IPv6 for Windows Admins (Part 1)

If you would like to read the other parts in this article series please go to:

Introduction

While most administrators of Windows-based networks are very knowledgeable IPv4 addressing, subnetting, routing, and such topics, many admins lack such confidence when it comes to similar aspects of the IPv6 networking protocol. This short series of articles is intended to walk you through some of the basics of understanding and configuring IPv6 on Windows and Windows Server systems. The explanation and procedures included below are largely adapted from my book Training Guide: Installing and Configuring Windows Server 2012 R2 (Microsoft Press, 2014). Also included at the end of this short series are some additional tips and gotchas on this subject that I’ve gleaned from the larger IT pro community including the almost 100,000 followers of our WServerNews weekly newsletter which you can subscribe to at http://www.wservernews.com/subscribe.htm.

IPv6 concepts and terminology

Although some IPv6 concepts and terminology are similar to those for IPv4, others are quite different. The following list is a brief summary of some of the important IPv6 terminology with which you should be familiar when you begin developing an IPv6 migration plan for your organization. Figure 1 illustrates how many of these concepts are interrelated. Additional IPv6 terminology is introduced later in this series when appropriate.

Node – A device that can be configured with an IPv6 address. Examples of nodes include hosts and routers.

Host – A node that can be either the source of or a destination for IPv6 traffic. Hosts are not able to forward IPv6 packets that are explicitly addressed to them. Instead, they silently discard such packets.

Router – A node that is able to forward IPv6 packets not explicitly addressed to itself. Routers advertise their presence on a network. They also advertise host configuration information.

Link – A collection of network interfaces that use the same 64-bit IPv6 unicast address prefix, which includes hosts but not routers. Links are bounded by routers and are also referred to as network segments or subnets.

Interface – A representation for how a node is attached to a link. An interface can be either of the following:

Physical – For example, a network adapter in a server

Logical – For example, a tunnel interface that encapsulates IPv6 packets inside an IPv4 header to send IPv6 traffic over an IPv4-only network

Address – An identifier that designates either the source of or destination for an IPv6 packet. IPv6 addresses are assigned at the IPv6 layer of an interface. The different types of IPv6 addresses are described later in this series.

Neighbors – Nodes connected to the same link. In IPv6, neighbors are able to detect and monitor reachability with one another by using a process called Neighbor Discovery.

Network – Two or more links connected by routers.

Site – An autonomously operated IPv6 network that is connected to the IPv6 Internet.

Image
Figure 1: A diagram illustrating some basic IPv6 networking concepts, including hosts, routers, neighbors, and links. 

IPv6 and the TCP/IP protocol architecture

As Figure 2 illustrates, the TCP/IP protocol networking stack on the Microsoft Windows platform is implemented using a dual IP layer approach. This means, for example, that

  • Only a single implementation of transport layer protocols–such as Transmission Control Protocol (TCP) and User Datagram Protocol (UDP)–is needed for both IPv4 and IPv6 communications.
  • Only a single implementation of framing layer protocols–such as Ethernet (802.3), Point-to-Point Protocol (PPP), and mobile broadband (802.11)–is needed for both IPv4 and IPv6 communications.

This dual IP layer TCP/IP stack is implemented on the following Windows platforms:

  • Windows 8.1
  • Windows 8
  • Windows 7
  • Windows Vista
  • Windows Server 2012 R2
  • Windows Server 2012
  • Windows Server 2008 R2
  • Windows Server 2008

Image
Figure 2: A diagram illustrating the components of the dual IP layer TCP/IP networking stack.

Note:
Because IPv6 functionality is essentially the same on Windows 8.1, Windows 8, Windows 7, Windows Vista, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, and Windows Server 2008, all information presented in the remainder of this series applies to these specific Windows platforms unless explicitly stated otherwise. IPv6 functionality in earlier Windows platforms, such as Windows XP and Windows 2003, is more limited and therefore is not covered in this series.

Default IPv6 functionality

On Windows platforms, IPv6 is installed by default and cannot be uninstalled because it is a fundamental component of Tcpip.sys, the TCP/IP driver file on these platforms. IPv6 is also enabled by default for all connections in the Network Connections folder on a Windows computer. To verify this, open the properties of a network connection, select the Networking tab, and check that Internet Protocol Version 6 (TCP/IPv6) is selected, as shown in Figure 3.

Image
Figure 3: A screen shot showing the Networking tab of the properties of a network connection on a server running Windows Server 2012 or Windows Server 2012 R2 and which shows that IPv6 is enabled by default.

IPv6 is also preferred over IPv4 for network communications by Windows computers. For example, if a DNS server returns both IPv4 and IPv6 addresses in response to a name query, Windows will first try to communicate with the remote host using IPv6. If this fails, Windows will then attempt to use IPv4.

Disabling IPv6

Although you cannot uninstall IPv6 on Windows platforms, you can disable it if desired. However, Microsoft does not recommend disabling IPv6 for the following reasons:

  • During the development of Windows platforms by Microsoft, services and applications were tested only with IPv6 enabled. As a result, Microsoft cannot predict the possible consequences of disabling IPv6 on Windows.
  • Some Windows features will not function if IPv6 is disabled. Examples of such features include DirectAccess and Remote Assistance.

By leaving IPv6 enabled, you ensure that your Windows computers are fully supported and that all network-enabled features can work as intended. However, if you decide you need to disable IPv6 on a Windows computer for some reason, there are several ways you can do this. For example, if you want to disable IPv6 for a specific local area network (LAN) interface on a Windows computer, you can do so by deselecting Internet Protocol Version 6 (TCP/IPv6) on the Networking tab of the connection’s properties, as shown previously in Figure 3. Note, however, that performing this action does not disable IPv6 for either the loopback interface or any tunnel interfaces on the computer.

To disable specific types of IPv6 functionality for all interfaces on a Windows computer, perform the following steps:

  1. Create a new DWORD registry value named DisabledComponents under the following registry key:
    HKLM\SYSTEM\CurrentControlSet\Services\tcpip6\Parameters\
  2. Create an 8-bit binary that defines the types of IPv6 functionality you want to disable by using the following information:
    • Bit 0 – Set this bit to 1 to disable all IPv6 tunnel interfaces, including ISATAP, Teredo, 6to4, and IP-HTTPS, or set it to 0 to leave all IPv6 tunnel interfaces enabled.
    • Bit 1 – Set this bit to 1 to disable all 6to4 tunnel interfaces or set it to 0 to leave all 6to4 tunnel interfaces enabled.
    • Bit 2 – Set this bit to 1 to disable all ISATAP-based interfaces or set it to 0 to leave all ISATAP-based interfaces enabled.
    • Bit 3 – Set this bit to 1 to disable all Teredo-based interfaces or set it to 0 to leave all Teredo-based interfaces enabled.
    • Bit 4 – Set this bit to 1 to disable IPv6 for all nontunnel interfaces, including LAN and PPP interfaces, or set it to 0 to leave all nontunnel interfaces enabled.
    • Bit 5 – Set this bit to 1 to configure the default prefix table so that IPv4 is preferred over IPv6 when attempting to establish a network connection or set it to 0 to leave IPv6 as the preferred network layer protocol.
    • Bit 6 – Leave this bit set to 0 because it is reserved for future use.
    • Bit 7 – Set this bit to 1 to disable all IP-HTTPS-based interfaces or set it to 0 to leave all IP-HTTPS-based interfaces enabled.
  1. Convert the binary number you created into hexadecimal form and assign it as the value for the DisabledComponents registry value. Remember that bit 7 is the leftmost bit and bit 0 is the rightmost bit of the binary number.
  2. Restart the computer to have the changes take effect.

For example, say you want to disable both Teredo and 6to4 on a Windows computer but leave ISATAP and all other IPv6 functionality enabled. To do this, you need to assign values to bits 0 through 7 as follows:

  • Bit 0 – 0
  • Bit 1 – 1
  • Bit 2 – 0
  • Bit 3 – 1
  • Bit 4 – 0
  • Bit 5 – 0
  • Bit 6 – 0
  • Bit 7 – 0

The binary number 00001010 converted to hexadecimal form is 0xA, and this is the value you would assign to the DisabledComponents registry value.

Conclusion

We’ll conclude this first article with a short self-test quiz:

Quick check

What effect will the value 0x21 have when it is assigned to a newly created DisabledComponents registry value on a Windows computer?

Quick check answer

The hexadecimal number 0x21 converted to binary form is 00100001, which means that bits 0 and 5 have the value 1. Assigning this value to the DisabledComponents registry value will do two things. First, it will cause IPv4 to be preferred over IPv6 when the computer attempts to establish network communications. Second, it will disable all IPv6 tunnel interfaces on the computer.

If you would like to read the other parts in this article series please go to:

Leave a Comment

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top