Windows XP is the first operating system form Microsoft to include IPv6 support by default. It is considered by Microsoft to be an experimental release and as such it is installed but not enabled by default.
Enabling IPv6
Enabling IPv6 is a simply a matter of running ipv6 install from a command prompt:
C:\> ipv6 install Installing... Succeeded. C:\>
Most of the standard IPv4 network commands and user interface components do not show any of the IPv6 information. Two new commands are provided for this purpose:
- ipv6
- netsh
To see the ipv6 configuration information you can use the ipv6 if command:
C:\>ipv6 if Interface 5: Ethernet: Local Area Connection uses Neighbor Discovery uses Router Discovery link-layer address: 00-e0-18-fb-7a-25 preferred global 2002:ac1d:2d64:1:5f4:46e0:6dd7:21f6, life 5m/2m (anonymous) preferred global 2002:ac1d:2d64:1:2e0:18ff:fefb:7a25, life 5m/2m (public) preferred link-local fe80::2e0:18ff:fefb:7a25, life infinite multicast interface-local ff01::1, 1 refs, not reportable multicast link-local ff02::1, 1 refs, not reportable multicast link-local ff02::1:fffb:7a25, 2 refs, last reporter multicast link-local ff02::1:ffd7:21f6, 1 refs, last reporter link MTU 1500 (true link MTU 1500) current hop limit 64 reachable time 26000ms (base 30000ms) retransmission interval 1000ms DAD transmits 1 Interface 4: Ethernet: Local Area Connection 2 uses Neighbor Discovery uses Router Discovery link-layer address: 00-d0-5c-22-23-7e preferred link-local fe80::2d0:5cff:fe22:237e, life infinite multicast interface-local ff01::1, 1 refs, not reportable multicast link-local ff02::1, 1 refs, not reportable multicast link-local ff02::1:ff22:237e, 1 refs, last reporter link MTU 7168 (true link MTU 7168) current hop limit 128 reachable time 28000ms (base 30000ms) retransmission interval 1000ms DAD transmits 1 Interface 3: 6to4 Tunneling Pseudo-Interface does not use Neighbor Discovery does not use Router Discovery link MTU 1280 (true link MTU 65515) current hop limit 128 reachable time 27000ms (base 30000ms) retransmission interval 1000ms DAD transmits 0 Interface 2: Automatic Tunneling Pseudo-Interface does not use Neighbor Discovery does not use Router Discovery router link-layer address: 0.0.0.0 EUI-64 embedded IPv4 address: 0.0.0.0 preferred link-local fe80::5efe:172.20.0.208, life infinite preferred link-local fe80::5efe:192.168.44.21, life infinite link MTU 1280 (true link MTU 65515) current hop limit 128 reachable time 28500ms (base 30000ms) retransmission interval 1000ms DAD transmits 0 Interface 1: Loopback Pseudo-Interface does not use Neighbor Discovery does not use Router Discovery link-layer address: preferred link-local ::1, life infinite preferred link-local fe80::1, life infinite link MTU 1500 (true link MTU 4294967295) current hop limit 128 reachable time 36500ms (base 30000ms) retransmission interval 1000ms DAD transmits 0 C:\>
Connecting with the rest of the world
Having IPv6 running on one machine isn’t all that interesting. Far more useful is being able to reach the rest of the IPv6 internet users. There are three common methods that are used to connect to the rest of the IPv6 world:
- Native IPv6
- If you already have a router that is connected to the rest of the IPv6 world (a linux router/firewall configured to talk IPv6 for example) or a local LAN full of hosts running IPv6 then native IPv6 is all that is required.
- Tunnel broker
- A tunnel broker provides IPv6 addresses from it’s own IPv6 allocation and makes them available via an IPv6-over-IPv4 tunnel.
- 6to4 address
- A special class of IPv6 addresses that have an embedded IPv4 in them. The embedded addresses are used to perform automatic IPv6-over-IPv4 tunneling.
Also keep in mind that there is no problem at all with having multiple IP addresses under IPv6, so more than one method of obtaining IPv6 addresses may be used at the same time.
Firewalling
Before proceeding its necessary to point out that no mention of firewalling is made here, but it is something which needs to be considered if you enable IPv6. Most commonly available firewalls will not support IPv6 and will therefore either block and/or permit all IPv6 traffic.
Also note that if you are attempting to use some type of IPv6-over-IPv4 tunneling then you will need to permit the IPv6-over-IPv4 packets (IPv4 protocol number 41) through any existing IPv4 firewall.
Native IPv6
If an IPv6 capable router is present then the windows XP host will now have complete IPv6 access. A common case is to have a linux host acting as a firewall, router and IPv6 gateway and running the radvd router advertisement daemon. In this case windows XP will have already picked up a local address.
The output the ipv6 if above shows this to be the case here:
preferred global 2002:ac1d:2d64:1:5f4:46e0:6dd7:21f6, life 5m/2m (anonymous) preferred global 2002:ac1d:2d64:1:2e0:18ff:fefb:7a25, life 5m/2m (public)
2002:ac1d:2d64:1 is the network prefix configured on the router (subnet 1 in the 6to4 address 2002:ac1d:2d64). Two addresses have been auto configured, the first is an any essentially random address used as the source of outgoing connections[2] and the second is an address configured based in the MAC address of the host. This second address can be used as the fixed address of this host (it will remain the same as long as the network card is not changed.)
The traceroute (tracert6) and ping (ping6) commands show that full IPv6 connectivity is now working:
C:\>tracert6 www.ipv6.org Tracing route to shake.stacken.kth.se [2001:6b0:1:ea:a00:20ff:fe8f:708f] from 2002:ac1d:2d64:1:5f4:46e0:6dd7:21f6 over a maximum of 30 hops: 1 <1 ms <1 ms <1 ms 2002:ac1d:2d64:1::1 2 39 ms 39 ms 40 ms 2002:c0e7:d405::1 3 415 ms 409 ms 411 ms 6plains-iplsng.abilene.ucaid.edu [2001:468:ff:121d::2] 4 410 ms 410 ms 411 ms iplsng-6plains.abilene.ucaid.edu [2001:468:ff:121d::1] 5 412 ms 415 ms 414 ms chinng-iplsng.abilene.ucaid.edu [2001:468:ff:f12::1] 6 413 ms 410 ms 416 ms abilene.nl1.nl.geant.net [2001:798:2022:10aa::d] 7 409 ms 409 ms 411 ms nl.uk1.uk.geant.net [2001:798:20cc:2201:2801::2] 8 445 ms 446 ms 447 ms uk.se1.se.geant.net [2001:798:20cc:2501:2801::1] 9 434 ms 431 ms 432 ms nordunet-gw.se1.se.geant.net [2001:798:2025:10aa::2] 10 433 ms 432 ms 432 ms sw-gw.nordu.net [2001:948:0:f025::1] 11 433 ms 434 ms 433 ms 6net-gw.nordu.net [2001:948:0:f02a::2] 12 433 ms 534 ms 534 ms nocv6.sunet.se [2001:948:0:f003::2] 13 433 ms 431 ms 433 ms 2001:6b0:8::3 14 432 ms 434 ms 436 ms 2001:6b0:1:1::4 15 430 ms 432 ms 433 ms renskav.stacken.kth.se [2001:6b0:1:ea:a00:20ff:fe8f:708f] Trace complete. C:\>ping6 www.ipv6.org Pinging shake.stacken.kth.se [2001:6b0:1:ea:a00:20ff:fe8f:708f] from 2002:ac1d:2d64:1:5f4:46e0:6dd7:21f6 with 32 bytes of data: Reply from 2001:6b0:1:ea:a00:20ff:fe8f:708f: bytes=32 time=435ms Reply from 2001:6b0:1:ea:a00:20ff:fe8f:708f: bytes=32 time=433ms Reply from 2001:6b0:1:ea:a00:20ff:fe8f:708f: bytes=32 time=432ms Reply from 2001:6b0:1:ea:a00:20ff:fe8f:708f: bytes=32 time=433ms Ping statistics for 2001:6b0:1:ea:a00:20ff:fe8f:708f: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 432ms, Maximum = 435ms, Average = 433ms C:\>
Tunnel brokers
There are a lot of tunnel brokers available and each them has different requirements and features. You should look at the documentation provided by your tunnel broker for details on how to configure access via their specific service. Generally it is just a matter of downloading and running an appropriate client and is therefore very easy to do.
See IPv6 tunnel brokers for more details.
6to4 addresses
Using 6to4 address is the easiest method of connecting to the rest of the IPv6 world. These addresses contain an embedded IPv4 address which is used as the end point of an IPv6-over-IPv4 tunnel. Other machines will automatically send their IPv6 packets over IPv4 to the embedded address you select to use.
See 6to4 Addresses for more details on 6to4 addresses.
Configuring 6to4
First you need to make a note of the IPv4 address that you will be using (it should be one of the IP addresses that XP host has) and your selected 6to4 relay router.
IPv4 address: 192.168.0.1 [1] Relay router: 192.88.99.1
Now convert each of these addresses to their hex format:
[nynaeve][12:03PM]%> printf "%x%02x:%x%02x\n" 192 168 0 1 c0a8:001 [nynaeve][12:03PM]%> printf "%x%02x:%x%02x\n" 192 88 99 1 c058:6301
We then make them into the 6to4 gateway address by adding the 6to4 address be appending the prefix 2002 and by select the first IP address, 1, on the subnet 0:
- My 6to4 address: 2002:c0a8:1::1
- My relay Router address: 2002:c058:6301::1
Now we are ready to configure 6to4. Remember to change the addresses to those you have selected:
C:\>netsh interface ipv6 6to4 set relay 192.88.99.1 enable Ok. C:\>ipv6 ipv6 adu 3/2002:c0a8:1::1 C:\>ipv6 rtu 2002::/16 3 pub life 1800 C:\>ipv6 rtu ::/0 3/2002:c058:6301::1 pub life 1800 C:\>ipv6 if Interface 5: Ethernet: Local Area Connection uses Neighbor Discovery uses Router Discovery link-layer address: 00-e0-18-fb-7a-25 preferred link-local fe80::2e0:18ff:fefb:7a25, life infinite multicast interface-local ff01::1, 1 refs, not reportable multicast link-local ff02::1, 1 refs, not reportable multicast link-local ff02::1:fffb:7a25, 1 refs, last reporter link MTU 1500 (true link MTU 1500) current hop limit 64 reachable time 37500ms (base 30000ms) retransmission interval 1000ms DAD transmits 1 Interface 4: Ethernet: Local Area Connection 2 uses Neighbor Discovery uses Router Discovery link-layer address: 00-d0-5c-22-23-7e preferred link-local fe80::2d0:5cff:fe22:237e, life infinite multicast interface-local ff01::1, 1 refs, not reportable multicast link-local ff02::1, 1 refs, not reportable multicast link-local ff02::1:ff22:237e, 1 refs, last reporter link MTU 7168 (true link MTU 7168) current hop limit 128 reachable time 27500ms (base 30000ms) retransmission interval 1000ms DAD transmits 1 Interface 3: 6to4 Tunneling Pseudo-Interface does not use Neighbor Discovery does not use Router Discovery preferred global 2002:c058:6301::1, life infinite (manual) link MTU 1280 (true link MTU 65515) current hop limit 128 reachable time 17500ms (base 30000ms) retransmission interval 1000ms DAD transmits 0 Interface 2: Automatic Tunneling Pseudo-Interface does not use Neighbor Discovery does not use Router Discovery router link-layer address: 0.0.0.0 EUI-64 embedded IPv4 address: 0.0.0.0 preferred link-local fe80::5efe:172.20.0.208, life infinite preferred link-local fe80::5efe:192.168.44.21, life infinite link MTU 1280 (true link MTU 65515) current hop limit 128 reachable time 16500ms (base 30000ms) retransmission interval 1000ms DAD transmits 0 Interface 1: Loopback Pseudo-Interface does not use Neighbor Discovery does not use Router Discovery link-layer address: preferred link-local ::1, life infinite preferred link-local fe80::1, life infinite link MTU 1500 (true link MTU 4294967295) current hop limit 128 reachable time 32000ms (base 30000ms) retransmission interval 1000ms DAD transmits 0
Note that none of these settings are saved across a reboot. You will need to manually organize that these commands are re-run on each boot.
Manual address configuration
Automatically generated addresses are nice for clients but for servers it’s often preferable to have a fixed address which may be moved between hosts as services move and/or hardware fails. Manually adding an address will not remove the auto configured addresses from the host, it just adds another address which can be used for access to services.
Add an IPv6 address
An address is added with the “ipv6 adu” command. An optional “-p” parameter may be used to make the address permanent (automatically kept for the next boot).
Here’s an example of using address 2 in the subnet:
C:\>ipv6 -p adu 5/2002:ac1d:2d64:1::2 C:\>ipv6 if Interface 5: Ethernet: Local Area Connection uses Neighbor Discovery uses Router Discovery link-layer address: 00-e0-18-fb-7a-25 preferred global 2002:ac1d:2d64:1::2, life infinite (manual) preferred global 2002:ac1d:2d64:1:5f4:46e0:6dd7:21f6, life 5m/2m (anonymous) preferred global 2002:ac1d:2d64:1:2e0:18ff:fefb:7a25, life 5m/2m (public) preferred link-local fe80::2e0:18ff:fefb:7a25, life infinite multicast interface-local ff01::1, 1 refs, not reportable multicast link-local ff02::1, 1 refs, not reportable multicast link-local ff02::1:fffb:7a25, 2 refs, last reporter multicast link-local ff02::1:ffd7:21f6, 1 refs, last reporter multicast link-local ff02::1:ff00:2, 1 refs, last reporter link MTU 1500 (true link MTU 1500) current hop limit 64 reachable time 26000ms (base 30000ms) retransmission interval 1000ms DAD transmits 1 ... C:\>
Now there are three addresses configured, the two automatically generated address and the manually configured address:
preferred global 2002:ac1d:2d64:1::2, life infinite (manual) preferred global 2002:ac1d:2d64:1:5f4:46e0:6dd7:21f6, life 5m/2m (anonymous) preferred global 2002:ac1d:2d64:1:2e0:18ff:fefb:7a25, life 5m/2m (public)
All three address may be used to refer to this host.
Remove an IPv6 address
Removing an address uses the same command, but the lifetime of the address is set to zero. This causes the route to be expired immediately
C:\>ipv6 adu 5/2002:ac1d:2d64:1::2 life 0
Applications supporting IPv6
So you have your IPv6 addresses and are connected to the rest of the IPv6 internet and now you want to know what else you can do? The following are some of the useful commands and applications which I have successfully used with IPv6 under Windows XP:
- ping6
- IPv6 version of ping. This is a part of Windows XP and is installed when IPv6 is installed;
- tracrt6
- IPv6 version of traceroute (tracert). This is a part of Windows XP and is
- telnet
- The windows XP version of telnet supports both IPv4 and IPv6.
- internet explorer
- The windows XP version of IE supports both IPv4 and IPv6. Be careful with proxy settings though as they apply for both IPv4 and IPv6 but most proxies will only support IPv4. Try http://www.ipv6.org/ to determine if IPv6 connections are working.
- putty
- A third part SSH client for windows. The standard putty build does not include IPv6 support but there is an IPv6 build which supports both IPv4 and IPv6.
- apache
- Apache version 2 includes IPv6 support in the base source code. Not all windows builds have this enabled by default, so check to make sure the version you are using is built with IPv6 support.
Additional documentation
Plenty of documentation on IPv6 is available from Microsoft. If you are interested in more information on Microsoft’s XP implementation and/or their IPv6 strategy then there’s links are a good place to start:
For general IPv6 news and for finding IPv enabled applications and tunnel brokers the IPv6 news site is a great source of information:
Footnotes
[1] Note that this address (192.168.0.1) is used as an example only and will not actually be usable as a 6to4 address due to it being a private IPv4 addresses. Windows XP will not permit the use of a private IP addresses as a 6to4 address.
[2] RFC3041 – Privacy Extensions for Stateless Address Autoconfiguration in IPv6 documents the annonymous addresses that Windows XP is automatically allocating.
† 03 Mar 2004: Revision 1 © 2004 Jamie Lenehan