In-Depth
Changing Addresses
Not too long ago, there were real fears that we’d run out of Internet Protocol (IP) addresses for our networks. That’s not likely to happen with IPv6.
THE TCP/IP PROTOCOL SUITE will save us from the scarcity of public IP
addresses. Windows XP contains Microsoft’s first IPv6 implementation,
and Windows .NET Server 2003 will contain the first production-ready version
of that implementation. Other network devices—such as routers, switches
and so forth—are receiving their IPv6-compatible updates in a slow but
steady stream. Within a year or two, most network devices should be capable
of handling IPv6 traffic. So what’s the big deal about IPv6 and why should
you care?
2128 Addresses
When the Internet’s popularity exploded, folks became concerned
about the availability of IP addresses. After all, IPv4’s four-octet address
space could only support about 4.2 billion addresses. IPv6 (by the way,
the version of TCP/IP you’ve been using is IPv4; version 5 was assigned
to another protocol), uses an entirely new addressing scheme that can
support more than 2128 addresses or about 665 million quadrillion addresses
for every square meter of the earth’s surface. That should be plenty!
IPv6 addresses look different, too. For one, they’re hexadecimal. For
another, they’re very long: 21DA:00D3:0000:2F3B:02AA: 00FF:FE28:9C5A is
an example. You can use a form of shorthand, which removes contiguous
blocks of zeros to make IPv6 addresses a bit easier to read. For example,
21DA:D3:0:2F3B:2AA:FF:FF228:9C 5A is a simplified version of the first
example. Notice that all leading zeros within the address have been removed.
You can simplify one step further and remove any standalone zeros: 21DA:D3::
2F3B:2AA:FF:FF228:9C5A. Note the double colon standing in where there
used to be four zeros.
Even simplified, though, you’re looking at a pretty long IP address,
which means you’ll be relying even more on name-resolution technologies,
like DNS, so you can work with easier-to-remember host names instead of
long strings of letters and numbers. You’ll be happy to learn that the
DNS specifications have been extended to include a new record type, “AAAA,”
which supports IPv6 addresses, and that .NET’s DNS server software supports
these records. I’ll discuss DNS a bit more toward the end of this article.
Like IPv4, which breaks its address range into five distinct classes
(Classes A, B and C being the most common), IPv6 breaks its tremendous
address space into distinct blocks. For example, about 1/256th of the
addresses are used for multicast applications, another 1/1,024th for local
site unicast addresses (more on those in a bit) and so on. All told, about
15 percent of the IPv6 addresses are used for unicast, or single-host,
addresses. A huge portion of the addresses is reserved for future use,
making IPv6 extensible for applications we can’t even imagine today.
What about subnet masks? A major component of today’s IP networks, IPv6
doesn’t use them at all. Instead, IPv6 uses prefixes to tell it which
portion of an address represents the network ID. These prefixes are similar
to the Classless Interdomain Routing (CIDR) notation you may use in IPv4.
For example, 21DA:D3:0:2F3B::/64 indicates a 64-bit subnet mask.
Types of Addresses
IPv4 really only had two types of addresses: Single-host addresses
and a special broadcast address. A range of single-host addresses is set
aside for multicast use, but that range was kind of an add-on to the basic
IPv4 addressing scheme. IPv6, on the other hand, has three distinct types
of addresses:
- Unicast addresses represent a single network interface, such
as the network adapter in your laptop. Traffic sent to a unicast address
is received only by the host using that address, just like the IP addresses
we use today.
- Multicast addresses can be used to represent multiple network
interfaces, such as every network adapter in every computer participating
in an online conference. Individual computers can subscribe to multicast
addresses to take part in multicast traffic, in much the same way that
individual people can dial into a traditional conference call. Traffic
sent to a multicast address is received by every computer using the
address.
- Anycast addresses allow traffic to be delivered to the nearest
network interface using the anycast address, so that only one recipient
receives the traffic, even if multiple computers have subscribed to
the anycast address. Anycasts help simplify routing decisions on complex
networks and are kind of a cross between a unicast address and a multicast
address.
Notice that IPv6 doesn’t define a specific broadcast address like IPv4
does. With IPv6, there’s really no such thing as a broadcast; instead,
devices use multicasts to address multiple computers at once. IPv6 does
define special multicast addresses to which all IPv6 network interfaces
must subscribe, and these addresses can be used to duplicate the effects
of a broadcast. There’s a special subnet-wide multicast address, a site-wide
multicast address and so forth, so each IPv6 computer on a network will
have a number of IPv6 addresses:
- A link-local address, which provides communications within
the same subnet. The link-local address is non-routable and is similar
to the Automatic Private IP Addressing (APIPA) IPv4 network range, 169.254.0.0.
.NET’s IPv6 network stack automatically generates a unique link-local
address for each network adapter in the computer and will use this address
to communicate with other computers on the local subnet. IPv6 routers
can safely ignore all link-local traffic, because, by definition, it’s
not intended for other subnets.
- A site-local unicast address, which is unique within the network.
This is basically the same as the private IPv4 address ranges, such
as 192.168.0.0. Site-local unicast addresses aren’t routable on the
Internet.
- Optionally, a global unicast address, which is unique across
the Internet. This is similar to the public IP address ranges used under
IPv4. The Internet Assigned Numbers Authority (IANA) will continue to
be responsible for issuing global IPv6 addresses to organizations to
ensure uniqueness, just as they do for public IPv4 address ranges today.
In most corporate environments, computers will only have a site-local
unicast address; external devices like firewalls will also have a global
address and perform Network Address Translation (NAT) between the internal
site-local addresses and the Internet global addresses.
- A local subnet multicast, which allows multicasts to all computers
on a particular subnet.
- A site-wide multicast, which allows multicasts to all computers
within a particular site.
- Perhaps a company-wide multicast, which would allow multicasts
to all computers within a company, including computers at different
geographic locations.
- Any other multicast addresses the interface subscribes to for specific
events such as an online conference.
Backward Compatibility
IPv6 has actually been around for several years, but it’s taking
a long time for folks to adopt it, as it represents a major change in
how networks run. Heck, until .NET comes out, we won’t even have a Windows
operating system that can handle IPv6! Because the IPv6 conversion will
undoubtedly take several more years, IPv6 provides robust backward compatibility
with IPv4. For example, the IPv6 address 0:0:0:0:0:0:192.168.0.2 represents
the IPv4 address 192.168.0.2 and can be expressed in shorthand as ::192.168.0.2.
When an IPv6 computer sends information to a backward-compatible address,
the computer encapsulates the IPv6 header information into a standard
IPv4 packet, ensuring that the IPv6 information can be transported across
an older IPv4 network. These compatibility addresses are used by computers
that support both IPv6 and IPv4, which is the case for .NET computers
that have IPv6 enabled.
| Want
to Know More About IPv6? |
|
|
|
|
Sometimes, an IPv6 computer will need to contact a computer that only
understands IPv4. In these cases, the IPv6 computer uses a mapped address,
such as ::FF:192.168.10.5. This IPv6 representation of an IPv4 address
tells the sending computer that the destination only supports IPv4 and
that it should send pure IPv4 packets to that destination.
What’s in .NET?
.NET contains a pretty comprehensive IPv6 implementation. For example,
the built-in DNS Client service and the DNS Server software support dynamic
registration of IPv6 addresses. The new “AAAA” DNS record type contains
IPv6 addresses. This new record type allows the same DNS server to perform
IPv6 name resolution, as well as IPv4 name resolution, as IPv4 addresses
are contained in “A” records.
.NET’s IPSec stack also supports IPv6 in a variety of configurations
and includes the Ipsec6.exe tool, which allows you to manually configure
IPv6-based security policies, associations and encryption keys. Windows
Sockets has been updated to support both IPv4 and IPv6 connections, which
means all Remote Procedure Call (RPC) traffic can run over IPv4 or IPv6.
Internet Explorer, Telnet, FTP, IIS 6.0, file and print sharing, Windows
Media Services and Network Monitor all support IPv6. Finally, .NET supports
IPv6 routing through the use of:
netsh interface ipv6 route
This allows you to configure a server with static IPv6 routes, effectively
turning the server into a rudimentary IPv6 router.
What .NET IPv6 Doesn’t Have
INET doesn’t contain a GUI for configuring IPv6. Instead, you’ll have
to use:
netsh interface ipv6
from a command line, to configure IPv6. For example:
netsh interface ipv6 add address "Private" FE80::2
adds a new address to the network interface named Private. And finally,
.NET doesn’t ship with an IPv6 DHCP server. There’s a specification for
the DHCPv6 protocol, which provides fully automatic configuration of IPv6
addressing information, but Windows simply doesn’t include the server
software that implements the protocol. Without DHCPv6, you’ll be back
in the good old days of manual configuration for everything but the link-local
address, which Windows’ IPv6 stack configures automatically. One piece
of good news: IPv6 configuration doesn’t include a default gateway setting.
Instead, IPv6 hosts listen for special broadcasts from IPv6-compatible
routers and automatically select the nearest available router as their
default gateway. This handy trick makes your network more self-healing,
as computers can automatically discover alternate routers if their first
choice fails.
Deploying IPv6
Most companies will deploy IPv6 to their boundary devices like
routers, firewalls and so on first. Most newer editions of these devices
already support IPv6 and simply require some minor configuration to make
it active. Many Cisco devices, for example, include an IPv6 stack that’s
disabled by default. You’ll also need to deploy a DHCPv6 server (perhaps
Microsoft will release an add-on DHCPv6 server for .NET in the near future),
and you’ll need to deploy an IPv6 stack to your client computers. .NET
will have Microsoft’s first production-ready IPv6 stack. I expect an add-on
to be available for Windows XP Professional, at least, and expect the
next version of Windows to include an IPv6 stack. You may be out of luck
for older operating systems, although Microsoft could decide to release
an IPv6 stack for Win2K at some point.
Why Bother?
With technologies like NAT in everyday use on most networks, the
feared shortage of IPv4 addresses is less of a worry than it first seemed.
Still, IPv6 offers a lot more than nearly infinite addresses: It offers
a whole new way to think about network traffic. Computers will suddenly
have multiple addresses to work with, making multicast applications like
video and audio streaming easier and more efficient.
The variety of scope-specific addresses, such as link-local and site-local
addresses, makes it easier for routers to do their jobs, enabling routers
to handle more network traffic than before. Scoped addresses might have
interesting applications in other areas, too. For example, you might be
able to target a software deployment for a specific subnet on your network,
based on the computers’ subnet-specific multicast addresses. Pop-up messages
might become more useful, as you’d be able to send an instant message
to an entire site or to a specific subnet, based on the appropriate multicast
address.
IPv6 has been a long time coming—and it’ll likely be a long time yet
before we’re all using it—but it offers a lot of exciting possibilities
for the network of the future.