Guy’s Ezine 137 – IPv6 Follow-upSwitching from IPv4 to IPv6 lends itself to learning by hands-on experimentation. It’s hard to see what damage anyone could do – even my old enemy ‘Psycho’ cannot break a TCP/IP stack. Just leave the IPv4 protocol in place and enjoy learning by playing with IPv6 addresses, configurations and commands. Topics for IPv6 – Follow-upHere are four keywords that will aid your understanding should you read IPv6 RFC (Request for comments) articles: Stateful and Stateless; Link-Local and Site-Local addresses. A stateful IP address is one given by a DHCP server. Usually DHCP gives more information than just the IP address, for example the IP address of the DNS server and also the default gateway. A stateless IP address is one that is automatically configured by router discovery. The host assigns itself an IPv6 address automatically rather like the IPv4 APIPA. Link-Local IPv6 addresses only allow connections with neighbors on that subnet (link), these address are not forwarded by routers. End of story. Site-Local address are routable, but not to the internet, thus hosts with Site-Local IPv6 addresses can use private (not ICANN) IP addresses, AND can connect to any other Site-Local address within the organization. To have a working knowledge of IPv6 you need to make sense of the first four numbers of the address. As with IPv4, it’s the first section of the address that has the most meaning, 192.x.y.z, 10.x.y.z, or even 169. I would like to focus in IPv6 addresses beginning with FE, for example, FE80, FECO. Again, as with IPv4, studying the binary numbers helps to explain why we get particular decimal or hexadecimal number. Link-local address FE80 = 1111 1110 10 Site-local address FEC0 = 1111 1110 11 Other IPv6 addresses you may see on your travels Multicast address beginning with FF = 1111 1111 for example: FF01:0:0:0:0:0:0:37 Compressed to FF01::37 0:0:0:0:0:0:0:1 The loopback address. Compressed format ::1 0:0:0:0:0:0:10.0.0.20 An IPv4 address. Note triple colon in the compressed form :::10.0.0.20 Consequently, if you see a number beginning with 2001 or 3001 then it’s a number that ICANN/IANA have allocated, probably to an ISP. Let us decipher the last part of the following Link-local IP address, fe80::211:5bff:fec2:82dc%4. The %4 caused me some head-scratching until I made a few vital deductions. Embarrassingly, until I understood the significance of the % number, I could not get ping to work. This percentage number has the following names: the Zone ID (most common), % Scope ID, NIC adapter number, Interface ID, or if you ‘ask’ Netsh, the Idx number. Thank goodness that this command still works: Ipconfig /all. Moreover, it helps us by displaying the elusive number after the % sign. Here are the results for two machines where I wanted to ping. Machine A: IPv6 address fe80::211:5bff:fec2:82dc%4 Machine B: IPv6 address fe80::ec84:1634:d659:2aba%10 Preliminary step, get the IPv6 addresses of two machines. Then substitute your hex numbers for mine. Experiment 1: At Machine A, launch a cmd prompt and type Machine B’s IPv6 number and YOUR (Machine A) % number:
Ping fe80::ec84:1634:d659:2aba%4 – Correct you should get a reply Experiment 2: At Machine A type Machine B’s IPv6 number omitting the % number
Ping fe80::ec84:1634:d659:2aba – Wrong no Zone ID number. Also, we assume that interface number we need (%4) is not the default Zone ID. Experiment 3: At Machine A type Machine B’s IPv6 number with the wrong % number
Ping fe80::ec84:1634:d659:2aba%10 – Wrong we need the Zone ID number of the sending machine = %4; the Zone ID of the target machine %10, is irrelevant. My rational is that we always learn more when things go wrong, it’s just that most text books leave out the mistakes! If you get stuck, do remember the following Netsh commands. Calculating IP Address ranges is a black art, which many network managers solve by creating custom Excel spreadsheets. IPAT cracks this problem of allocating IP addresses in networks in two ways: For Mr Organized there is a nifty subnet calculator, you enter the network address and the subnet mask, then IPAT works out the usable addresses and their ranges. For Mr Lazy IPAT discovers and then displays the IP addresses of existing computers. Download the Free IP Address Tracker Troubleshooting – Netsh is your friendI assume that you are at the cmd prompt, now type these five words: netsh interface ipv6 show interface Note: Be careful, the command really does need two words called ‘interface’. Additionally you need to specify ipv6 – as shown above. Incidentally, as an ex-biologist I was amazed to see the word ‘Teredo’ in the netsh print-out. Previously I associated Teredo with the dreaded ship-boring mollusc. This animal probably destroyed more of Drake’s ships than the entire Spanish Armada. Back to IPv6, I soon made the connection, Teredo is tunnelling interface so that IPv4 packets can move smoothly through IPv6 networks. Incidentally, Netsh is well worth learning, not only will it help you troubleshoot IPv6, but also it will be handy for configuring Core (GUI-Less) Windows Server 2008 machines. Configuring IPv6 addresses with NetshFirstly an assumption, if you have XP you have installed IPv6 (Network connection, properties, Install). The key to configuring a manual IPv6 address is preparation, it also helps if you tuning-in to the terminology. As XP and Windows Server 2003 don’t have a box to type the IPv6 address, you need to employ the built-in command line tool Netsh. With Vista and Server 2008, you can also configure IPv6, in much the same way as you did with IPv4, namely type numbers in a dialog box. Again you go to the Network Connections, but this time, IPv6 has a live properties button, (greyed out in XP). The first question is, ‘What is the name of your Adapter Interface?’ To check your answer type ipconfig /all and read what comes after ‘Ethernet Adapter’. This usually begins with ‘Default..’ For more information, check your Network Connections, you could even take the opportunity of renaming the connection, e.g ‘lab’, and see the new name appear when you re-type ipconfig /all. What IPv6 address could you add? Use an existing IP address as your starting point; it should begin with FE80. Also note the double colon meaning ‘compression’. Suppose IPv6 reveals a Link-local address = fe80::211:5bff:fec2:82dc. You could add a new unique number by changing the last four digits thus: fe80::211:5bff:fec2:111a. Here is the syntax of Netsh.
The pattern is this: Add address interface = name address =hex number Add address interface = lab address =fe80::211:5bff:fec2:111a If you get an ‘Element not found’ error message, then it’s because your interface = NAME is wrong. The solution is to check the NAME in the Network Connections. Finally, if you want get rid of your IPv6 command substitute delete for add, hence:
DELETE address interface = lab address =fe80::211:5bff:fec2:111a Tools4EverRob at Tools4Ever has advertised in my ezine for over 3 years. As you get to know me you realize that I would not endorse a product if I did not believe in it. To begin with Tools4Ever offer free utilities such as a Group Policy Template editor, also a raft of command line tools, and of course, FreePing. See more about Ipconfig and PowerShell 3 Guy Recommends: Tools4ever’s UMRA Tired of writing scripts? The User Management Resource Administrator solution by Tools4ever offers an alternative to time-consuming manual processes. It features 100% auto provisioning, Helpdesk Delegation, Connectors to more than 130 systems/applications, Workflow Management, Self Service and many other benefits. Click on the link for more information onUMRA. It is going to take for ever for the world to migrate from IPv4 to IPv6. Fortunately the IPv6 committees took this into account when they designed IPv6. Specifically they included Teredo for tunnelling IPv4 inside IPv6. Here are the main tasks you can undertake to prepare for IPv6. Whereas you should not attempt to upgrade an old XP machine to Vista*; upgrading an XP client from IPv4 to IPv6 will be the proverbial piece of cake. Vista machines don’t need to be upgraded because they have the IPv6 protocol pre-installed. Thus all the IPv6 migration falls to the servers and the routers. (*Only try a clean Vista install on a modern machine with designed for Vista hardware) - Upgrade your applications to work with both IPv6 and IPv4. In the case of the operating systems, they have a built-in IPv6 stack. Question: is IPv6 a killer reason to migrate to Vista. No. XP SP2 has a perfectly good IPv6 stack. Network connection, properties, Install. Alternatively, call for help about Install IPv6.
- Focus on DNS and make sure it supports IPv6 address and PTR records. In truth, if you have a true DNS expert, it will be straightforward for them to configure the AAAA records and the appropriate in-arpa reverse lookup zone.
- Before we consider IPv6 and DHCP, a few words about other simple auto-configuration methods. The IPv6 host can use Router Discovery to obtain vital information such as router IP address. What happens is that routers send multicast Router Advertisement (RA) messages periodically. From such RA messages a host can assign itself a Link-local address.
- As far as I can see, you will need Windows Server 2008 (Longhorn) for IPv6 DHCP. There may be plans to add IPv6 scopes in Windows Server 2003, but I cannot find any reference to them. What did find was this statement from Microsoft, ‘The IPv6 protocol for the Windows Server 2003 family does not currently support DHCPv6.’
Summary of Migrating to IPv6Migration to IPv6 requires very little work on the XP client, and none at all for Vista. On the server side, you need a DNS expert to look at the AAAA records and the Reverse Lookup zone. As for DHCP, start by seeing if you can manage with just the automatic Link-local address. However, if your machines need the extra settings that DHCP offers, then consider upgrading to Windows Server 2008.
See more interesting network computer utilities• E195 Router Security • E158 Network Apps • E153 Network Utilities • E149 Performance Monitor • E138 Network Utilities • E137 IPv6 •E121 NCPA for Network Connections • E111 Mobile Devices • E98 Nmap •E16 Perfmon •Network Performance Monitor • Kiwi Syslog Server Review • Ezines | 
