Professional Documents
Culture Documents
Module 4
Configuring and Troubleshooting IPv6 TCP/IP
Contents:
Lesson 1: Overview of IPv6 Lesson 2: IPv6 Addressing Lesson 3: Coexistence with IPv6 Lesson 4: IPv6 Transition Technologies Lab A: Configuring an ISATAP Router Lesson 5: Transitioning from IPv4 to IPv6 Lab B: Converting the Network to Native IPv6 4-3 4-12 4-22 4-28 4-35 4-41 4-46
4-2
Module Overview
Support for Internet Protocol version 6 (IPv6), a new suite of standard protocols for the Internets Network layer, is built into Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2. IPv6 is a technology that will help ensure that the Internet can support a growing user base and the increasingly large number of IP-enabled devices. The current Internet Protocol Version 4 (IPv4) has served as the underlying Internet protocol for almost thirty years. Its robustness, scalability, and limited feature set is now challenged by the growing need for new IP addresses, due in large part to the rapid growth of new network-aware devices.
Objectives
After completing this module, you will be able to: Describe the features and benefits of IPv6. Implement IPv6 addressing. Implement an IPv6 coexistence strategy. Describe and select a suitable IPv6 transition solution. Transition from IPv4 to IPv6. Troubleshoot an IPv6-based network.
4-3
Overview of IPv6
Lesson 1
IPv6 is becoming more common, but while adoption is slow, it is important to understand how this technology affects current networks and how to integrate IPv6 into those networks. The following lesson will cover the benefits of IPv6 and how it compares with IPv4.
Objectives
After completing this lesson, you will be able to: Describe the benefits of IPv6. Describe the differences between IPv4 and IPv6. Describe the IPv6 address space. Convert between binary and hexadecimal.
4-4
Benefits of IPv6
The IPv6 protocol provides the following benefits: Large address space: A 32-bit address space allows for 2^32 or 4,294,967,296 possible addresses; a 128-bit address space allows for 2^128 or 340,282,366,920,938,463,463,374,607,431,768,211,456 (or 3.4x10^38 or 340 undecillion) possible addresses. Hierarchical addressing and routing infrastructure: The IPv6 address space is designed to be more efficient for routers, which means that even though there are many more addresses, routers can process data much more efficiently because of address optimization. Stateless and Stateful address configuration: IPv6 has auto-configure capability without a Dynamic Host Configuration Protocol (DHCP), and it can discover router information so that hosts can access the Internet; this is a Stateless address configuration. A Stateful address configuration is when you use the DHCPv6 protocol. Stateful configuration has two additional configuration levels: one in which DHCP provides all the information, including the IP address and configuration settings, and another that provides just configuration settings. Required support for IPsec: The IPv6 standards require support for the AH and ESP headers that are defined by IPsec. Although support for specific IPsec authentication methods and cryptographic algorithms are not specified, IPsec is defined from the start as the way to protect IPv6 packets. Restores end-to-end communication: The global addressing model for IPv6 traffic means that translation between different types of addresses is not needed, such as the translation done by NAT devices for IPv4 traffic. This simplifies communication because you do not need to use NAT devices. For example, video conferencing and other peer to peer applications. Prioritized delivery: IPv6 contains a field in the packet that allows network devices to determine that the packet should be processed at a specified rate; this allows traffic prioritization. For example, when you are streaming video traffic, it is critical that the packets arrive in a timely manner. You can set this field to ensure that network devices determine that the packet delivery is time-sensitive.
4-5
Support for single-subnet environments: IPv6 has much better support of automatic configuration and operation on networks consisting of a single subnet. You can use this to create temporary ad-hoc networks through which you can connect and share information. Extensibility: IPv6 has been designed so that you can extend it with much fewer constraints than IPv4.
4-6
When the IPv4 address space was designed, it was unimaginable that it could be exhausted. However, due to changes in technology and an allocation practice that did not anticipate the explosion of Internet hosts, the IPv4 address space became so consumed that by 1992, it was clear that a replacement would be necessary. With IPv6, it is hard to conceive that the IPv6 address space will be consumed. The decision to make the IPv6 address 128 bits in length was designed so it can be subdivided into hierarchical routing domains that reflect the modern-day Internets topology. The use of 128 bits allows for multiple levels of hierarchy and flexibility in designing hierarchical addressing and routing that is currently lacking on the IPv4-based Internet. Note The IPv6 addressing architecture is described in Request for Comments (RFC) 4291.
4-7
(continued) IPv4 Header includes a checksum. Header includes options. Address Resolution Protocol (ARP) uses broadcast ARP Request frames to resolve an IPv4 address to a link-layer address. Internet Group Management Protocol (IGMP) is used to manage local subnet group membership. Internet Control Message Protocol (ICMP) Router Discovery, which is optional, is used to determine the IPv4 address of the best default gateway. Broadcast addresses are used to send traffic to all nodes on a subnet.
Must be configured either manually or through DHCP. Uses host address (A) resource records in the Domain Name System (DNS) to map host names to IPv4 addresses. Uses pointer (PTR) resource records in the INADDR.ARPA DNS domain to map IPv4 addresses to host names. Must support a 576-byte packet size (possibly fragmented).
IPv6 Header does not include a checksum. All optional data is moved to IPv6 extension headers. ARP Request frames are replaced with multicast Neighbor Solicitation messages. IGMP is replaced with Multicast Listener Discovery (MLD) messages. ICMP Router Discovery is replaced with required ICMPv6 Router Solicitation and Router Advertisement messages. There are no IPv6 broadcast addresses. Instead, a linklocal scope all-nodes multicast address is used.
Does not require manual configuration or DHCP. Uses host address (AAAA) resource records in DNS to map host names to IPv6 addresses. Uses PTR resource records in the IP6.ARPA DNS domain to map IPv6 addresses to host names. Must support a 1280-byte packet size (without fragmentation).
4-8
(continued) IPv4 Address Autoconfigured addresses (169.254.0.0/16) Text representation: Dotted decimal notation Network bits representation: Subnet mask in dotted decimal notation or prefix length DNS name resolution: IPv4 host address (A) resource record DNS reverse resolution: IN-ADDR.ARPA domain IPv6 Address Link-local addresses (FE80::/64) Text representation: Colon hexadecimal format with suppression of leading zeros and zero compression Network bits representation: Prefix length notation only DNS name resolution: IPv6 host address (AAAA) resource record DNS reverse resolution: IP6.ARPA domain
4-9
The most obvious distinguishing feature of IPv6 is its use of much larger addresses. IPv4 addresses are expressed in four groups of decimal numbers, such as 192.168.1.1. Each grouping of numbers represents a binary octet. In binary, the preceding number is as follows:
11000000.10101000.00000001.00000001 (4 octets = 32 Bits)
The size of an address in IPv6 is four times larger than an IPv4 address. IPv6 addresses are expressed in hexadecimal (hex).
2001:DB8:0:2F3B:2AA:FF:FE28:9C5A
This might seem complex for end users, but the assumption is that users will rely on DNS names to resolve hosts and rarely will type IPv6 addresses manually. The IPv6 address in hex is also easier to convert to binary and vice versa. This simplifies working with subnets, and calculating hosts and networks.
4-10
To convert an IPv6 binary address that is 128 bits in length, break it into eight groups of 16 bits. Convert each of these eight groupings of 16 bits into four hex characters. For each of the 16 bits, evaluate four bits at a time to derive each hex number. You should number each set of four binary numbers 1, 2, 4, and 8, starting from the right and moving left. The first bit [0010] is assigned the value of 1, the second bit [0010] is assigned the value of 2, the third bit [0010] is assigned the valued of 4, and finally, the fourth [0010] bit is assigned the value of 8. To derive the hexadecimal value for this section of four bits, add up the values that are assigned to each bit where the bits are set to 1. In the example of 0010, the only bit that is set to 1 is the bit assigned the 2 value. The rest are set to zero. The hex value of these bits is 2.
Binary Values of each binary position Adding values where the bit = 1
The following example is a single IPv6 address in binary form. Note that the binary representation of the IP address is quite long. The following two lines of binary numbers is one IP address:
0010000000000001000011011011100000000000000000000010111100111011 0000001010101010000000001111111111111110001010001001110001011010
The 128-bit address is divided along 16-bit boundaries (eight blocks of 16 bits).
0010000000000001 0000001010101010 0000110110111000 0000000011111111 0000000000000000 1111111000101000 0010111100111011 1001110001011010
Each boundary is further broken into sets of four bits. Applying the methodology as previously described, convert the IPv6 address. The following table shows the binary and corresponding hexadecimal values for each set of four bits: Binary [0010][0000][0000][0001] [0000][1101][1011][1000] [0000][0000][0000][0000] [0010][1111][0011][1011] [0000][0010][1010][1010] [0000][0000][1111][1111] [1111][1110][0010][1000] [1001][1100][0101][1010] Hexadecimal [2][0][0][1] [0][D][B][8] [0][0][0][0] [2][F][3][B] [0][2][A][A] [0][0][F][F] [F][E][2][8] [9][C][5][A]
4-11
Each 16-bit block is expressed as four hex characters, and is then delimited with colons. The result is as follows:
2001:0DB8:0000:2F3B:02AA:00FF:FE28:9C5A
You can simplify IPv6 representation further by removing the leading zeros within each 16-bit block. However, each block must have at least a single digit. With leading zero suppression, the address representation becomes the following:
2001:DB8:0:2F3B:2AA:FF:FE28:9C5A
Compressing Zeros
When multiple contiguous zero blocks occur, you can compress these and represent them in the address as a double-colon (::); this simplifies the IPV6 notation. The computer recognizes :: and substitutes it with the number of blocks necessary to make the appropriate IPv6 address. In the following example, the address is expressed using zero compression:
2001:DB8::2F3B:2AA:FF:FE28:9C5A
To determine how many 0 bits are represented by the ::, you can count the number of blocks in the compressed address, subtract this number from eight, and then multiply the result by 16. Using the previous example, there are seven blocks. Subtract seven from eight, and then multiply the result (one) by 16. Thus, there are 16 bits or 16 zeros in the address where the double colon is located. You can use zero compression only once in a given address. Otherwise, you cannot determine the number of 0 bits represented by each instance of a double-colon (::). To convert an address into binary, use the reverse of the method described previously: 1. 2. 3. Add in zeros using zero compression. Add leading zeros. Convert each hex number into its binary equivalent.
4-12
IPv6 Addressing
Lesson 2
To enable devices with IPv6, you must know how to configure and assign IPv6 addresses to devices within your organizations network.
Objectives
After completing this lesson, you will be able to: Describe IPv6 prefixes. Describe Unicast IPv6. Describe zone IDs. Describe address autoconfiguration for IPv6. Configure IPv6 Settings on a network client.
4-13
IPv6 Prefixes
Like the IPv4 address space, the IPv6 address space is divided by allocating portions of the available address space for various IP functions. The high-order bits (bits that are at the beginning of the 128-bit IPv6 address) define areas statically in the IP space. The high-order bits and their fixed values are known as a format prefix. Internet Assigned Numbers Authority (IANA) manages IPv6. Additionally, it has defined how the IPv6 address space will be divided initially, and specified the format prefixes.
The remaining IPv6 address space is unassigned. The current set of unicast addresses that you can use with IPv6 nodes consists of global unicast addresses, unique-local addresses, and link-local unicast addresses.
4-14
IPv6 Prefixes
The prefix is the part of the address that indicates the bits that have fixed values or that are the subnet prefixs bits. Prefixes for IPv6 subnets, routes, and address ranges are expressed in the same way as Classless Inter-Domain Routing (CIDR) notation for IPv4. An IPv6 prefix is written in address/prefix-length notation. For example, 2001:DB8::/48 and 2001:DB8:0:2F3B::/64 are IPv6 address prefixes. Note IPv4 implementations commonly use a dotted decimal representation of the network prefix known as the subnet mask. IPv6 does not use a subnet mask; it supports only the prefix-length notation.
4-15
A unicast address identifies a single interface within the scope of the unicast address type. With the appropriate unicast routing topology, packets addressed to a unicast address are delivered to a single interface.
4-16
4-17
Zone IDs
Unlike global addresses, you can reuse local-use addresses. Link-local addresses are reused on each link. Link-local addresses are ambiguous because of this address-reuse capability.
Address is a local-use address and zone_ID is an integer value representing the zone. The values of the zone ID are defined relative to the sending host. Therefore, different hosts might determine different zone ID values for the same physical zone. For example, Host A might use 3 to represent the zone ID of an attached link and Host B might use 4 to represent the same link. For Windows-based IPv6 hosts, the zone IDs for link-local addresses are defined as follows. For link-local addresses, the zone ID typically is the interface index of the interface that is either assigned the address or is to be used as the sending interface for a link-local destination. The interface index is an integer starting at 1 that is assigned to IPv6 interfaces, which include a loopback and one or multiple tunnel or local area network (LAN) interfaces. You can view the list of interface indexes by using the netsh interface ipv6 show interface command. The following is an example of using Windows tools and the zone ID:
ping fe80::2b0:d0ff:fee9:4143%3
In this case, 3 is the interface index of the interface that is attached to the link that contains the destination address.
4-18
In Windows, the Ipconfig.exe tool displays the zone ID of local-use IPv6 addresses. The following is an excerpt from the display of the ipconfig command. Ethernet adapter Local Area Connection:
Connection-specific IP Address. . . . . Subnet Mask . . . . IP Address. . . . . IP Address. . . . . IP Address. . . . . Default Gateway . . DNS . . . . . . . . . . . . Suffix . . . . . . . . . . . . . . . . . . . . . . . . : : : : : : : wcoast.example.com 157.60.14.219 255.255.255.0 2001:db8:2a1c:2:1cc8:ef1d:1dd9:8066 2001:db8:2a1c:204:5aff:fe56:f5b fe80::204:5aff:fe56:f5b%4 157.60.14.1 fe80::20a:42ff:feb0:5400%4
For the link-local addresses that are in the display of the ipconfig command, the zone ID indicates the interface index of the interface that is assigned either the address (for IP Address) or is the interface through which an address is reachable (for Default Gateway).
4-19
The host can proceed through several states as it goes through the autoconfiguration process, and there are several ways to assign an IPv6 address and other configuration settings. Based on how the router is set up, a client might use stateless configuration (no DHCPv6 service), or stateful with a DHCPv6 server involved, to either assign an IP address and other configuration settings, or just assign other configuration settings. The other configuration settings can include DNS servers and domain names.
Types of Autoconfiguration
Types of autoconfiguration include: Stateless: Address configuration is only based on the receipt of Router Advertisement messages. Stateful: Configuration is based on the use of a stateful address configuration protocol such as DHCPv6 to obtain addresses and other configuration options: A host uses stateful address configuration when it receives instructions to do so in Router Advertisement messages. A host also will use a stateful address configuration protocol when there are no routers present on the local link.
4-20
4-21
This demonstration shows how to: Configure a DHCP Scope for IPv6 Clients. Configure the client computer.
4-22
Lesson 3
From its inception, IPv6 was designed to have the ability to coexist, long term, with IPv4. This lesson provides an overview of the technologies that support the two IP protocols coexistence. In addition the lesson describes different node types and IP stack implementations of IPv6, and then explains how DNS resolves names to IPv6 addresses, and the various types of IPv6 transition technologies.
Objectives
After completing this lesson, you will be able to: Describe IP node types. Describe methods to provide coexistence of IPv4 and IPv6. Configure DNS to support IPv6. Explain IPv6 transition technologies.
4-23
When planning an IPv6 network, you should know what kind of nodes or hosts are on the network. Describing the nodes in the following ways helps to define their abilities on the network. This is important for tunneling because certain kinds of tunnels require specific node types, including the following: IPv4-only node: A node that implements only IPv4 (and has only IPv4 addresses) and does not support IPv6. Most hosts and routers installed today are IPv4-only nodes. IPv6-only node: A node that implements only IPv6 (and has only IPv6 addresses) and does not support IPv4. This node is able to communicate only with IPv6 nodes and applications, and is not common today. However, it might become more prevalent as smaller devices, such as cellular phones and handheld computers, use the IPv6 protocol exclusively. IPv6/IPv4 node: A node that implements both IPv4 and IPv6. IPv4 node: A node that implements IPv4. It can be an IPv4-only node or an IPv6/IPv4 node. IPv6 node: A node that implements IPv6. It can be an IPv6-only node or an IPv6/IPv4 node.
For coexistence to occur, the largest number of nodes (IPv4 or IPv6 nodes) can communicate using an IPv4 infrastructure, an IPv6 infrastructure, or an infrastructure that is a combination of IPv4 and IPv6. You will achieve true migration when all IPv4 nodes are converted to IPv6-only nodes. However, for the foreseeable future, you can achieve practical migration when as many IPv4-only nodes as possible are converted to IPv6/IPv4 nodes. IPv4-only nodes can communicate with IPv6-only nodes only when you are using an IPv4-to-IPv6 proxy or translation gateway.
4-24
To coexist with an IPv4 infrastructure and provide an eventual transition to an IPv6-only infrastructure, you can use the following mechanisms.
4-25
Types of packets include: IPv4 packets IPv6 packets IPv6 over IPv4 packets
When using IPv6, DNS can return several addresses of different types for the same host. The set of source and destination addresses that the host decides to use for communications is based on default address selection rules, which you can configure on the host. To view the prefix policies that determine addressselection behavior, open a command prompt and type: netsh interface ipv6 show prefixpolicies. The following represents typical output from this command:
Precedence ---------50 40 30 20 10 5 Label ----0 1 2 3 4 5 Prefix -------------------------------::1/128 ::/0 2002::/16 ::/96 ::ffff:0:0/96 2001::/32
4-26
This demonstration shows how to: Configure the bindings for the DNS service. Verify the presence of AAAA records in Contoso.com.
4-27
IPv6 over IPv4 tunneling is the encapsulation of IPv6 packets with an IPv4 header so that IPv6 packets can be sent over an IPv4-only infrastructure. Within the IPv4 header: The IPv4 Protocol field is set to 41 to indicate an encapsulated IPv6 packet. The Source and Destination fields are set to IPv4 addresses of the tunnel endpoints. You can configure tunnel endpoints manually as part of the tunnel interface or they are derived automatically. Note Unlike tunneling for the Point-to-Point Tunneling Protocol (PPTP) and Layer Two Tunneling Protocol (L2TP), there is no exchange of messages for tunnel setup, maintenance, or termination. Additionally, IPv6 over IPv4 tunneling does not provide security for tunneled IPv6 packets. This means that when you use IPv6 tunneling, it does not need to establish a protected connection first.
4-28
Lesson 4
An eventual successful transition to IPv6 requires interim coexistence of IPv6 nodes in todays predominantly IPv4 environment. To support this, IPv6 packets are tunneled automatically over IPv4-only routing infrastructures, enabling IPv6 clients to communicate with each other by using Teredo, 6to4, or Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) addresses and tunneling IPv6 packets across IPv4 networks. This lesson provides information about the different transition technologies that are available in Windows. The IPv6 transition technologies include: ISATAP: Local intranets use ISATAP tunneling, which takes advantage of autoconfiguration and is the primary way in which IPv6 nodes communicate over an IPv4-only intranet. 6to4: Allows IPv6 hosts with public IPv4 addresses to communicate over the IPv4-only Internet. Teredo: Teredo allows IPv6 hosts with private IPv4 addresses and located behind NATs to communicate over the IPv4-only Internet.
Objectives
After completing this lesson, you will be able to: Explain ISATAP. Explain 6to4. Explain Teredo. Describe PortProxy.
4-29
What Is ISATAP?
ISATAP is an address-assignment technology that you can use to provide unicast IPv6 connectivity between IPv6/IPv4 hosts across an IPv4 intranet. ISATAP hosts do not require any manual configuration and can create ISATAP addresses using standard address autoconfiguration mechanisms. You mainly use ISATAP within an organizations site, and although the ISATAP component is enabled by default, it only assigns ISATAP-based addresses if it can resolve the name ISATAP on your network. Note An ISATAP address based on a private IPv4 address is formatted like this: [64-bit unicast prefix]:0:5EFE:w.x.y.z, while an ISATAP address based on a public IPv4 address is formatted like this: [64-bit unicast prefix]:200:5EFE:w.x.y.z. For example, FE80::5EFE:192.168.137.133 (private) and FE80::200:5EFE:131.107.137.133 (public).
4-30
Note It is important to plan ISATAP implementation carefully; all nodes will be connected to the same IPv6 subnet and AD DS site awareness configured with the Active Directory Sites and Services snap-in will be lost unless also configured for ISATAP-equivalent subnets. For this reason and others, Microsoft recommends that you use ISATAP only for limited testing, rather than for Intranet wide deployment, and instead deploy native IPv6 support for your intranet.
4-31
What Is 6to4?
6to4 is a technology that you can use to provide unicast IPv6 connectivity between IPv6 sites and hosts across the IPv4 Internet. 6to4 treats the entire IPv4 Internet as a single link. In a 6to4 address (2002:WWXX:YYZZ:Subnet_ID:Interface_ID), WWXX:YYZZ is the colon-hexadecimal representation of w.x.y.z, a public IPv4 address.
The router advertisement messages advertise the Internet Connection Sharing (ICS) computer as a default router and contain the derived 6to4 subnet prefix.
4-32
Example
In the example network shown in the slide, Host A and Host B can communicate with each other because of a default route using the next-hop address of the 6to4 router in Site 1. When Host A communicates with Host C in another site, Host A sends the traffic to the 6to4 router in Site 1 as IPv6 packets. The 6to4 router in Site 1, using the 2002::/16 route in its routing table and the 6to4 tunnel interface, encapsulates the traffic with an IPv4 header and tunnels it to the 6to4 router in Site 2. The 6to4 router in Site 2 receives the tunneled traffic, removes the IPv4 header and, using the subnet prefix route in its routing table, forwards the IPv6 packet to Host C. For example, Host A resides on subnet 1 within Site 1 that uses the public IPv4 address of 157.60.91.123. Host C resides on subnet 2 within Site 2 that uses the public IPv4 address of 131.107.210.49. The table that appears in the slide, lists the addresses in the IPv4 and IPv6 headers when the 6to4 router in Site 1 sends the IPv4-encapsulated IPv6 packet to the 6to4 router in Site 2.
4-33
What Is Teredo?
Teredo tunneling enables you to tunnel across the IPv4-only Internet when the clients are behind an IPv4 NAT. Teredo was created because many Internet connections use private IPv4 addresses behind a NAT. Teredo is a last-resort transition technology for IPv6 connectivity. If native IPv6, ISATAP, or 6to4 connectivity is present between communicating nodes, Teredo is not used. As more IPv4 NATs are upgraded to support 6to4, and IPv6 connectivity becomes ubiquitous, Teredo will be used less frequently, until eventually it is not used at all.
Teredo Components
The Teredo components are as follows: Teredo client: Supports a Teredo tunneling interface through which packets are tunneled to other Teredo clients or nodes on the IPv6 Internet through a Teredo relay. Teredo server: Connects to both the IPv4 and IPv6 Internet. The role of the Teredo server is to assist in the initial Teredo client configuration and facilitate the initial communication between Teredo clients in different sites or between Teredo clients and IPv6-only hosts on the IPv6 Internet. Teredo relay: Forwards packets between Teredo clients on the IPv4 Internet and IPv6-only hosts on the IPv6 Internet. Teredo host-specific relay: Has interfaces on, and connects to, the IPv4 and IPv6 Internet. Additionally, it can communicate directly with Teredo clients over the IPv4 Internet without needing an intermediate Teredo relay. The connectivity to the IPv4 Internet can be through a public IPv4 address or through a private IPv4 address and a neighboring NAT. The connectivity to the IPv6 Internet can be through a direct connection to the IPv6 Internet or through an IPv6 transition technology, such as 6to4.
4-34
What Is PortProxy?
You can use the PortProxy service as an application-layer gateway for nodes or applications that do not support IPv6. PortProxy facilitates the communication between nodes or applications that cannot connect using a common address type, Internet layer protocol (IPv4 or IPv6), and TCP port. This services primary purpose is to allow IPv6 nodes to communicate with IPv4-only TCP applications. PortProxy can proxy only TCP data, and it supports only application-layer protocols that do not embed address or port information inside the application-layer data. PortProxy cannot change address information at the application level and is not flexible. Additionally, you will fare better using other tunneling technologies to address many of the issues you typically would address by using PortProxy. Some areas where PortProxy can be helpful and provide solutions during a transition phase include: An IPv4-only node can access an IPv6-only node. An IPv6-only node can access an IPv4-only node. An IPv6 node can access an IPv4-only service that is running on a PortProxy computer.
4-35
Lab Setup
For this lab, you will use the available virtual machine environment. Before beginning the lab, you must complete the following steps: 1. 2. 3. 4. On the host computer, click Start, point to Administrative Tools, and then click Hyper-V Manager. In Hyper-V Manager, click 6421B-NYC-DC1, and in the Actions pane, click Start. In the Actions pane, click Connect. Wait until the virtual machine starts. Log on using the following credentials: 5. User name: Administrator Password: Pa$$w0rd Domain: Contoso
Lab Scenario
Contoso has decided to begin the process of migrating their network to IPv6. Your initial task is to prove the principle of the migration by configuring a single client computer for IPv6. For this project, you must complete the following tasks: Configure a new IPv6 network and client. Configure an ISATAP Router to enable communication between an IPv4 network and an IPv6 network.
4-36
Close all open windows. Switch to NYC-DC1. Verify the Local Area Connection 2 properties: Default gateway: 10.10.0.1
6.
4-37
Note At this point, only IPv4 traffic is routed through the IPv4 routing infrastructure. Because ICMPv4 traffic is blocked by the Windows Firewall by default, you cannot test connectivity with ping.
Task 5: Configure an IPv6 router advertisement for the global address 2001:db8:0:1::/64 network on NYC-RTR
1. 2. Switch to NYC-RTR. Open a command prompt, and then type the following commands.
netsh interface ipv6 set interface "Local Area Connection 3" forwarding=enabled advertise=enabled netsh interface ipv6 add route 2001:db8:0:1::/64 "Local Area Connection 3" publish=yes
Task 6: Check the IP configuration on NYC-CL2 to ensure that it is configured with an IPv6 global address in the 2001:db8:0:1::/64 network
1. 2. Switch to NYC-CL2. At the command prompt, type ipconfig and then press ENTER. Note The output should be a link-local IPv6 address that starts with fe80. Two global IP addresses starting with 2001:db8:0:1: should also be included in the output. 3. Close the command prompt.
Results: At the end of this exercise, you will have configured NYC-CL2 for IPv6 only.
4-38
Exercise 2: Configuring an ISATAP Router to Enable Communication Between an IPv4 Network and an IPv6 Network
Scenario
In this exercise, you will configure ISATAP to enable connectivity between the new IPv6 client and the remaining IPv4 clients, including NYC-DC1. The main tasks for this exercise are as follows: 1. 2. 3. 4. Add the ISATAP entry in the DNS zone on NYC-DC1. Configure the ISATAP router on NYC-RTR. Enable the ISATAP interface on NYC-DC1. Test connectivity.
3.
Locate the Tunnel adapter isatap.{Interface_Index}: that has a Link-local IPv6 address that contains 10.10.0.1. Note the Interface_Index (including brackets) you will need it in a moment. Interface index:
4.
Type the following command, replacing Interface_Index with the number (and brackets {}) that you recorded earlier, and then press ENTER:
netsh interface ipv6 set interface isatap.Interface_Index forwarding=enabled advertise=enabled
4-39
5.
At the command prompt, type the following command, replacing Interface_Index with the number (and brackets {}) that you recorded earlier, and then press ENTER:
netsh interface ipv6 add route 2001:db8:0:10::/64 isatap.Interface_Index publish=yes
6.
Restart NYC-RTR and then log on using the following credentials: User name: Administrator Password: Pa$$w0rd
7.
Open a command prompt and type ipconfig and press ENTER. Note The Tunnel adapter associated with the 10.10.0.0/16 network will display an IPv6 address in the 2001:db8:0:10 range.
Note The Tunnel adapter isatap {Interface_Index} (which is the ISATAP adapter) has automatically received an IPv6 address from the ISATAP router.
Switch to NYC-CL2. Open a command prompt and then type the following commands:
Ping 2001:db8:0:10:0:5efe:10.10.0.10 ipconfig
4-40
5. 6.
Open Windows Firewall with Advanced Security. Create a new inbound rule with the following properties: Rule Type: Custom Program: Default Protocols and Ports: Protocol > ICMPv6 Scope: Default Action: Default Profile: Default Name: Allow PING
7. 8.
Switch to NYC-DC1. Open a command prompt, type Ping IPv6_address, and then press ENTER. Where IPv6_address is the IPv6 address on NYC-CL2 you noted earlier.
Results: At the end of this exercise, you will have configured ISATAP.
4-41
Lesson 5
The transition from IPv4 to IPv6 is expected to take years. IPv4 remains the IP standard for the majority of applications and Internet services in use today. However, more and more networks and applications might function well in an IPv6-capable environment, as Windows 7 and Windows Server 2008 R2 are adopted more widely. In this lesson, you will learn about the issues that you must consider when transitioning to IPv6 and review the necessary steps for transitioning to an IPv6-capable infrastructure.
Objectives
After completing this lesson, you will be able to: Describe considerations for migrating from IPv4 to IPv6. Describe a process for effectively transitioning to native IPv6. Troubleshoot an IPv6-based network.
4-42
When migrating from IPv4 to IPv6, you must consider the applications that you will use, your network devices, and potential device upgrades that might occur.
4-43
The migration from IPv4 to IPv6 is expected to take considerable time. This was taken into consideration when designing IPv6 and as a result, the transition plan for IPv6 is a multistep process that allows for extended coexistence. To achieve the goal of a pure IPv6 environment, use the following general guidelines: Upgrade your applications to be independent of IPv6 or IPv4. For example, applications can be changed to use new Windows Sockets application programming interfaces (APIs) so that name resolution, socket creation, and other functions are independent regardless of whether you are using IPv4 or IPv6. Update the DNS infrastructure to support IPv6 address and PTR records. You might have to upgrade the DNS infrastructure to support the new AAAA records (required) and PTR records in the IP6.ARPA reverse domain (optional). Additionally, ensure that the DNS servers support DNS traffic over IPv6 and DNS dynamic update for AAAA records so that IPv6 hosts can register their names and IPv6 addresses automatically. Upgrade hosts to IPv6/IPv4 nodes. You must upgrade hosts to use both IPv4 and IPv6. You also must add DNS resolver support to process DNS query results that contain both IPv4 and IPv6 addresses. You can deploy ISATAP in a limited capacity to test IPv6 and DNS functionality. Upgrade routing infrastructure for native IPv6 routing. You must upgrade routers to support native IPv6 routing and IPv6 routing protocols.
4-44
Troubleshooting IPv6
To troubleshoot IPv6, depending on the problem, you can: Start at the bottom of the stack and move up. Start at the top of the stack and move down.
When starting at the top of the stack, the methods you can use to troubleshoot IPv6 include: Verify IPv6 connectivity. Verify DNS name resolution for IPv6 addresses. Verify IPv6-based TCP sessions.
Verify Configuration
Ipconfig shows both IPv4 and IPv6. Commands in the Netsh interface IPv6 context only show IPv6 data. You also can use the Netsh.exe to view another computers IPv6 configuration data. You can obtain significant information using NETSH.exe, and use it to configure most IPv6 settings. To access the NETSH IPv6 configuration prompt, type: netsh c interface ipv6.
4-45
Verify Reachability
If a devices network card has changed, it is possible that the hardware address was not updated in the cache of the computer that is trying to connect. Ping also has been updated for IPv6. If you need to ping an IPv6 router using its link-local address, you should also supply a zone ID for that router (this is listed when you perform an Ipconfig). In addition to verifying reachability, you can: Check packet filtering: Check for IPsec policies Check the configuration of firewalls Check routers and intermediate firewalls for port filters
View the IPv6 routing table. This is a fairly advanced step that allows you to discern where your computer is trying to send specific network data. Verify the routing path taken using the Tracert tool. Verify router reliability using the Pathping tool. This is a method to detect bottlenecks or badly configured network hardware.
Ping: Use the Ping tool to test DNS name resolution. Make sure to ping the IPv6 name. Nslookup: Use the Nslookup tool to view DNS server responses. Set the query to look for AAAA records with the type=AAAA option.
4-46
Lab Setup
For this lab, you will use the available virtual machine environment. The virtual machines must be running following the completion of Lab A.
Lab Scenario
The pilot went well. Your manager has asked you to convert the network to IPv6. Your task is to disable ISATAP and enable native IPv6 routing. For this project, you must transition to a native IPv6 Network.
4-47
3.
Locate the Tunnel adapter isatap.{Interface_Index}: that has a Link-local IPv6 address that contains 10.10.0.1. Note the Interface_Index (including brackets) you will need it in a moment. Interface index:
4.
Type the following commands, replacing Interface_Index with the number (and brackets {}) that you recorded earlier.
netsh interface ipv6 set interface isatap.Interface_Index forwarding=disabled advertise=disabled netsh interface ipv6 delete route 2001:db8:0:10::/64 isatap.Interface_Index
4-48
3. 4.
Disable IPv4 on the Local Area Connection 2 by clearing the Internet Protocol Version 4 (TCP/IPv4) check box in the Local Area Connection 2 Properties. Enable IPv6 on the Local Area Connection 2 by selecting the Internet Protocol Version 6 (TCP/IPv6) check box in the Local Area Connection 2 Properties.
At the command prompt, type ipconfig and then press ENTER. Note the new IPv6 address (global address begins with 2001:) assigned to the Local Area Connection 2. Write down the IPv6 address in the space below. NYC-DC1 IPv6 address: _____________________________________________
4. 5.
Switch to NYC-CL2. Open a command prompt, type Ping global_IP_address, and then press ENTER. Where global_IP_address is the NYC-DC1 address that you noted previously.
6.
At the command prompt, type ipconfig /all and then press ENTER: Note the IPv6 address (global address begins with 2001:) assigned to the Local Area Connection 2. Write down the IPv6 address in the space below. NYC-CL2 IPv6 address: _____________________________________________
7. 8.
Switch to NYC-DC1 and switch to the Command Prompt. Open a command prompt, type Ping global_IP_address, and then press ENTER Where global_IP_address is the NYC-CL2 address that you noted previously.
Results: At the end of this exercise, you will have configured an IPv6 only network.
4-49
Review Questions
1. 2. 3. 4. 5. 6. What are the different types of unicast IPv6 addresses? What are the main reasons why IPv6 is necessary? What is the process called when a client configures itself with an IPv6 address? What kind of IP address does every IPv6 client automatically assign itself? How does the scope of an address affect its ability to communicate on a locally attached subnet? What is the main purpose of Teredo?
Tools
Tool IPconfig Route Netsh Use for Provides overview data for IPv4 and IPv6. Provides basic information about IPv4 and IPv6 routing tables. Provides detailed information about the IPv6 configuration, and it is the primary tool used to configure IPv6 in Windows Server 2008 and Windows Vista. You also can use this command-line tool to configure an IPv6 router.
4-50