Configuring IPv6 in Windows with NetShell

IPv6 on Board

Prefix Policy

The prefix policy of an IPv6 host sets the priority for using various types of addresses. For instance, the policy might ensure that IPv6 addresses are used before IPv4 addresses, and that tunnel addresses and other temporary address types take lower priority. To view the prefix policy, type:

netsh interface ipv6 show prefixpolicies

The first column Precedence shows the priority – a higher number is considered more important. The ::/0 prefix stands for an arbitrary IPv6 address; ::/96 designates an IPv4 address. 6to4 tunnel addresses with a prefix of 2002::/16 are not used unless no native IPv6 addresses exist.

Teredo addresses with a prefix of 2001::/32 are only used, as per the prefix policy, if other addresses are not available.

This behavior, however, might not be ideal. For example, several sites automatically build an IPv6 tunnel to a tunnel broker (Hurricane Electric or SiXXs) as soon as an Internet connection is available.

Opening an IPv6 tunnel can have a dramatic effect on performance, so it might be desirable to give tunnel broker addresses a lower priority than IPv4 addresses. If the tunnel broker prefix is 2001:db8:1234::/48, you can downgrade its authority using the following command:

netsh interface ipv6 add prefixpolicy \
  2001:db8:1234::/48 3 6

In the preceding command, the number 3 states the priority (which is very low), and the number 6 represents the formal ID of the entry, known as the label, in the prefix policy. IPv4 addresses now take priority over the tunnel broker addresses.

More IPv6 Data Structures

IPv6 uses cache-style tables to optimize individual processes. In addition to the neighbor cache, which I described earlier in this article, the destination cache (also known as the route cache) is another important IPv6 cache.

The destination cache shows the addresses used for delivering or forwarding IPv6 packets to their destinations. The entries in the cache could refer to the actual destination, if it is located on the local subnet, or to the next-hop address. The destination cache also displays the path MTU (PMTU) that represents the smallest maximum transmission unit (MTU) en route to the target. To view the destination cache, type:

netsh interface ipv6 show destinationcache

The list of potential routers is another cache. The following command displays the potential routers:

netsh interface ipv6 show potentialrouters

This list contains all IPv6 router addresses from which router advertisements have been received. These routers are potential routes out of your own subnet.

IPv6 and Tunnels

IPv6 provides various mechanisms to enable smooth migration and parallel operation with IPv4. These mechanisms include various tunnel technologies and dual stack mode. Key tunnel technologies include:

  • 6to4: 6to4 routers and relays are used to transport IPv6 packets between IPv6 islands on the IPv4 Internet. This technology is regarded as obsolete today, but it is still in use.
  • ISATAP: A tunnel technology that targets corporate network infrastructures and uses the IPv4 infrastructure as a virtual link-layer to transport tunneled IPv6 packets. ISATAP was designed primarily for testing purposes by Microsoft; Microsoft itself does not recommend production operation.
  • Teredo: Designed to overcome NAT restrictions of other tunnel techniques, Teredo has proved to be almost totally unsuited to production use. Despite the problems, Windows operating systems may use Teredo tunnel interfaces.

As a general rule, Windows creates virtual interfaces in order to use these tunnel technologies. However, this behavior is not desirable in many cases, so disabling these mechanisms is key. To disable 6to4, type:

netsh interface ipv6 6to4 set state disabled

You can switch off ISATAP with:

netsh interface ipv6 isatap set state disabled

And, entering:

netsh interface ipv6 set teredo disable

will disable Teredo.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Advanced Security in Windows Firewall

    Windows Firewall with Advanced Security was introduced in Vista/Windows Server 2008. Compared with the old Windows Firewall, it offers many new features and possibilities.

  • Setting up and managing IPv6 on Windows Server 2016
    Windows Server 2016 automatically prefers IPv6 addresses, if available, but the manual configuration steps differ from IPv4 and necessitate new tools. Here's how to approach IPv6 in your daily admin work.
  • Neglected IPv6 Features

    IPv6 is establishing itself in everyday IT life, and all modern operating systems from Windows, through Mac OS X, to Linux have it on board; but if you let IPv6 introduce itself into your environment, you could be in for some unpleasant surprises.

  • Network management with the IPRoute2 toolbox
    Traditional administration command-line tools such as ifconfig, route, and arp are almost as old as TCP/IP itself. We provide an overview of how the IPRoute2 toolkit now unifies the management of kernel network components.
  • IPRoute2: arp, route, and ifconfig in a Single Tool

    Traditional administration command-line tools such as ifconfig, route, and arp are almost as old as TCP/IP itself. We provide an overview of how the IPRoute2 toolkit now unifies the management of kernel network components.

comments powered by Disqus