IPv6 Support in Microsoft Windows
IPv6 is something that many administrators of Windows-based networks need to start taking seriously. Asian countries like China, South Korea, and Japan are already starting rollouts of IPv6 networks, and Europe and North America are likely to need to follow soon. Why? Because the current version IPv4 has some serious limitations that are causing it to show its age as a protocol. For instance, the exponential growth of the Internet has placed a heavy burden on the core routers in the Internet's backbone by making their routing tables so large that routing performance can be impacted. IPv4 also falls short in the area of security, and although using IPSec can add the necessary security, IPSec is complex to configure and maintain in real-world networking environments. IPv4 also falls short in the area of quality of service (QoS), and with Internet backbones carrying huge amounts of delay-sensitive voice and video traffic nowadays, maintaining QoS is essential to maintaining end-user satisfaction. Finally, network address translation (NAT) is only a stopgap measure to avoiding IP address exhaustion, and IPSec can't traverse NATs which makes using IPSec to secure small business networks problematic.
Enter IPv6, the next generation of Internet Protocol and one that easily overcomes all of these limitations. IPv6 includes a hierarchical addressing structure that keeps routing tables small for the Internet's core routers. IPv6 has security built into it from the ground up rather than added on as an extra protocol layer. IPv6 has built-in support for efficiently delivering data in real time to provide enhanced QoS. And IPv6 eliminates the need for NAT, which makes end-to-end connectivity easier to establish and maintain. But if IPv6 is so terrific, why isn't it ubiquitous?
Part of the reason for the continuing presence of IPv4 in most corporate networks is cost. There's simply no compelling business case to be made for migrating to IPv6 if your organization's IPv4 network has already been tweaked, tuned, hacked, and configured so that it works just fine to support your company's present business goals. In other words, management will always ask, "If it's not broken, why spend money to fix it?" This may be true, but in an increasingly interconnected global networking environment, it's also somewhat shortsighted.
Another reason however for the IPv4's continued dominance in corporate networks is the fact that most of the computers running on these networks run some version of Microsoft Windows, and support for IPv6 in Windows platforms has evolved relatively slowly over the last decade. Why? Again, business reasons come into play, for why create and sell a product (like an IPv6-capable version of Windows) unless the marketplace needs or wants it? To give credit where it's due however, Microsoft has not taken such a shortsighted approach and has steadily evolved IPv6 support in its Windows platforms since the late 90s as we'll see in a moment. The upside of this is that you can now get versions of Windows that fully support most aspects of IPv6 (namely Windows XP and Windows Server 2003) and you will soon be able to get versions of Windows that not only fully support IPv6 but also provide enhanced performance for IPv6 networking (namely Windows Vista and the yet-to-be-named Longhorn Server). The downside of this slow and steady evolution however is that the Windows computers on your company's network may today not only not fully support IPv6 but very likely support it to different degrees. This is because many large companies still maintain a hodgepodge of recent and legacy Windows versions ranging from Windows 98 to Windows XP on the client side and Windows NT to Windows Server 2003 on the server end. Yes I know that Windows 98 is not secure and Windows NT is no longer officially supported by Microsoft, but businesses who don't want to spend the money to upgrade still run them—and such businesses still constitute a fairly visible slice of the market.
To help you position where your own business lies in terms of support for IPv6, it helps to be familiar with how IPv6 support in Windows has evolved over the years and which versions support what features. Below is a timeline of major milestones in the release of new IPv6 support for different versions of Windows:
Sometime in 1998 Microsoft Research releases its first trial version IPv6 protocol stack, which can be installed on Windows 95 or Windows 98 to provide limited IPv6 support. If you're still running Windows 98 (or—help us!—Windows 95) on any machines on your network, then having them use IPv6 is pretty much out of the question. The solution? Upgrade to Windows XP immediately, or wait for Windows Vista to be released towards the end of 2006.
In March of 2000 (the year the stock market imploded and the dot.com boom started going bust) Microsoft released something called IPv6 Technology Preview for Windows 2000. The goal of this release was to provide developers something to work with to help them write IPv6-aware applications. This technology preview is still available from the Microsoft Download Center, but it's not intended for production networks and should be deployed only in a test environment. So if you're still running Windows 2000 Professional, you can install this preview to get some limited IPv6 support, which includes stateless address autoconfiguration (automatic assignment of link-local addresses to each network interface upon startup) and automatic assignment of site-local or global addresses when IPv6 router advertisements as received (requires an IPv6-enabled router). You could try running this on your production network, but you do so at your own risk since Microsoft doesn't officially support this version of the IPv6 stack. So again, the best solution if you want good IPv6 support is to either upgrade to Windows XP now or wait for Vista.
Windows XP and Windows Server 2003
When Windows XP was released in October of 2001, it included an optional IPv6 stack but again it was only a developer preview. But when Microsoft released Service Pack 1 for Windows XP in September of 2002, it included a brand-new production-quality version of the IPv6 stack, one that was fully support by Microsoft. Organizations that, for whatever reason, have not applied SP2 to their XP machines can get good IPv6 support using XP SP1's optional IPv6 stack, though unfortunately certain networking functions don't work with this such as file and printer sharing and DNS. Clearly if you really want to deploy a full IPv6 infrastructure, something more is needed. Some of that "more" appeared later in July of 2003 when Microsoft released the Advanced Networking Pack for Windows XP, an optional add-on for XP SP1 that is still available from the Microsoft Download Center. In addition to an improved IPv6 stack, the Advanced Networking Pack also included a limited IPv6 firewall and support for several IPv4/v6 transition technologies that can be used to automatically tunnel IPv6 packets over existing IPv4 networks in order to help organizations plan their transition to future pure-IPv6 networks. The transition technologies supported by the Advanced Networking Pack included 6to4 (provides unicast IPv6 connectivity between IPv6 hosts across the IPv4 Internet), ISATAP (provides similar support across an IPv4 intranet), Teredo (provides IPv6 connectivity across NATs), and more. That's a lot of support and using it you can deploy a fairly full-featured IPv6 network. The year 2003 also saw the release in March of Microsoft Windows Server 2003, which included pretty much the same features as the Advanced Networking Pack as far as IPv6 support goes, though only limited support for Teredo server relays was included in this release (Microsoft released a beta version of a Teredo server relay around that time, but development for this seems to have gone underground since then and is likely to appear full-blown in Longhorn Server). Then in August of 2004 Microsoft released Service Pack 2 for Windows XP, which basically roles the features of the Advanced Networking Pack right into the product so you don't have to download and install this Pack to get IPv6 support. Some other changes were made in SP2 however to IPv6—for one thing, Internet Connection Firewall was replaced by Windows Firewall, which provides a single, integrated firewall that supports both IPv4 and IPv6 filtering for inbound traffic. However, both IPv4 and IPv6 share the same settings in Windows Firewall, so if you enable an exception for one protocol you do so for the other as well.
Windows Vista and Beyond
If you need to deploy IPv6 across your Windows network today, then Windows XP SP2 and Windows Server 2003 SP1 (or R2) give you good support for the protocol and the various transition technologies—good but not perfect. For one thing, performance is not that great because these versions of Windows use a dual-stack architecture, that is, two IP stacks side by side. In addition to being inelegant, it's inefficient to implement IPv6 this way, but this will change in Vista where a single, unified dual-layer stack will be used instead. What this means, from an administrator's point of view is that, if you want to enable IPv6 on Windows XP machines, you have to install this network component first. In Vista however, IPv4 and IPv6 are both installed and enabled by default since they are a single network component. So Vista will be IPv6 ready out-of-the-box. In addition, Vista will also expose IPv6 settings in the GUI (Windows XP requires that you configure them from the command-line) and will provide improved support for IPSec over IPv6 (support for this in Windows XP is limited). Longhorn Server will likely push the envelope of IPv6 support in Windows even further, but it's still to early to know the details of this. Bottom line is, if you need IPv6 now you can get good support with current Windows platforms, but if you can wait a bit until Vista arrives (and Longhorn Server if you're patient) then you can get even better support for this protocol. And like all planning decisions like this, in the end it all boils down to what your business needs, now and for the future.