From Tom’s forum post in the UAG DA forum:
When you read the DirectAccess (DA) documentation, you might find reference to native IPv6, IPv6 capable and IPv4 only. You might have also noticed that no one seems to define these terms. If you haven’t been in the IPv6 space before, you might find all this a bit confusing.
When we refer to “native IPv6”, we’re referring to network where the entire infrastructure has been upgraded to support IPv6. All the machines and services on the network support IPv6, the routing infrastructure supports IPv6, and supporting network services also completely work with IPv6, such as DNS and DHCP. The native IPv6 infrastructure is all IPv6 all the time, and typically has a connection to the public IPv6 Internet, since that drives the IP addressing configuration on the native IPv6 corpnet.
Needless to say, there aren’t many networks out there that are native IPv6. There are a handful of firms that are moving in that direction, but I’m not aware of any that are fully there – although that is our vision of the future. How near that future is to becoming a common reality is hard to say.
Because we expect that no one is going to have a native IPv6 infrastructure, UAG DA is designed to work with and is optimized for the networks of today, which may have some IPv6 capability or no IPv6 capability at all.
This is where the concept of “IPv6 capable” comes into play. An IPv6 capable network is one that can support IPv6 services and technologies by taking advantage of IPv6 transition technologies. The IPv6 transition technology used on intranets is the Intra-Site Automatic Tunnel Addressing Protocol (ISATAP). ISATAP allows network services and applications to use an ISATAP adapter on the client and then tunnel those IPv6 messages inside an IPv4 header so that your existing IPv4 network can move the IPv6 communications over your current IPv4 infrastructure.
An IPv6 capable network will have a DNS server that can record IPv6 ISATAP addresses and has systems that can configure themselves as ISATAP hosts and communicate with an ISATAP router. Windows Server 2008 and above and Windows Vista and above can configure themselves as ISATAP hosts and communicate with an ISATAP router. When you run the UAG DA wizard, the wizard will configure the UAG DA server as an ISATAP router.
Note that an IPv6 capable network can represent a mix of IPv6 capable systems and IPv4 only systems. This begs the question “what is an IPv4 only network”?
And IPv4 only network is one where the routing infrastructure, the network supporting services and the network applications do not support IPv6 at all. This network is one that includes servers older that Windows Server 2008 and Windows Vista, and also many non-Microsoft systems, which typically do not include IPv6 transition technology support (at least not at this time). We suspect that most networks will represent a mix of IPv4 only and IPv6 capable.
This is why UAG DA is so important. With the UAG DA DNS64/NAT64 technology, we can support both IPv6 capable and IPv4 networks. Of course, we can also support native IPv6, but since that isn’t what you see out there, they aren’t quite as much of an issue.
So there you have it – now you understand the differences between “native IPv6”, “IPv6 capable” and “IPv4 only” networks. Make sure to post a comment to this thread if you have questions on any of this. Thanks! –Tom.
DEBRA LITTLEJOHN SHINDER
MVP (Enterprise Security)