IPv6 Overview

The initial goal of IPv6 was simply to address the problem of IP address depletion that has become common with the older, familiar IPv4 protocol suite. As you'll see in a bit, IPv6 addresses that problem with a massive new addressing scheme that should provide ample addresses far into the future. However, once underway, the developers of IPv6 also decided to address some other problems that new and innovative uses of the Internet were making apparent, including broadcast and multicast support, security, addressing boundaries, and more. In this section, we'll provide you with an overview of how IPv6 works in general and some specifics about the IPv6 implementation in Windows Server 2003.


If you're interested in reading the official documents that describe how IPv6 works, visit www.faqs.org/rfcs and enter one of these RFC numbers: 791, 1918, 2460, 3041, and 3056. Each of these Request for Comments (RFC) documents describes a specific portion of the overall IPv6 suite. You can also learn more about Microsoft's IPv6 plans at www.microsoft.com/ipv6.

If you can't wait for the day when IPv6 becomes an everyday reality, don't hold your breath. Although the IT industry in general has committed to moving to IPv6, doing so is going to make the Year 2000 crisis look like a walk in the park. Nearly every single network device in the world, from desktop computers to servers, from routers to Web-capable cell phones, and many more, will have to be upgraded to support IPv6. Certainly, the process is well underway, with major vendors such as Microsoft and Cisco including IPv6 support in their new products. Additionally, IPv6 provides backward-compatibility with IPv4, enabling older devices to function while the transition is underway. Even so, the move to IPv6 remains slow (the protocol has existed for more than five years already), and it will likely be a few more years before you can forget everything you know about IPv4.

IPv6 Tutorial

Perhaps the easiest place to begin a discussion on IPv6 is with addressing. Rather than the four-octet, dotted-decimal IP addresses you're accustomed to, such as, IPv6 uses hexadecimal addresses like this: 21DA:00D3:0000:2F3B:02AA:00FF:FE28:9C5A. For simplification, you can remove any leading 0s for any segment of the address, resulting in something similar to this: 21DA:D3:0:2F3B:2AA:FF:FF228:9C5A. IPv6 addresses are roughly four times longer than IPv4 addresses, and, whereas IPv4 addresses provide for 4.2 billion possible addresses, IPv6 can support 3.4x1038 addresses (that's like a trillion quadrillion quadrillion addresses, or about a million quadrillion addresses for every square meter of the earth's surface). Just as IPv4 addresses were divided into classes (Class A, Class B, and so forth), IPv6 addresses are also divided. For example, approximately 1/256 of the IPv6 address space is reserved for multicast addresses, another 1/1024 is reserved for local site unicast addresses, and so forth. About 15% of the address space is available for unicast, or single-host, addresses. Because so much of the address space is reserved for particular uses, and because IPv6 allows addresses to be compressed, or expressed in shorthand, so that 0s aren't displayed, you might find yourself working with addresses such as FF02::02, which is a shortened version of FF02:0:0:0:0:0:0:2. Basically, you just leave out all the contiguous 0s and include a double colon in their place, compressing the address down to a much more manageable size. You can remove only one contiguous series of 0s, meaning compressed addresses such as FF02::5::2 aren't legal.


Even compressed IPv6 addresses are long and complex, which means that you'll rely even more heavily on name resolution services like DNS to translate easliy remembered names into IPv6 addresses. IPv6-compliant DNS software supports AAAA records for hostname registration and an IP6.INT domain for reverse (name-to-address) lookups.

In IPv4, you use a subnet mask to specify which portion of an IP address is the host address and which portion is the network address. IPv6 doesn't use subnet masks. Instead, it relies on a prefix to specify which portion of the address is the network's ID number. Prefixes are identical to the Classless Interdomain Routing (CIDR) notation you might already use for subnet masks. For example, 21DA:D3:0:2F3B::/64 specifies a 64-bit mask, which represents a particular subnet on a network.

IPv6 supports three distinct types of addresses:

  • Unicast? Represents a single network interface, which might be a network adapter in a computer.

  • Multicast? Identifies multiple interfaces. Packets sent to a multicast address are delivered to all interfaces, or network adapters, that subscribe to the multicast address. Multicasts are most often used to distribute videoconferencing audio and video streams.

  • Anycast? Similar to a multicast, except that the data is delivered only to the nearest interface using the address, rather than to all interfaces using the address. Whereas multicast is used for one-to-many conversations, anycast is used for one-to-"one of many" conversations.

Notice that IPv6 does not define a broadcast address, like IPv4 does. Under IPv6, all broadcasts are conducted as multicasts. The IPv6 specification includes special multicast addresses to which all IPv6 interfaces must subscribe, enabling subnet-specific broadcasts, site-wide broadcasts, and so forth. IPv6 does define a couple of special addresses. The unspecified address, used in routing calculations, is simply ::, or 0:0:0:0:0:0:0:0, which is equivalent to IPv4's address. IPv6's loopback address is ::1, which is equivalent to IPv4's loopback address.

To provide backward-compatibility with IPv4, IPv6 specifies compatibility addresses. For example, 0:0:0:0:0:0: supports the IPv4 address and also can be expressed as :: When these compatibility addresses are used, the computer encapsulates all IPv6 header information into an IPv4 packet, allowing the IPv6 packet to be carried by an older IPv4 network. Compatibility addresses are used by computers that support both IPv6 and IPv4.

For an IPv6 computer to address an IPv4-only computer, it must used mapped addresses, such as 0:0:0:0:0:FFFF:, or simply ::FFFF: This internal IPv6 representation of an IPv4 address tells the computer that, when sending packets to that destination, it must fall back to the pure IPv4 protocol and not attempt to send IPv6 packets.

Interestingly, computers on an IPv6 network usually have multiple addresses, even if they have only a single network adapter. These addresses include

  • A link-local unicast address? It allows the computer to communicate with other hosts on the same network subnet. This is a nonroutable address and is similar to the Automatic IP Addressing (APIPA) addresses, in the range, that IPv4 defines. Windows Server 2003's IPv6 stack automatically creates a unique link-local address for each network adapter in the computer.

  • A site-local unicast address? It is similar to the private IP address ranges (such as used in IPv4. This address is routable only within a private network and cannot be used on the global Internet. Different private networks can reuse the same site-local addresses.

  • A global unicast address? It is similar to a public IP address under IPv4. These addresses are routable across the entire Internet.

The purpose of these different addresses is to help conserve address space and to make routers' jobs easier. A major problem with IPv4 is that the simple volume of IP traffic makes it tough for routers to keep up because they must analyze a great deal of traffic simply to see whether that traffic needs to be routed. IPv6's use of specific classes of address, some of which are routable and some of which aren't, helps routers perform their tasks more efficiently. Also, computers won't necessarily have one of each type of address. For example, a computer within a large enterprise network might have a link-local and site-local address but no global address. Instead, only the network's boundary devices?such as firewalls?would use global addresses, performing the IPv6 version of NAT to provide Internet access to internal clients.

There's plenty more to the IPv6 protocol, of course, including complex new packet headers, routing tables, and so on. For details, connect to www.microsoft.com/ipv6, where you'll find several detailed technical documents regarding IPv6.

IPv6 in Windows Server 2003

Windows Server 2003 contains the first production version of Microsoft's IPv6 stack (Windows XP includes a similar, prerelease version of the stack). The stack contains all the features to operate on a pure IPv6 network or a combined IPv4/IPv6 network, including

  • 6to4 tunneling? Allows IPv6 hosts to communicate with one another over an older, IPv4 network.

  • PortProxy-enabled communications for applications that cannot select a specific IP stack? PortProxy provides proxying from IPv4 to IPv6 and vice versa, as well as proxying from IPv4 to IPv4 and from IPv6 to IPv6. This capability is critical for computers that need to access services provided by a computer offering a different version of the IP stack. You can configure PortProxy by using the netsh interface portproxy command from a command line.

  • Dynamic registration of IPv6-compatible host ("AAAA") records? Both the DNS Client service and the DNS Server included with Windows Server 2003 support this.

    • For more information on changes to DNS in Windows Server 2003, see "WINS, DHCP, and DNS," p. 126.

  • IPSec now supports IPv6 in several configurations? Plus, Windows Server 2003 includes a new tool, IPsec6.exe, which enables you to manually configure security policies, associations, and encryption keys for IPv6.

  • Windows's native Remote Procedure Call (RPC) protocol uses Windows Sockets? This has been updated to support both IPv4 and IPv6 connections.

  • Internet Explorer, Telnet, FTP, IIS 6.0, file and print sharing, Windows Media Services, and Network Monitor? These are all included with Windows Server 2003, and they all fully support IPv6.

  • Windows Server 2003 supports IPv6 routing through the use of the netsh interface ipv6 route command? This command enables you to configure a Windows Server 2003 computer with static IPv6 routes, thus allowing the computer to act as a rudimentary IPv6 router.

To install and configure the IPv6 stack on Windows Server 2003, follow these steps:

  1. Open the properties for the network connection you want to use IPv6.

  2. Click the Install button and select Protocol from the list.

  3. Select Microsoft TCP/IP Version 6 from the protocol list, and click OK.

Unlike the IPv4 stack, which includes a complete GUI for configuring IP addresses and other information, IPv6 is configured entirely from the command line by using the netsh interface ipv6 command. For example, netsh interface ipv6 add address "Internal" AEB0::2 adds the address AEB0::2 to the network interface named Internal. Other commands enable you to add DNS server information, interfaces, routes, prefix policies, 6to4 tunnel settings, and so forth. Of course, configuring IPv6 settings from a command line is definitely a step backward, when everyone has become used to automatic configuration through DHCP. There is a specification for DHCPv6?the IPv6 update to DHCP?which provides full automatic configuration. Unfortunately, Windows Server 2003 does not include a DHCPv6-compatible DHCP service, nor does Windows Server 2003's IPv6 stack include DHCPv6 support. By default, Windows Server 2003's IPv6 stack creates a unique local-link address automatically (similar to APIPA in IPv4), removing a minor piece of manual configuration effort. Also, all IPv6 hosts listen for advertisement messages sent by IPv6 routers and use those messages to configure their default router, the location of a DHCPv6 server (assuming one exists and the stack supports its use), and other information. On a network with multiple IPv6 subnets, you'll likely have to perform some manual configuration, especially if your routers aren't configured to send IPv6 router advertisements.


If you're planning to move to IPv6, it makes the most sense to migrate your network boundary devices?routers, firewalls, and the like?first. Those devices play a key role in IPv6 host configuration, replacing some of the functions performed by DHCP in an IPv4 network.