IPv6 for Windows XP

A look at getting up and running with IPv6 on Windows XP.

Windows XP is the first operating system form Microsoft to include IPv6 support by default. It is considered by Microsoft to be an experimental release and as such it is installed but not enabled by default.

Enabling IPv6

Enabling IPv6 is a simply a matter of running ipv6 install from a command prompt:

 C:\> ipv6 install
   Installing...
  Succeeded.

  C:\>

Most of the standard IPv4 network commands and user interface components do not show any of the IPv6 information. Two new commands are provided for this purpose:

  • ipv6
  • netsh

To see the ipv6 configuration information you can use the ipv6 if command:

 C:\>ipv6 if
 Interface 5: Ethernet: Local Area Connection
   uses Neighbor Discovery
   uses Router Discovery
   link-layer address: 00-e0-18-fb-7a-25
     preferred global 2002:ac1d:2d64:1:5f4:46e0:6dd7:21f6, life 5m/2m (anonymous)
     preferred global 2002:ac1d:2d64:1:2e0:18ff:fefb:7a25, life 5m/2m (public)
     preferred link-local fe80::2e0:18ff:fefb:7a25, life infinite
     multicast interface-local ff01::1, 1 refs, not reportable
     multicast link-local ff02::1, 1 refs, not reportable
     multicast link-local ff02::1:fffb:7a25, 2 refs, last reporter
     multicast link-local ff02::1:ffd7:21f6, 1 refs, last reporter
   link MTU 1500 (true link MTU 1500)
   current hop limit 64
   reachable time 26000ms (base 30000ms)
   retransmission interval 1000ms
   DAD transmits 1
 Interface 4: Ethernet: Local Area Connection 2
   uses Neighbor Discovery
   uses Router Discovery
   link-layer address: 00-d0-5c-22-23-7e
     preferred link-local fe80::2d0:5cff:fe22:237e, life infinite
     multicast interface-local ff01::1, 1 refs, not reportable
     multicast link-local ff02::1, 1 refs, not reportable
     multicast link-local ff02::1:ff22:237e, 1 refs, last reporter
   link MTU 7168 (true link MTU 7168)
   current hop limit 128
   reachable time 28000ms (base 30000ms)
   retransmission interval 1000ms
   DAD transmits 1
 Interface 3: 6to4 Tunneling Pseudo-Interface
   does not use Neighbor Discovery
   does not use Router Discovery
   link MTU 1280 (true link MTU 65515)
   current hop limit 128
   reachable time 27000ms (base 30000ms)
   retransmission interval 1000ms
   DAD transmits 0
 Interface 2: Automatic Tunneling Pseudo-Interface
   does not use Neighbor Discovery
   does not use Router Discovery
   router link-layer address: 0.0.0.0
   EUI-64 embedded IPv4 address: 0.0.0.0
     preferred link-local fe80::5efe:172.20.0.208, life infinite
     preferred link-local fe80::5efe:192.168.44.21, life infinite
   link MTU 1280 (true link MTU 65515)
   current hop limit 128
   reachable time 28500ms (base 30000ms)
   retransmission interval 1000ms
   DAD transmits 0
 Interface 1: Loopback Pseudo-Interface
   does not use Neighbor Discovery
   does not use Router Discovery
   link-layer address:
     preferred link-local ::1, life infinite
     preferred link-local fe80::1, life infinite
   link MTU 1500 (true link MTU 4294967295)
   current hop limit 128
   reachable time 36500ms (base 30000ms)
   retransmission interval 1000ms
   DAD transmits 0

  C:\>

Connecting with the rest of the world

Having IPv6 running on one machine isn’t all that interesting. Far more useful is being able to reach the rest of the IPv6 internet users. There are three common methods that are used to connect to the rest of the IPv6 world:

Native IPv6
If you already have a router that is connected to the rest of the IPv6 world (a linux router/firewall configured to talk IPv6 for example) or a local LAN full of hosts running IPv6 then native IPv6 is all that is required.
Tunnel broker
A tunnel broker provides IPv6 addresses from it’s own IPv6 allocation and makes them available via an IPv6-over-IPv4 tunnel.
6to4 address
A special class of IPv6 addresses that have an embedded IPv4 in them. The embedded addresses are used to perform automatic IPv6-over-IPv4 tunneling.

Also keep in mind that there is no problem at all with having multiple IP addresses under IPv6, so more than one method of obtaining IPv6 addresses may be used at the same time.

Firewalling

Before proceeding its necessary to point out that no mention of firewalling is made here, but it is something which needs to be considered if you enable IPv6. Most commonly available firewalls will not support IPv6 and will therefore either block and/or permit all IPv6 traffic.

Also note that if you are attempting to use some type of IPv6-over-IPv4 tunneling then you will need to permit the IPv6-over-IPv4 packets (IPv4 protocol number 41) through any existing IPv4 firewall.

Native IPv6

If an IPv6 capable router is present then the windows XP host will now have complete IPv6 access. A common case is to have a linux host acting as a firewall, router and IPv6 gateway and running the radvd router advertisement daemon. In this case windows XP will have already picked up a local address.

The output the ipv6 if above shows this to be the case here:

    preferred global 2002:ac1d:2d64:1:5f4:46e0:6dd7:21f6, life 5m/2m (anonymous)
    preferred global 2002:ac1d:2d64:1:2e0:18ff:fefb:7a25, life 5m/2m (public)

2002:ac1d:2d64:1 is the network prefix configured on the router (subnet 1 in the 6to4 address 2002:ac1d:2d64). Two addresses have been auto configured, the first is an any essentially random address used as the source of outgoing connections[2] and the second is an address configured based in the MAC address of the host. This second address can be used as the fixed address of this host (it will remain the same as long as the network card is not changed.)

The traceroute (tracert6) and ping (ping6) commands show that full IPv6 connectivity is now working:

 C:\>tracert6 www.ipv6.org

 Tracing route to shake.stacken.kth.se [2001:6b0:1:ea:a00:20ff:fe8f:708f]
 from 2002:ac1d:2d64:1:5f4:46e0:6dd7:21f6 over a maximum of 30 hops:

   1       <1 ms    <1 ms    <1 ms  2002:ac1d:2d64:1::1
   2       39 ms    39 ms    40 ms  2002:c0e7:d405::1
   3      415 ms   409 ms   411 ms  6plains-iplsng.abilene.ucaid.edu [2001:468:ff:121d::2]
   4      410 ms   410 ms   411 ms  iplsng-6plains.abilene.ucaid.edu [2001:468:ff:121d::1]
   5      412 ms   415 ms   414 ms  chinng-iplsng.abilene.ucaid.edu [2001:468:ff:f12::1]
   6      413 ms   410 ms   416 ms  abilene.nl1.nl.geant.net [2001:798:2022:10aa::d]
   7      409 ms   409 ms   411 ms  nl.uk1.uk.geant.net [2001:798:20cc:2201:2801::2]
   8      445 ms   446 ms   447 ms  uk.se1.se.geant.net [2001:798:20cc:2501:2801::1]
   9      434 ms   431 ms   432 ms  nordunet-gw.se1.se.geant.net [2001:798:2025:10aa::2]
  10      433 ms   432 ms   432 ms  sw-gw.nordu.net [2001:948:0:f025::1]
  11      433 ms   434 ms   433 ms  6net-gw.nordu.net [2001:948:0:f02a::2]
  12      433 ms   534 ms   534 ms  nocv6.sunet.se [2001:948:0:f003::2]
  13      433 ms   431 ms   433 ms  2001:6b0:8::3
  14      432 ms   434 ms   436 ms  2001:6b0:1:1::4
  15      430 ms   432 ms   433 ms  renskav.stacken.kth.se [2001:6b0:1:ea:a00:20ff:fe8f:708f]

 Trace complete.

 C:\>ping6 www.ipv6.org

 Pinging shake.stacken.kth.se [2001:6b0:1:ea:a00:20ff:fe8f:708f]
 from 2002:ac1d:2d64:1:5f4:46e0:6dd7:21f6 with 32 bytes of data:

 Reply from 2001:6b0:1:ea:a00:20ff:fe8f:708f: bytes=32 time=435ms
 Reply from 2001:6b0:1:ea:a00:20ff:fe8f:708f: bytes=32 time=433ms
 Reply from 2001:6b0:1:ea:a00:20ff:fe8f:708f: bytes=32 time=432ms
 Reply from 2001:6b0:1:ea:a00:20ff:fe8f:708f: bytes=32 time=433ms

 Ping statistics for 2001:6b0:1:ea:a00:20ff:fe8f:708f:
     Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
 Approximate round trip times in milli-seconds:
     Minimum = 432ms, Maximum = 435ms, Average = 433ms

 C:\>

Tunnel brokers

There are a lot of tunnel brokers available and each them has different requirements and features. You should look at the documentation provided by your tunnel broker for details on how to configure access via their specific service. Generally it is just a matter of downloading and running an appropriate client and is therefore very easy to do.

See IPv6 tunnel brokers for more details.

6to4 addresses

Using 6to4 address is the easiest method of connecting to the rest of the IPv6 world. These addresses contain an embedded IPv4 address which is used as the end point of an IPv6-over-IPv4 tunnel. Other machines will automatically send their IPv6 packets over IPv4 to the embedded address you select to use.

See 6to4 Addresses for more details on 6to4 addresses.

Configuring 6to4

First you need to make a note of the IPv4 address that you will be using (it should be one of the IP addresses that XP host has) and your selected 6to4 relay router.

 IPv4 address: 192.168.0.1 [1]
 Relay router: 192.88.99.1

Now convert each of these addresses to their hex format:

 [nynaeve][12:03PM]%> printf "%x%02x:%x%02x\n" 192 168 0 1
 c0a8:001
 [nynaeve][12:03PM]%> printf "%x%02x:%x%02x\n" 192 88 99 1
 c058:6301

We then make them into the 6to4 gateway address by adding the 6to4 address be appending the prefix 2002 and by select the first IP address, 1, on the subnet 0:

  • My 6to4 address: 2002:c0a8:1::1
  • My relay Router address: 2002:c058:6301::1

Now we are ready to configure 6to4. Remember to change the addresses to those you have selected:

 C:\>netsh interface ipv6 6to4 set relay 192.88.99.1 enable
 Ok.
 C:\>ipv6 ipv6 adu 3/2002:c0a8:1::1
 C:\>ipv6 rtu 2002::/16 3 pub life 1800
 C:\>ipv6 rtu ::/0 3/2002:c058:6301::1 pub life 1800
 C:\>ipv6 if
 Interface 5: Ethernet: Local Area Connection
   uses Neighbor Discovery
   uses Router Discovery
   link-layer address: 00-e0-18-fb-7a-25
     preferred link-local fe80::2e0:18ff:fefb:7a25, life infinite
     multicast interface-local ff01::1, 1 refs, not reportable
     multicast link-local ff02::1, 1 refs, not reportable
     multicast link-local ff02::1:fffb:7a25, 1 refs, last reporter
   link MTU 1500 (true link MTU 1500)
   current hop limit 64
   reachable time 37500ms (base 30000ms)
   retransmission interval 1000ms
   DAD transmits 1
 Interface 4: Ethernet: Local Area Connection 2
   uses Neighbor Discovery
   uses Router Discovery
   link-layer address: 00-d0-5c-22-23-7e
     preferred link-local fe80::2d0:5cff:fe22:237e, life infinite
     multicast interface-local ff01::1, 1 refs, not reportable
     multicast link-local ff02::1, 1 refs, not reportable
     multicast link-local ff02::1:ff22:237e, 1 refs, last reporter
   link MTU 7168 (true link MTU 7168)
   current hop limit 128
   reachable time 27500ms (base 30000ms)
   retransmission interval 1000ms
   DAD transmits 1
 Interface 3: 6to4 Tunneling Pseudo-Interface
   does not use Neighbor Discovery
   does not use Router Discovery
     preferred global 2002:c058:6301::1, life infinite (manual)
   link MTU 1280 (true link MTU 65515)
   current hop limit 128
   reachable time 17500ms (base 30000ms)
   retransmission interval 1000ms
   DAD transmits 0
 Interface 2: Automatic Tunneling Pseudo-Interface
   does not use Neighbor Discovery
   does not use Router Discovery
   router link-layer address: 0.0.0.0
   EUI-64 embedded IPv4 address: 0.0.0.0
     preferred link-local fe80::5efe:172.20.0.208, life infinite
     preferred link-local fe80::5efe:192.168.44.21, life infinite
   link MTU 1280 (true link MTU 65515)
   current hop limit 128
   reachable time 16500ms (base 30000ms)
   retransmission interval 1000ms
   DAD transmits 0
 Interface 1: Loopback Pseudo-Interface
   does not use Neighbor Discovery
   does not use Router Discovery
   link-layer address:
     preferred link-local ::1, life infinite
     preferred link-local fe80::1, life infinite
   link MTU 1500 (true link MTU 4294967295)
   current hop limit 128
   reachable time 32000ms (base 30000ms)
   retransmission interval 1000ms
   DAD transmits 0

Note that none of these settings are saved across a reboot. You will need to manually organize that these commands are re-run on each boot.

Manual address configuration

Automatically generated addresses are nice for clients but for servers it’s often preferable to have a fixed address which may be moved between hosts as services move and/or hardware fails. Manually adding an address will not remove the auto configured addresses from the host, it just adds another address which can be used for access to services.

Add an IPv6 address

An address is added with the “ipv6 adu” command. An optional “-p” parameter may be used to make the address permanent (automatically kept for the next boot).

Here’s an example of using address 2 in the subnet:

 C:\>ipv6 -p adu 5/2002:ac1d:2d64:1::2

 C:\>ipv6 if
 Interface 5: Ethernet: Local Area Connection
   uses Neighbor Discovery
   uses Router Discovery
   link-layer address: 00-e0-18-fb-7a-25
     preferred global 2002:ac1d:2d64:1::2, life infinite (manual)
     preferred global 2002:ac1d:2d64:1:5f4:46e0:6dd7:21f6, life 5m/2m (anonymous)
     preferred global 2002:ac1d:2d64:1:2e0:18ff:fefb:7a25, life 5m/2m (public)
     preferred link-local fe80::2e0:18ff:fefb:7a25, life infinite
     multicast interface-local ff01::1, 1 refs, not reportable
     multicast link-local ff02::1, 1 refs, not reportable
     multicast link-local ff02::1:fffb:7a25, 2 refs, last reporter
     multicast link-local ff02::1:ffd7:21f6, 1 refs, last reporter
     multicast link-local ff02::1:ff00:2, 1 refs, last reporter
   link MTU 1500 (true link MTU 1500)
   current hop limit 64
   reachable time 26000ms (base 30000ms)
   retransmission interval 1000ms
   DAD transmits 1
 ...
 C:\>

Now there are three addresses configured, the two automatically generated address and the manually configured address:

    preferred global 2002:ac1d:2d64:1::2, life infinite (manual)
    preferred global 2002:ac1d:2d64:1:5f4:46e0:6dd7:21f6, life 5m/2m (anonymous)
    preferred global 2002:ac1d:2d64:1:2e0:18ff:fefb:7a25, life 5m/2m (public)

All three address may be used to refer to this host.

Remove an IPv6 address

Removing an address uses the same command, but the lifetime of the address is set to zero. This causes the route to be expired immediately

  C:\>ipv6 adu 5/2002:ac1d:2d64:1::2 life 0

Applications supporting IPv6

So you have your IPv6 addresses and are connected to the rest of the IPv6 internet and now you want to know what else you can do? The following are some of the useful commands and applications which I have successfully used with IPv6 under Windows XP:

ping6
IPv6 version of ping. This is a part of Windows XP and is installed when IPv6 is installed;
tracrt6
IPv6 version of traceroute (tracert). This is a part of Windows XP and is
telnet
The windows XP version of telnet supports both IPv4 and IPv6.
internet explorer
The windows XP version of IE supports both IPv4 and IPv6. Be careful with proxy settings though as they apply for both IPv4 and IPv6 but most proxies will only support IPv4. Try http://www.ipv6.org/ to determine if IPv6 connections are working.
putty
A third part SSH client for windows. The standard putty build does not include IPv6 support but there is an IPv6 build which supports both IPv4 and IPv6.
apache
Apache version 2 includes IPv6 support in the base source code. Not all windows builds have this enabled by default, so check to make sure the version you are using is built with IPv6 support.

Additional documentation

Plenty of documentation on IPv6 is available from Microsoft. If you are interested in more information on Microsoft’s XP implementation and/or their IPv6 strategy then there’s links are a good place to start:

For general IPv6 news and for finding IPv enabled applications and tunnel brokers the IPv6 news site is a great source of information:

Footnotes

[1] Note that this address (192.168.0.1) is used as an example only and will not actually be usable as a 6to4 address due to it being a private IPv4 addresses. Windows XP will not permit the use of a private IP addresses as a 6to4 address.

[2] RFC3041 – Privacy Extensions for Stateless Address Autoconfiguration in IPv6 documents the annonymous addresses that Windows XP is automatically allocating.

† 03 Mar 2004: Revision 1 © 2004 Jamie Lenehan

Leave a Reply

Your email address will not be published. Required fields are marked *