Summary of IPv6 Enhancements in Windows 7
Windows 7 builds on the many IPv6 enhancements introduced earlier in Windows Vista and Windows Server 2008. These earlier enhancements include the following:
- Dual-IP-layer architecture A new TCP/IP stack architecture that uses the same transport and framing layers for both IPv4 and IPv6.
- Enabled by default Both IPv4 and IPv6 are installed and enabled by default, with the stack giving preference to IPv6 when appropriate without impairing the performance of IPv4 communications on the network. For example, if a DNS name query returns both an IPv4 and IPv6 address for a host, the client will try to use IPv6 first for communicating with the host. This preference also results in better network performance for IPv6-enabled applications.
- User interface configuration support In addition to being able to configure IPv6 settings from the command line using the netsh interface ipv6 command context, you can also configure them in Windows 7 using the user interface. For more information, see the section titled "Configuring IPv6 in Windows 7 Using the User Interface" later in this tutorial.
- Full IPsec support IPv6 support in previous versions of Windows offered only limited support for IPsec protection of network traffic. In Windows 7 and Windows Vista, however, IPsec support for IPv6 is the same as for IPv4, and you can configure IPsec connection security rules for IPv6 in the same way as IPv4 by using the Windows Firewall With Advanced Security console.
- LLMNR support The implementation of IPv6 in Windows 7 and Windows Vista supports Link-Local Multicast Name Resolution (LLMNR), a mechanism that enables IPv6 nodes on a single subnet to resolve each other's names in the absence of a DNS server. LLMNR works by having nodes send multicast DNS name queries instead of unicast queries. Computers running Windows 7 and Windows Vista listen by default for multicast LLMNR traffic, which eliminates the need to perform local subnet name resolution using NetBIOS over TCP/IP when no DNS server is available. LLMNR is defined in RFC 4795.
- MLDv2 support The implementation of IPv6 in Windows 7 and Windows Vista supports MLD version 2 (MLDv2), a mechanism described in RFC 3810 that enables IPv6 hosts to register interest in source-specific multicast traffic with local multicast routers by specifying an include list (to indicate specific source addresses of interest) or an exclude list (to exclude unwanted source addresses).
- DHCPv6 support The DHCP Client service in Windows 7 and Windows Vista supports DHCPv6 as defined in RFCs 3736 and 4361. This means that computers running Windows 7 and Windows Vista can perform both stateful and stateless DHCPv6 configuration on a native IPv6 network.
- IPv6CP support The built-in remote access client functionality in Windows 7 and Windows Vista supports IPv6 Control Protocol (IPv6CP) (RFC 5072) to configure IPv6 nodes on a PPP link. This means that native IPv6 traffic can be sent over PPP-based network connections, such as dial-up connections or broadband PPP over Ethernet (PPPoE) connections, to an ISP. IPv6CP also supports Layer 2 Tunneling Protocol (L2TP), and for Windows Vista with Service Pack 1 (SP1) or later, Secure Socket Tunneling Protocol (SSTP)-based virtual private network (VPN) connections.
- Random interface IDs By default, Windows 7 and Windows Vista generate random interface IDs for non-temporary autoconfigured IPv6 addresses, including both public addresses (global addresses registered in DNS) and link-local addresses. For more information, see the section titled "Disabling Random Interface IDs" later in this tutorial.
- Literal IPv6 addresses in URLs Windows 7 and Windows Vista support RFC 2732-compliant literal IPv6 addresses in URLs by using the WinINet application programming interface (API) support in Windows Internet Explorer 8.0. This can be a useful feature for troubleshooting Internet connectivity with IPv6-enabled Web servers.
- New Teredo behavior The Teredo client in Windows 7 and Windows Vista remains dormant (inactive) until it spins up (is activated by) an IPv6-enabled application that tries to use Teredo. In Windows 7 and Windows Vista, three things can bring up Teredo: an application trying to communicate using a Teredo address (the outbound instantiated scenario), a listening application that has the Edge Traversal rule enabled in Windows Firewall (any IPv6-enabled applications that need to use Teredo can easily do so by setting the Edge Traversal flag using the Windows Firewall APIs), and the NotifyStableUnicastIpAddressTable IP Helper API.
In addition to these earlier enhancements, Windows 7 and Windows Server 2008 R2 introduce the following new IPv6 improvements:
- IP-HTTPS This stands for Internet Protocol over Hypertext Transfer Protocol Secure
(IP over HTTPS), a new protocol that enables hosts located behind a proxy or firewall
to establish connectivity by tunneling IP traffic inside an HTTPS tunnel. HTTPS is used
instead of HTTP so that proxy servers will be prevented from looking inside the data
stream and terminating the connection if traffic seems anomalous. Note that HTTPS
does not provide data security-you must use IPsec to provide data security for an IPHTTPS connection.
In the Windows 7 implementation of DirectAccess described in the following More Info box, IT-HTTPS is used whenever a firewall or proxy server blocks a client computer from using 6to4 or Teredo to establish an IPv6-over-IPv4 tunnel with an IPv6-enabled DirectAccess server on the corporate intranet.
More Info For more information about IP-HTTPS, see the article, "IP over HTTPS (IP-HTTPS) Tunneling Protocol Specification," on MSDN at http://msdn.microsoft.com/en-us/library/dd358571.aspx.
- DirectAccess This is a new feature of Windows 7 and Windows Server 2008 R2 that
provides users with the experience of being seamlessly connected to the corporate
network whenever they have Internet access. Using DirectAccess, remote users who attempt
to access corporate intranet resources, such as e-mail servers, shared folders, or
intranet Web sites, can access these resources without the need to connect to a VPN.
By providing users with the same connectivity experience both inside and outside the office, DirectAccess can increase the productivity of your mobile users. DirectAccess also enables administrators to keep the computers of mobile uses in a managed state even when they are off-site by allowing Group Policy changes to be propagated over the Internet.
DirectAccess is implemented as a client/server architecture in which remote IPv6-enabled client computers communicate with IPv6-enabled servers located on the corporate network. DirectAccess can work over existing IPv4 networks, such as the public IPv4 Internet, by using IPv4/IPv6 transition technologies such as 6to4, Teredo, and ISATAP. DirectAccess also supports native IPv6 connectivity for clients that have been assigned native IPv6 addresses.
DirectAccess uses IPsec tunneling to provide security for authentication and resource access. DirectAccess can be implemented in different ways ranging from providing client computers with secure access to intranet resources via an IPv6-enabled IPsec gateway to providing them with secure end-to-end connectivity with each IPv6-enabled application server located on the intranet. DirectAccess requires the use of IPv6 so that client computers can have globally routable addresses.
More Info See the article, "DirectAccess Technical Overview for Windows 7 and Windows Server 2008 R2," at http://technet.microsoft.com/en-us/library/dd637827.aspx.
In this tutorial:
- Deploying IPv6
- Understanding IPv6
- Understanding IPv6 Terminology
- Understanding IPv6 Addressing
- Understanding IPv6 Prefixes
- Understanding IPv6 Address Types
- Understanding Unicast Addresses
- Identifying IPv6 Address Types
- Understanding Interface Identifiers
- Comparing IPv6 with IPv4
- Understanding IPv6 Routing
- How IPv6 Routing Works
- IPv6 Route Determination Process
- IPv6 Routing Table Structure
- Understanding ICMPv6 Messages
- Understanding Neighbor Discovery
- Understanding Address Autoconfiguration
- Understanding Name Resolution
- Understanding Name Queries
- Understanding Name Registration
- PTR Records and IPv6
- IPv6 Enhancements in Windows 7
- Summary of IPv6 Enhancements in Windows 7
- Configuring and Troubleshooting IPv6 in Windows 7
- Configuring IPv6 in Windows 7 Using the User Interface
- Configuring IPv6 in Windows 7 Using Netsh
- Other IPv6 Configuration Tasks
- Enabling or Disabling IPv6
- Disabling Random Interface IDs
- Resetting IPv6 Configuration
- Displaying Teredo Client Status
- Troubleshooting IPv6 Connectivity
- Planning for IPv6 Migration
- Blocking Teredo
- Understanding ISATAP
- Migrating an Intranet to IPv6
- Step 1: Upgrading Your Applications and Services
- Step 2: Preparing Your DNS Infrastructure
- Step 3: Upgrading Your Hosts
- Step 4: Migrating from IPv4-only to ISATAP
- Step 5: Upgrading Your Routing Infrastructure
- Step 6: Upgrading Your DHCP Infrastructure
- Step 7: Migrating from ISATAP to Native IPv6
- The Advantages of IPv6
- Address Resolution in IPv6