Welcome to the next installment of the House of IT’s Windows Server 2012 Tutorial and today we will tackle IPV6. Now the first thing we need to know about IPV6 is Addressing because in IPV4 we had a 32 bit address but here in IPV6 we now have a 128 bit address allowing 2 to the power of 128 or approximately 3.4 x 10 ^ 38 addresses, that’s 340 followed by 36 zeroes, 340 Undecillion addresses.
Take this address over here for example, we may only have 32 positions like IPv4 but each of these positions represent 4 bits which gives us a total of 128 bits. Also, you may notice that the address now has letters on addition to numbers. And you might be wondering what these letters mean. To explain these, I’m gonna show you this chart. Now, as you may know, the Decimal Notation uses a 10 digits, those are numbers from 0-9, but Hex uses 15 digits instead of 10.
As you can see here in the chart, from 0 – 9 decimal and hex uses the same representations, but for numbers 10 – 15, hex uses the letter from A through F to represent these values. And even though the two protocols are not designed to be interoperable, several IPv6 transition mechanisms allow communication between the 2 protocols, so we could still use IPv4 and communicate with an IPv6 host.
The downside to this though is that, you now have a lot of digits to memorize. But there are some ways to abbreviate this addresses. Now here are the rules in abbreviating IPv6 addresses:
- The normal form of an IPv6 address are 8 x’s separated with colons where the ‘x’s are one to four hexadecimal digits of the eight 16-bit pieces of the address. Note that it is not necessary to write the leading zeroes in an individual field, but there must be at least one numeral in every field except for the case described in number 2.
- Now rule number 2, it is common for addresses in IPv6 to contain long strings of zero bits. So in order to make writing addresses with consecutive zeroes easier, a special syntax is to be used. Which is “::”, the “::” indicated one or more groups of 16 bit zeroes. But it can only appear once in an address to avoid confusion. “::” can be used for both leading/trailing 1 or more 16 bit zeroes like this example over here.
And for this 60 bit prefix, the legal representations of this address are as follows. Within each four-digit section, the lead zero or zeroes may be omitted, but not trailing zeroes. Let me show you the difference. Now in the abbreviated address if only we omit the leading zeroes the address to the left of “/” could be expanded to this representation. But if we also omitted the trailing zeroes like this one, the address to the left of “/” could be expanded to this. And clearly AB10 is not equal to 0AB1.
Now let’s move on to types of IPV6 addresses, there’s the local link address which is similar to APIPA except that with IPv6, you’re supposed to have one even if you have no problem with your DHCP server because it is used in communicating with other hosts on the same link. Meaning, these addresses will used by the computer to communicate with other link-local addresses in the same subnet. Making it more efficient.
It still self-assigns an address but here in IPV6 it would start with FE80 and is randomly generated. And because it is randomly generated, you might think that you might get the same address with another computer at some point. Note that there is only 1 in 340 undecillion chance that you will get the same Link-Local address with another computer, you have so much better chances in winning the lottery than getting a duplicate address; but still, IPv6 has a built-in conflict detection. Which makes it impossible to get a duplicate address.
Now try to do an IP config and if you are wondering what %n means, it is the index ID, to indicate which IP address or adapter would be used in the communication process.
Now the second would be the Unique-Local Address which is used to be called Site Local. It is similar to Private IP but not really necessary because of the abundance of IP addresses. Now for this two loopbacks over here are reserved for Unique-Local addresses. Now for loopback address unlike IPv4 where they wasted the whole 127.0.0.0 IP range for the loopback address, we now only have 1 address for the loopback, which is “::1”. While for the default gateway, we use “:”, but if I ping “::”, I won’t get a reply because I’m using an IPv4 address.
Now the last type of IPV6 address is the Global Scope IP Address, it is the IPv6 equivalent of Public IP, these internet routable addresses and can be used by websites or any hosts in the Internet version 2. And addresses starting with 2 and 3 are reserved for Global Scope addresses. There’s also this something called the Global Routing Prefix which is part of the global scope, it is the first 48 or less bits in the address including the first 3 which were reserved, which technically is just the network ID used for routing within a network. These addresses are usually given to ISP or Internet Service Providers, Huge Organizations, Government Organizations and etc. then divide it within their company or network.
Now for the Subnet ID, it would be the remaining bits in the first 64 bits after the Global Routing Prefix. So with this 128 bit address cut it in half so we have 64 on this side, 64 in the other side. In the left side, the first 48 (or less) is the Global Routing Prefix, so the remaining 16 bits or so will be used for the subnet IDs, which then will be used to split it off for more subnets/networks. And then the last 64 bits will be the Interface ID’s which are unique IP addresses and will never be used as network IDs.
Now let’s move on to our next topic which would be Transition to IPV6. IPv6 is quite a considerate protocol, as it has a lot of easy ways of doing the transition from IPv4 to IPv6. One way is to use the so-called Dual Stack Routers. This is a router that have 2 addresses to refer to itself, 1 is IPv4 and the other is IPv6. It could take a packet from an IPv4, and then send to the IPv6.
Next is the Dual IP Layer architecture. Which doesn’t really need to be configured because it comes with windows package. And then there’s Tunneling. The best way to describe tunneling is to show you an example. Imagine that you have 2 IPv4 hosts, half the earth apart of each other. And you want to send a packet from host A to host B, you would be using the internet which also uses the IPv4 protocol, but what if the internet suddenly uses the IPv6 protocol and both hosts are still in IPv4? This is where tunneling kicks in. It takes your IPv4 packet, puts it inside an IPv6 packet as passes it through the IPv6 internet, and then unwraps it as it arrives in the IPv4 host B and vice versa. This also applies to IPV6 hosts and an IPv4 internet.
Now let’s move to ISATAP or Intra-site Automatic Tunnel Addressing Protocol which is commonly used in Private Networks. Here, an IPv4 packet is embedded in an IPv6 packet in the ISATAP router and sent/received around an IPv6 Network. And at the reverse side, we will have a hybrid IPv6 address, which is technically still an IPv6 address, for the reply where it starts of as an ordinary IPv6 address then ends with the IPv4 address of the destination computer. And the IPv4 address is usually preceded by 5EFE. Like this example over here, but in order for this to work host clients must resolve the name ISATAP using powershell first. Using powershell , DNS or other methods.
- In my case, I prefer using the DNS. So in your server manager, go to DNS under tools. You just create a new host record for ISATAP under your domain, name it ISATAP, then type in the IP Address of your ISATAP router. But by default, ISATAP is in the Global Query Blocklist, so you still have to unblock it in the registry. Under HKEY_Local_Machine > System > CurrentControlSet > Services > DNS > Parameter > GlobalQueryBlocklist. Then remove ISATAP from the list.
Now all you need to do is to advertise this IP Interface to your ISATAP clients. Thus, automatically assigning ISATAP addresses to the ISATAP clients in the same family. To do that you just need to run this command as an administrator in powershell. That is Set-NetIPInterface -InterfaceAlias “(Name of interface)” -AddressFamily IPv6 -Forwarding Enabled -Advertising Enabled.
Then here’s another method called Teredo which works in the same way a Teredo worm does. Tunneling through the internet with device that isn’t supposed to be compatible with it. Like, tunneling IPv6 packets through an IPv4 internet. This is really useful because usually, NAT devices (routers that are used for multiple private addresses) complicates the whole transition process. And teredo makes it a whole lot smoother by encapsulating the IPv6 packet into an IPv4 packet and uses UDP instead of TCP makes it a lot more NAT friendly.
Teredo has three components, the first component is the server, and this configures the client address, Sets up the communication requires 2 Public IPv4 addresses which I don’t have. The second component is the Teredo Relay, it does forwarding between IPv4 only hosts and IPv6 only hosts. Now the last one is the Teredo Host-Specific Relay. A Teredo host-specific relay is an IPv6/IPv4 node that has an interface and connectivity to both the IPv4 Internet and the IPv6 Internet and can communicate directly with Teredo clients over the IPv4 Internet, without the need for an intermediate Teredo relay. And that is all on IPv6, thank you for watching and I hope you learned a lot in this video.