. Whenever the IPv6-only devices arrive, the issues that surround address translation are typically specific to a given application. Thus as they arise, these scenarios will require targeted development on a case-by-case basis.

Limitations of IPv4

IPv4’s initial design did not anticipate the following:

  • The recent exponential growth of the Internet and the impending exhaustion of the IPv4 address space.

    Because IPv4 addresses have become relatively scarce, some organizations have been forced to use NATs to map multiple private addresses to a single public IP address. NATs promote reuse of the private address space, but they do not support standards-based network-layer security or the correct mapping of all upper layer protocols. NATs can also create problems when they connect two organizations that use the private address space.

    Additionally, the rising prominence of Internet-connected devices and appliances ensures that the public IPv4 address space will eventually be depleted.

  • The requirement for security at the Internet layer.

    Private communication over a public medium such as the Internet requires encryption services that protect the data being sent from being viewed or modified in transit. IPSec provides security for IPv4 packets, but this standard is optional, and proprietary solutions prevail.

  • The growth of the Internet and the ability of Internet backbone routers to maintain large routing tables.

    Because of the way that IPv4 network IDs have been and are currently allocated, the routing tables of Internet backbone routers routinely contain more than 85,000 routes. The routing infrastructure of the IPv4 Internet combines both flat and hierarchical routing.

  • The need to better support real-time delivery of data — also called quality of service (QoS).

    QoS standards exist for IPv4, but real-time traffic support relies on the IPv4 Type of Service (TOS) field and the identification of the payload, which is typically done using a UDP or TCP port. Unfortunately, the IPv4 TOS field has limited functionality, and various local interpretations developed over time. In addition, payload identification using a TCP and UDP port is not possible when the payload is encrypted.

IPv6 Features that Fix IPv4 Limitations

IPv6 includes the following features:

  • New header format

  • Larger address space

  • Efficient and hierarchical addressing and routing infrastructure

  • Stateless and stateful address configuration

  • Built-in security

  • Better support for QoS

  • New protocol for neighboring node interaction

  • Extensibility

The following subsections discuss each of these new features in detail.

New Header Format

The IPv6 header has a new format that is designed to minimize header overhead. This optimization is achieved by moving both non-essential fields and optional fields to extension headers that appear after the IPv6 header. Intermediate routes can process the streamlined IPv6 header more efficiently.

IPv4 headers and IPv6 headers do not interoperate. IPv6 is not a superset of functionality that is backward compatible with IPv4. A host or router must use an implementation of both IPv4 and IPv6 to recognize and process both header formats. The IPv6 header is only twice as large as the IPv4 header, even though IPv6 addresses are four times as large as IPv4 addresses.

Larger Address Space

IPv6 has 128-bit (16-byte) source and destination IP addresses. Although 128 bits can express over 3.4×1038 possible combinations, the large address space of IPv6 has been designed for multiple levels of subnetting and address allocation from the Internet backbone to the individual subnets within an organization.

Even though only a small number of the possible addresses are currently allocated for use by hosts, plenty of addresses are available for future use. With a much larger number of available addresses, address-conservation techniques, such as the deployment of NATs, are no longer necessary.

Efficient and Hierarchical Addressing and Routing Infrastructure

IPv6 global addresses that are used on the IPv6 portion of the Internet are designed to create an efficient, hierarchical, and summarizable routing infrastructure that is based on the common occurrence of multiple levels of Internet service providers.

Stateless and Stateful Address Configuration

To simplify host configuration, IPv6 supports both stateful address configuration (as in the presence of a DHCP server) and stateless address configuration (as in the absence of a DHCP server). With stateless address configuration, hosts on a link automatically configure themselves with IPv6 addresses for the link (called link-local addresses) and with addresses that they derive from prefixes that local routers advertise. Even in the absence of a router, hosts on the same link can configure themselves with link-local addresses and communicate without manual configuration.

Built-in Security

The IPv6 protocol suite requires support for IPSec. This requirement provides a standards-based solution for network security needs and promotes interoperability between different IPv6 implementations.

Better Support for QoS

New fields in the IPv6 header define how traffic is handled and identified. Traffic identification (using a Flow Label field in the IPv6 header) allows routers to identify and provide special handling for packets belonging to a flow, which is a series of packets between a source and a destination. Because the IPv6 header identifies the traffic, QoS can be supported even when the packet payload is encrypted through IPSec.

New Protocol for Neighboring Node Interaction

The Neighbor Discovery protocol for IPv6 is a series of Internet Control Message Protocol for IPv6 (ICMPv6) messages that manage the interaction of nodes on the same link (known as neighboring nodes). Neighbor Discovery replaces the broadcast-based Address Resolution Protocol (ARP), ICMPv4 Router Discovery, and ICMPv4 Redirect messages with efficient multicast and unicast Neighbor Discovery messages.

Extensibility

IPv6 can easily be extended by adding extension headers after the IPv6 header. Unlike options in the IPv4 header, which can support only 40 bytes of options, the size of IPv6 extension headers is constrained only by the size of the IPv6 packet.

Differences Between IPv4 and IPv6

The following table highlights some of the key differences between IPv4 and IPv6.

Differences between IPv4 and IPv6

IPv4 IPv6

Source and destination addresses are 32 bits (4 bytes) in length.

Source and destination addresses are 128 bits (16 bytes) in length. For more information, see IPv6 Addressing (TechRef)

IPSec support is optional.

IPSec support is required.

IPv4 header does not identify packet flow for QoS handling by routers.

IPv6 header contains Flow Label field, which identifies packet flow for QoS handling by router.

Both routers and the sending host fragment packets.

Only the sending host fragments packets; routers do not.

Header includes a checksum.

Header does not include a checksum.

Header includes options.

All optional data is moved to IPv6 extension headers.

Address Resolution Protocol (ARP) uses broadcast ARP Request frames to resolve an IP address to a link-layer address.

Multicast Neighbor Solicitation messages resolve IP addresses to link-layer addresses. For more information, see IPv6 Neighbor Discovery.

Internet Group Management Protocol (IGMP) manages membership in local subnet groups.

Multicast Listener Discovery (MLD) messages manage membership in local subnet groups.

ICMP Router Discovery is used to determine the IPv4 address of the best default gateway, and it is optional.

ICMPv6 Router Solicitation and Router Advertisement messages are used to determine the IP address of the best default gateway, and they are required. For more information, see IPv6 Neighbor Discovery.

Broadcast addresses are used to send traffic to all nodes on a subnet.

IPv6 uses a link-local scope all-nodes multicast address.

Must be configured either manually or through DHCP.

Does not require manual configuration or DHCP.

Uses host address (A) resource records in Domain Name System (DNS) to map host names to IPv4 addresses.

Uses host address (AAAA) resource records in DNS to map host names to IPv6 addresses.

Uses pointer (PTR) resource records in the IN-ADDR.ARPA DNS domain to map IPv4 addresses to host names.

Uses pointer (PTR) resource records in the IP6.ARPA DNS domain to map IPv6 addresses to host names.

Must support a 576-byte packet size (possibly fragmented).

Must support a 1280-byte packet size (without fragmentation).