IPv6 on Microsoft Windows

Microsoft has been a leading host operating system for years, especially with the growth of the Internet during the 1990s. In 2001, Microsoft made a clear commitment to supporting IPv6 by including IPv6 support in the mainstream code of Windows XP. IPv6 support for the well-known Windows NT and Windows 2000 platforms has been available since 1998 for research, experimental, and learning purposes only.

In 1998, Microsoft Research (MSR), with contributions from USC/ISI East, started developing an IPv6 stack for the Windows NT and Windows 2000 platforms. For many years, MSR has publicly offered the source and binary code of this beta IPv6 implementation to the whole Internet community for research purposes only.

In 2000, Microsoft released the IPv6 Technology Preview For Windows 2000 and distributed it to the Internet community. The other version of the IPv6 stack was derived from the MSR code, but it was specifically coded to run only on Windows 2000. The Technology Preview For Windows 2000 version targeted people who wanted to learn, experiment with, and develop with IPv6 on Windows platforms. In 2001, Microsoft bundled IPv6 support into Windows XP. IPv6 support is available in Windows XP Professional, Windows XP Home Edition, Windows XP Pro, and Windows XP Home Edition Service Pack 1. Before these, Microsoft did not officially support IPv6. Microsoft also includes IPv6 support on .NET Server Windows Server 2003.

The different versions of IPv6 support for Windows are similar and support the main features of the IPv6 protocol, such as stateless autoconfiguration and some of the transition mechanisms. Users of Windows NT and Windows 2000 can download and install the IPv6 code on their computers to add IPv6 support. However, with Windows XP, IPv6 support is built in; the user just enables it using a command. This section presents the steps used to install and enable IPv6 support on Windows NT, Windows 2000, and Windows XP. First, however, you'll see how IPv6 internetworks with Windows.

Internetworking Microsoft Windows with IPv6

As soon as IPv6 support is installed successfully and enabled on Windows, the IPv6 stack is interpreted as a separate protocol from IPv4. This stack is IPv6-compliant and can interoperate with IPv6 nodes and router implementations on the market, including the Cisco IOS Software. In the context of internetworking Windows IPv6 nodes with Cisco routers, the IPv6 support provided by Microsoft can basically handle stateless autoconfiguration and some transition mechanisms such as configured tunnel and 6to4.

The Microsoft implementation includes applications, utilities, and tools used for networking that have been ported to IPv6 such as client Telnet, client FTP, ping, nslookup, tracert, DNS resolver, and file and print sharing. Moreover, IPv6 support is also included in Internet Explorer, .NET Server, IIS, Microsoft Media Server, and Microsoft RPC, in theory allowing any application based on RPC to run over IPv6.

Open software applications such as NTEmacs, Teraterm Pro with SSH, Cygwin Net (with IPv6 extensions), Apache for Win32 (with IPv6 extensions), NcFTP, Windump, Ethereal, ISC Bind 8 for NT, Emacs, Ruby, PuTTY, psyBNC, and AsyProxy are available with IPv6 support for Windows. Of course, this list is incomplete. An increasing number of IPv4-only open software and commercial applications that run on Windows are scheduled to be ported to IPv6.

After you see how to install and enable IPv6 support on Windows in the following sections, you will learn the steps and commands used to enable stateless autoconfiguration and to configure the transition mechanisms on Windows.

Enabling IPv6 on Microsoft Windows

This section presents the steps to install and enable IPv6 support on Windows XP, Windows 2000, and Windows NT.

Enabling IPv6 on Microsoft Windows XP

As mentioned, IPv6 support is already integrated into Windows XP in the Professional and Home Edition versions. However, IPv6 support must be enabled manually.

To enable IPv6 support, you enter the command ipv6 install in the DOS shell of Windows XP, as shown in Example 6-1.

Example 6-1. Enabling IPv6 on Windows XP by Running ipv6.exe in the DOS Shell

C:Documents and SettingsREGIS>ipv6 install
Installing...
Succeeded.

Microsoft has introduced the command interface netsh for the DOS shell on Windows XP and .NET Server operating systems. You can use it to enable, configure, manage, and reset IPv4/IPv6 stacks. The netsh interface ipv6 [...] command is equivalent to the ipv6 command. It is available only on the Windows XP and .NET Server operating systems. This section describes the netsh commands that are equivalent to the ipv6 commands for the Windows XP environment. To see the different syntaxes of the netsh command for the IPv6 stack on Windows XP, enter netsh interface ipv6 ? in the DOS shell. You can also see the corresponding ipv6 and netsh commands on the Microsoft Windows website at www.microsoft.com/windows.netserver/technologies/ipv6/ipv62netshtable.mspx.

You can find more information about IPv6 support for Windows XP at www.microsoft.com/windowsxp/pro/techinfo/administration/default.asp. The Frequently Asked Questions section on IPv6 support in Windows XP is available at www.microsoft.com/windowsxp/pro/techinfo/administration/ipv6/default.asp.

Enabling IPv6 on Microsoft Windows 2000

The first step in enabling IPv6 support on Windows 2000 is to download the Microsoft IPv6 Technology Preview For Windows 2000 from the Microsoft website.

After you download the Microsoft IPv6 Technology Preview For Windows 2000 code, it is strongly recommended that you read all the documentation provided by Microsoft before installing the IPv6 support on your Windows 2000 platform. (Installing the IPv6 support on Windows 2000 is beyond the scope of this chapter.)

The Frequently Asked Questions section for the Microsoft IPv6 Technology Preview For Windows 2000 is available at msdn.microsoft.com/downloads/sdks/platform/tpipv6/faq.asp.

Enabling IPv6 on Microsoft Windows NT

The first step in enabling IPv6 support on Windows NT is to download the Microsoft Research IPv6 support from the Microsoft Research website. The Microsoft Research IPv6 code is labeled as outdated by Microsoft. However, considering the large number of users still using Windows NT, this section should be useful.

After you download the Microsoft Research IPv6 code, it is strongly recommended that you read all the documentation provided by Microsoft before installing the IPv6 support on your Windows NT platform. (Installing the IPv6 support for Windows NT is beyond the scope of this chapter.)

Verifying IPv6 on Microsoft Windows

After you've installed the IPv6 support on your computer, you can verify the installation using the ipv6 if command in the DOS shell. When you enter this command, the system displays a list of all the IPv6 pseudo-interfaces defined on Windows.

Example 6-2 shows the output of the ipv6 if command applied on Windows XP. Keep in mind that the computer used to produce this output has only one Ethernet interface. This output might differ slightly if you are using Windows 2000 or Windows NT or if the computer used has multiple interfaces. Example 6-2 shows IPv6 pseudo-interfaces 1 through 4. Pseudo-interface 4 represents this computer's physical Ethernet interface, and pseudo-interfaces 1 through 3 are virtual interfaces assigned for IPv6 support.

Example 6-2. Showing IPv6 Pseudo-Interfaces on Windows XP

C:Documents and SettingsREGIS>ipv6 if
							Interface 4: Ethernet: Local Area Connection
  uses Neighbor Discovery
  uses Router Discovery
  link-layer address: 00-08-02-2d-6f-4f
    preferred link-local fe80::208:2ff:fe2d:6f4f, life infinite
    multicast interface-local ff01::1, 1 refs, not reportable
    multicast link-local ff02::1, 1 refs, not reportable
link MTU 1500 (true link MTU 1500)
  current hop limit 64
  reachable time 18000ms (base 30000ms)
  retransmission interval 1000ms
  DAD transmits 1
Interface 3: 6to4 Tunneling Pseudo-Interface
  does not use Neighbor Discovery
  does not use Router Discovery
  link MTU 1280 (true link MTU 65515)
  current hop limit 128
  reachable time 22500ms (base 30000ms)
  retransmission interval 1000ms
  DAD transmits 0
Interface 2: Automatic Tunneling Pseudo-Interface
  does not use Neighbor Discovery
  does not use Router Discovery
  router link-layer address: 0.0.0.0
  EUI-64 embedded IPv4 address: 0.0.0.0
    preferred link-local fe80::5efe:192.168.1.51, life infinite
  link MTU 1280 (true link MTU 65515)
  current hop limit 128
  reachable time 43000ms (base 30000ms)
  retransmission interval 1000ms
  DAD transmits 0
Interface 1: Loopback Pseudo-Interface
  does not use Neighbor Discovery
  does not use Router Discovery
  link-layer address:
    preferred link-local ::1, life infinite
    preferred link-local fe80::1, life infinite
  link MTU 1500 (true link MTU 4294967295)
  current hop limit 128
  reachable time 21500ms (base 30000ms)
  retransmission interval 1000ms
  DAD transmits 0

Here are descriptions of these IPv6 pseudo-interfaces:

• Interface 4— The pseudo-interface representing this computer's physical Ethernet interface. When more than one physical interface is present, they are numbered sequentially. Example 6-2 shows information such as the interface's Ethernet MAC address, the link-local address (FE80::/10), and the multicast addresses (FF00::/8).

• Interface 3— The pseudo-interface used to enable the 6to4 mechanism on Windows XP. See Chapter 5 for more information about the 6to4 mechanism.

• Interface 2— The pseudo-interface used to deploy automatic IPv4-compatible tunnels on Windows XP. See Chapter 5 for more information about automatic IPv4-compatible tunnels. This mechanism is being deprecated.

• Interface 1— The pseudo-interface representing this computer's IPv6 loopback address. The loopback address is represented as ::1. Refer to Chapter 2 for more information about the loopback address for IPv6.

Stateless Autoconfiguration on Microsoft Windows

As soon as IPv6 support is enabled in Windows, stateless autoconfiguration is enabled by default. Therefore, no specific command or configuration needs to be applied in Windows to enable stateless autoconfiguration on the network interfaces.

At the boot of any IPv6 host, including the Windows implementation, the node starts by completing duplicate address detection (DAD) (discussed in Chapter 3, “IPv6 in Depth”) to ensure that the interface's link-local address is unique on the local link. At this step, the link-local address of the interface on Windows is enabled.

After assigning the interface's link-local address, the Windows node performs stateless autoconfiguration (discussed in Chapter 3) by sending a router solicitation request (ICMPv6 type 133) to the multicast address FF02::2 (all routers on the link-local scope). When a router is present and is properly configured with IPv6 on the local link, the router responds with a router advertisement message (ICMPv6 type 134) to the multicast address FF01::2 (all nodes on the link-local scope) with the necessary information to enable the node's IPv6 configuration. Therefore, the Windows node can configure its IPv6 address using stateless autoconfiguration.

Figure 6-1 illustrates a Windows XP node and an IPv6 router on the same local link. The Windows XP node starts by sending a router solicitation request on the local link via pseudo-interface 4 (the Ethernet interface). Then the IPv6 router responds by sending a router advertisement containing the aggregatable global unicast prefix 3ffe:b00:ffff:1::/64 on the ethernet0 interface. Therefore, the Windows XP node can configure its IPv6 address with the prefix given using stateless autoconfiguration.

Example 6-3 shows a sample of the configuration applied on the IPv6 router in Figure 6-1 to enable stateless autoconfiguration. By using the ipv6 address 3ffe:b00:ffff:1::1/64 command on the ethernet0 interface, IPv6 is enabled on the interface, a static IPv6 address is assigned, and stateless autoconfiguration is enabled.

Example 6-3. Enabling IPv6 and Stateless Autoconfiguration on Cisco

Router(config)#int ethernet0
Router(config-if)#ipv6 address 3ffe:b00:ffff:1::1/64
Router(config-if)#exit
						

Following the router configuration, Example 6-4 displays the pseudo-interface 4 configuration on Windows XP after the node has successfully completed stateless autoconfiguration.

Example 6-4. Pseudo-Interface 4 on Windows XP After Stateless Autoconfiguration Is Performed

C:Documents and SettingsREGIS>ipv6 if 4
Interface 4: Ethernet: Local Area Connection
  uses Neighbor Discovery
  uses Router Discovery
  link-layer address: 00-08-02-2d-6f-4f
    preferred global 3ffe:b00:ffff:1:853c:f894:6648:3cdc, life
							6d23h56m36s/23h54m15s (anonyme)
							preferred global 3ffe:b00:ffff:1:208:2ff:fe2d:6f4f, life
							29d23h59m53s/6d23h59m53s (public)
    preferred link-local fe80::208:2ff:fe2d:6f4f, life infinite
    multicast interface-local ff01::1, 1 refs, not reportable
    multicast link-local ff02::1, 1 refs, not reportable
    multicast link-local ff02::1:ff2d:6f4f, 1 refs, last reporter
							multicast link-local ff02::1:ff48:3cdc, 1 refs, last reporter
link MTU 1500 (true link MTU 1500)
  current hop limit 64
  reachable time 18000ms (base 30000ms)
  retransmission interval 1000ms
  DAD transmits 1

Compared to Example 6-2, Example 6-4 has four new lines. The second highlighted line shows that aggregatable global unicast address 3ffe:b00:ffff:1:208:2ff:fe2d:6f4f is assigned to pseudo-interface 4 through stateless autoconfiguration. The first highlighted line is an additional unicast IPv6 address assigned to pseudo-interface 4. This address is generated using the privacy extension for stateless autoconfiguration, as defined in RFC 3041, Privacy Extensions for Stateless Address Autoconfiguration in IPv6.

The lifetime values for the address generated using the privacy extension are managed by the Windows XP node instead of being provided by the lifetime values in the router advertisement messages. You can display the various parameters and default lifetimes for the privacy extension on Windows XP by using the netsh interface ipv6 show privacy command. The command netsh interface ipv6 set privacy maxpreferredlifetime=lifetime_in_seconds can be used to set the lifetime values of the privacy extension.

The low-order 64-bit in the second highlighted line and the link-local addresses are generated using the Ethernet MAC address 00-08-02-2d-6f-4f of pseudo-interface 4 converted into EUI-64 format. Finally, the ff02::1:ff2d:6f4f and ff02::1:ff48:3cdc addresses are the solicited-node multicast addresses corresponding to the two aggregatable global unicast IPv6 addresses assigned to the interface.

Assigning a Static IPv6 Address and a Default Route on Microsoft Windows

When no IPv6 router on the local link provides stateless autoconfiguration, you can manually assign static IPv6 addresses to interfaces in Windows. The command ipv6 adu is used in the DOS shell to perform this task. The syntax for the ipv6 adu command is as follows:

							C:ipv6 adu
							ifindex/ipv6-address [life
							validlifetime[/preflifetime]]
  [anycast] [unicast]

The ipv6 adu command assigns a static IPv6 address to the given pseudo-interface ifindex. The ipv6-address is the static address to assign to the pseudo-interface. The prefix length is locked at 64 bits on Microsoft. The validlifetime and preflifetime can be assigned following the life keyword. By default, the lifetime is infinite. Specifying a lifetime of 0 causes the static IPv6 address to be removed. By default, the static IPv6 addresses assigned are unicast.

Here is an example of the ipv6 adu command:

							C:ipv6 adu 4/3ffe:b00:ffff:2000::1
						

This command assigns the static IPv6 address 3ffe:b00:ffff:2000::1/64 to pseudo-interface 4 (the Ethernet interface).

On the Windows node that has IPv6 support, you can add a default IPv6 route using the ipv6 rtu command, as shown here:

							C:ipv6 rtu ::/0
							ifindex/gateway
						

This adds a default router that points to the gateway address given as an argument. For example, the following adds a default IPv6 route that points to the link-local address fe80::290:27ff:fe3a:9e9a via pseudo-interface 4:

							C:ipv6 rtu ::/0 4/fe80::290:27ff:fe3a:9e9a
						

Managing IPv6 on Microsoft Windows

ipv6 is the main command used in Windows XP, Windows 2000, and Windows NT to manage IPv6 support. Table 6-1 describes the ipv6 and tracert6 commands used to manage IPv6 addresses and routes in Windows.

ping6 on Microsoft Windows

The new ping6 command on Microsoft sends ICMPv6 echo request messages to the specified destination to display the reachability of a destination IPv6 node. The syntax for the ping6 command is as follows:

								C:ping6
								ipv6-address[%zoneid]

The ping6 command sends echo request messages to the given destination ipv6-address node. The optional %zoneid argument specifies the scope of the destination ipv6-address. The %zoneid argument is used when the destination ipv6-address is a link-local address (fe80::/10) or a site-local address (fec0::/10):

• Link-local address— In this case, the syntax of the %zoneid argument is represented by the % character followed by a number corresponding to the node's pseudo-interface on which the ICMPv6 packets must be sent to the destination link-local address. For example, because the pseudo-interface number corresponding to the Ethernet interface in Example 6-2 is 4, you must use the following command to ping the link-local address fe80::290:27ff:fe3a:9e9a from this node:

  										ping6 fe80::290:27ff:fe3a:9e9a%4
  									

• Site-local address— When the destination ipv6-address is a site-local address, the syntax of the %zoneid argument is represented by the % character followed by the site number. Use the following command to find out the site number on your Microsoft node:

  										netsh interface ipv6 show interface level=verbose
  									

  If multiple sites are not being used, the %zoneid argument for site-local addresses is not required.

The %zoneid argument is not required when the destination IPv6 address is an aggregatable global unicast address.

Defining Configured Tunnels on Microsoft Windows

Microsoft supports the configured tunnel as a transition and coexistence mechanism to deliver IPv6 packets over existing IPv4 networks. This section covers establishing a configured tunnel between a Windows node and a Cisco router. As discussed in Chapter 5, the configured tunnel is a transition mechanism providing a basic way for an IPv6 node to reach an IPv6 network using IPv4 as the transport layer. The configured tunnel allows IPv6 packets to be tunneled over IPv4 packets.

However, establishing a configured tunnel between two nodes such as Windows and a Cisco router requires dual-stack support and a static configuration on both devices. On the Windows node and on the Cisco router you must specify the other's source and destination IPv4 addresses to enable a configured tunnel. The static configuration of IPv6 addresses at both ends of the tunnel is also necessary.

Figure 6-2 illustrates a basic topology in which the Windows dual-stack node A has established a configured tunnel to the Cisco dual-stack Router R1. The IPv4 address assigned to the configured tunnel interface tunnel0 on Router R1 is 206.123.31.200, and the IPv6 address is 3ffe:b00:ffff:8::1/64. On Windows node A, the IPv4 address 132.214.1.10 and the IPv6 address 3ffe:b00:ffff:8::2/64 have been assigned to the configured tunnel pseudo-interface.

Figure 6-2. Establishing a Configured Tunnel Between Windows and a Cisco Router

[View full size image]

Example 6-5 shows the configuration applied on Cisco Router R1 in Figure 6-2 to set the configured tunnel to Windows node A. The IPv6 source address of the tunnel0 interface is assigned using the ipv6 address 3ffe:b00:ffff:8::1/64 command. Then the tunnel source 206.123.31.200 and tunnel destination 132.214.1.10 commands define the source and destination IPv4 addresses for this configured tunnel. Finally, the tunnel mode ipv6ip command defines the type of tunneling as a configured tunnel. For more information on this configuration, refer to Chapter 5, which has the complete description of the commands used to set a configured tunnel on a Cisco router.

Example 6-5. Setting a Configured Tunnel on Cisco Router R1

RouterR1(config)#int tunnel0
RouterR1(config-if)#ipv6 address 3ffe:b00:ffff:8::1/64
RouterR1(config-if)#tunnel source 206.123.31.200
RouterR1(config-if)#tunnel destination 132.214.1.10
RouterR1(config-if)#tunnel mode ipv6ip
RouterR1(config-if)#exit
RouterR1(config)#

The pseudo-interface number for the configured tunnel on Windows XP differs from the pseudo-interface number on Windows NT and Windows 2000. The following sections describe how to set a configured tunnel on Windows 2000 and Windows NT compared to Windows XP.

Defining a Configured Tunnel on Microsoft Windows 2000/NT

With the MSR IPv6 support and the Microsoft IPv6 Technology Preview For Windows 2000, the default pseudo-interface assigned as a configured tunnel interface in the operating system is pseudo-interface 2. The same pseudo-interface number 2 is used on both Windows 2000 and Windows NT to define a configured tunnel.

Example 6-6 is based on Figure 6-2. It shows the configuration applied on a Windows 2000 or Windows NT node A to set the configured tunnel to Cisco Router R1. First, the IPv6 source address of the configured tunnel 3ffe:b00:ffff:8::2 on Windows is assigned with the ipv6 adu 2/3ffe:b00:ffff:8::2 command. The 2/ represents pseudo-interface 2. The default prefix length on Microsoft for any interface is locked at 64 bits. Then the ipv6 rtu ::/0 2/::206.123.31.200 pub command adds a default IPv6 route entry to the IPv6 routing table of Windows node A. It configures the default IPv6 route ::/0 to be routed through pseudo-interface 2 with the tunnel going to the next-hop address ::206.123.31.200. The next-hop IPv6 address for this command on Windows 2000 and Windows NT uses the IPv4-compatible IPv6 address format described in Chapter 2. The IPv4 address 206.123.31.200 represents the destination IPv6 address of Cisco Router R1 for the establishment of the configured tunnel.

Example 6-6. Setting the Configured Tunnel in Figure 6-2 on Windows 2000 and Windows NT

C:Windowssystem32>ipv6 adu 2/3ffe:b00:ffff:8::2
C:Windowssystem32>ipv6 rtu ::/0 2/::206.123.31.200 pub
							

As soon as this configuration is successfully applied, it can be displayed on Windows 2000 and Windows NT using the ipv6 if 2 command. With ipv6 if 2, you should display the tunnel's IPv6 source address 3ffe:b00:ffff:8::2, as well as the IPv4-compatible IPv6 address of Cisco Router R1, ::206.123.31.200. To validate this setup with the Cisco router, you can ping6 the router's IPv6 address 3ffe:b00:ffff:8::1 from this node.

Defining a Configured Tunnel on Microsoft Windows XP

The design of the configured tunnel's pseudo-interface is different on Windows XP compared to Windows 2000 and Windows NT. In Windows XP, the configured tunnel's pseudo-interface must be enabled using the ipv6 ifcr v6v4 ipv4-source-address ipv4-destination-address command. The ipv4-source-address and ipv4-destination-address arguments are the source and destination IPv4 addresses of the configured tunnels. After the command is successfully applied, a new pseudo-interface number is added in Windows XP for the configured tunnel. Then you set the configured tunnel the same way you would for Windows 2000 and Windows NT.

Example 6-7 is based on Figure 6-2. It shows the configuration applied on Windows XP node A to define the configured tunnel to Cisco Router R1. First, the ipv6 ifcr v6v4 132.214.1.10 206.123.31.200 command adds a new pseudo-interface number for a configured tunnel. As soon as this is done, the operating system displays the new pseudo-interface number, 5. Then the configured tunnel's IPv6 source address 3ffe:b00:ffff:8::2 on Windows XP is assigned with the ipv6 adu 5/3ffe:b00:ffff:8::2 command, which is the same step in Windows 2000 and Windows NT. Finally, you add the default IPv6 route entry in the node's IPv6 routing table by specifying the command ipv6 rtu ::/0 5/3ffe:b00:ffff:8::1. The next-hop IPv6 address for this command in Windows XP does not support the IPv4-compatible IPv6 address format, so you must provide the IPv6 address.

Example 6-7. Setting the Configured Tunnel on Windows XP

C:Documents and SettingsREGIS>ipv6 ifcr v6v4 132.214.1.10 206.123.31.200
Interface 5 added.
C:Documents and SettingsREGIS>ipv6 adu 5/3ffe:b00:ffff:8::2
C:Documents and SettingsREGIS>ipv6 rtu ::/0 5/3ffe:b00:ffff:8::1
							

The ipv6 if 5 command can be used to verify the configuration of the configured tunnel and to display the status of pseudo-interface 5. You should see the tunnel's IPv6 source address 3ffe:b00:ffff:8::2, as well as the IPv4 destination address of Cisco Router R1, 206.123.31.200. To validate this setup with the Cisco router, you can ping6 the router's IPv6 address 3ffe:b00:ffff:8::1 from this node.

Using a 6to4 Tunnel on Microsoft Windows

The 6to4 tunnel is another transition mechanism supported in Windows. This section describes the configuration of a 6to4 tunnel that can interact with a Windows node and a Cisco router. As discussed in Chapter 5, 6to4 is a transition mechanism that provides IPv6 connectivity over existing IPv4 infrastructures. Like configured tunnel, IPv6 packets are tunneled over IPv4 packets with 6to4.

Rather than manually defining the tunnel as you would for a configured tunnel, the 6to4 mechanism provides automatic tunneling. The tunneling of IPv6 packets between 6to4 sites is done dynamically according to the destination IPv6 addresses of packets originating from IPv6 nodes on 6to4 sites. Therefore, tunnels are deployed only when needed.

Figure 6-3 illustrates a basic 6to4 topology in which Windows dual-stack node B enables the 6to4 mechanism that can interact with Cisco Router R2. Cisco Router R2 is also enabled with 6to4 support. Because the IPv4 address assigned to Router R2 is 206.123.31.200, the IPv6 prefix of this 6to4 site is 2002:ce7b:1fc8::/48 (206.123.31.200 converted into hexadecimal equals ce7b:1fc8). The IPv6 address 2002:ce7b:1fc8:1::1 is assigned to R2's ethernet0 interface. On Windows node B, the IPv4 address 132.214.1.10 is assigned to the pseudo-interface assigned for the 6to4 operation. Therefore, the IPv6 prefix of this 6to4 site is 2002:84d6:010a::/48.

Figure 6-3. Enabling 6to4 Between a Windows Host and a Cisco Router

[View full size image]

In Figure 6-3, the IPv6 address 2002:84d6:010a:1::1 is assigned to the 6to4 Windows interface.

Example 6-8 is based on Figure 6-3. It shows the configuration applied on Cisco Router R2 to enable the 6to4 mechanism. Both the IPv4 and IPv6 addresses are assigned to the ethernet0 interface using the commands ip address 206.123.31.200 255.255.255.0 and ipv6 address 2002:ce7b:1fc8:1::1/64. Then 6to4 is enabled on the tunnel9 interface using the ipv6 unnumbered ethernet0, tunnel source ethernet0, and tunnel mode ipv6ip 6to4 commands. Finally, an IPv6 route for the destination network 2002::/16 is added to point to the tunnel9 interface.

Example 6-8. Enabling 6to4 on Cisco Router R2

RouterR2#configure terminal
RouterR2(config)#int ethernet0
RouterR2(config-if)#ip address 206.123.31.200 255.255.255.0
RouterR2(config-if)#ipv6 address 2002:ce7b:1fc8:1::1/64
RouterR2(config-if)#int tunnel9
RouterR2(config-if)#no ip address
RouterR2(config-if)#ipv6 unnumbered ethernet0
RouterR2(config-if)#tunnel source ethernet0
RouterR2(config-if)#tunnel mode ipv6ip 6to4
RouterR2(config-if)#exit
RouterR2(config)#ipv6 route 2002::/16 Tunnel9
						

For more information on this 6to4 configuration, refer to Chapter 5 for the complete description of commands used to enable 6to4 support on Cisco.

The pseudo-interface for enabling the 6to4 mechanism differs on Windows 2000 and Windows NT compared to Windows XP. The following sections discuss these configurations separately.

Enabling 6to4 on Microsoft Windows 2000/Windows NT

With MSR IPv6 support and Microsoft IPv6 Technology Preview For Windows 2000, the default interface assigned to the 6to4 mechanism is pseudo-interface 2. This is the same pseudo-interface number for both Windows 2000 and Windows NT.

Example 6-9 is based on Figure 6-3. It shows the configuration applied on Windows 2000 and Windows NT to enable the 6to4 mechanism. First, the ipv6 rtu 2002::/16 2 command adds a route entry in the IPv6 routing table for the destination network 2002::/16, which points to the pseudo-interface 2. When an IPv6 packet with a destination IPv6 address matches the 2002::/16 prefix, then the router forwards the packet through the 6to4 tunnel interface (pseudo-interface 2) by encapsulating the IPv6 packet in IPv4. Then the IPv6 source address of the Windows pseudo-interface 2 is assigned using the command ipv6 adu 2/2002:84d6:010a:1::1. The 2/ represents pseudo-interface 2.

Example 6-9. Enabling 6to4 on Windows 2000 and Windows NT

C:Windowssystem32>ipv6 rtu 2002::/16 2
C:Windowssystem32>ipv6 adu 2/2002:84d6:010a:1::1
							

As soon as the configuration is applied, it can be displayed on Windows 2000 and Windows NT using the ipv6 if 2 command. You should see the IPv6 source address 2002:84d6:010a:1::1 of this pseudo-interface. To validate this setup with the Cisco router enabled into a 6to4 router, you can ping6 the router's IPv6 address 2002:ce7b:1fc8:1::1 from this node.

Enabling 6to4 on Microsoft Windows XP

In Windows XP, the interface assigned for the 6to4 mechanism is pseudo-interface 3 instead of pseudo-interface 2 for Windows 2000 and Windows NT. The commands to enable the 6to4 mechanism on pseudo-interface 3 are the same as those used for Windows 2000 and Windows NT. Example 6-10 presents the 6to4 configuration applied on Windows XP.

Example 6-10. Enabling 6to4 on Windows XP

C:Documents and SettingsREGIS>ipv6 rtu 2002::/16 3
C:Documents and SettingsREGIS>ipv6 adu 3/2002:84d6:010a:1::1
							

As soon as the configuration is applied, it can be displayed in Windows XP using the ipv6 if 3 command. You should see the IPv6 source address 2002:84d6:010a:1::1 of this pseudo-interface. To validate this setup with the Cisco router enabled as a 6to4 router, you can ping6 the router's IPv6 address 2002:ce7b:1fc8:1::1 from this node.

Using 6to4 Relay on Microsoft Windows

As seen in Chapter 5, a 6to4 relay is a 6to4 router acting as a gateway between the IPv6 Internet and the 6to4 sites on the Internet. The 6to4 relay is a router at the border of the IPv4 Internet and the IPv6 Internet. The 6to4 relay forwards all non-6to4 traffic such as 2001::/16 and 3ffe::/16 prefixes, to the IPv6 Internet.

To use a 6to4 relay, a 6to4 node such as Windows must add a default IPv6 route in its configuration pointing to the 6to4 relay. Therefore, all non-6to4 traffic is sent to the IPv6 Internet through the 6to4 relay.

Cisco Router R2 in Figure 6-3 acts as a 6to4 relay. Examples 6-11 and 6-12 show the configuration for using a 6to4 relay applied on Windows 2000, Windows NT, and Windows XP.

Example 6-11. Using 6to4 Relay on Windows 2000 and Windows NT

C:Windowssystem32>ipv6 rtu 2002::/16 2
C:Windowssystem32>ipv6 adu 2/2002:84d6:010a:1::1
C:Windowssystem32>ipv6 rtu ::/0 2/::206.123.31.200
							

Example 6-12. Using 6to4 Relay on Windows XP

C:Documents and SettingsREGIS>ipv6 rtu 2002::/16 3
C:Documents and SettingsREGIS>ipv6 adu 3/2002:84d6:010a:1::1
								C:Documents and SettingsREGIS>ipv6 rtu ::/0 3/2002:ce7b:1fc8:1::1