Connections folder, but you cannot uninstall them. You can uninstall the IPv4 Internet layer with the netsh interface ipv4 uninstall command, but you cannot uninstall the IPv6 Internet layer. For more information, see “Manually Configuring the IPv6 Protocol” section in this chapter.

Note The IPv6 protocol for Windows XP and Windows Server 2003 is a separate protocol stack that contains its own implementation of TCP and UDP. This is known as a dual stack architecture. For more information, see Chapter 11, “IPv6 Transition Technologies.”

Features of the IPv6 Protocol for Windows Server 2008 and Windows Vista

The IPv6 protocol for Windows Server 2008 and Windows Vista includes the following features:

■Installed, enabled, and preferred by default

■Basic IPv6 stack support

■IPv6 stack enhancements

■Graphical user interface (GUI) and command-line configuration

■Integrated Internet Protocol security (IPsec) support

■Windows Firewall support

■Temporary addresses

■Random Interface IDs

■Domain Name System (DNS) support

■Source and destination address selection

■Support for ipv6-literal.net names

■Link-Local Multicast Name Resolution (LLMNR)

■Peer Name Resolution Protocol (PNRP)

■Literal IPv6 addresses in URLs

■Static routing

■IPv6 over PPP

■DHCPv6

■Intra-Site Automatic Tunnel Addressing Protocol (ISATAP)

■6to4

20Understanding IPv6, Second Edition

■Teredo

■PortProxy

Installed, Enabled, and Preferred by Default

In Windows Server 2008 and Windows Vista, IPv6 is installed and enabled by default for all connections in the Network Connections folder. In Windows Server 2008 and Windows Vista, almost all networking operating system components now support IPv6.

When both IPv4 and IPv6 are enabled, Windows Server 2008 and Windows Vista by default prefer the use of IPv6 over IPv4. For example, if a Domain Name System (DNS) Name Query Response message contains a list of both IPv6 and IPv4 addresses, Windows Server 2008 and Windows Vista will attempt to communicate over IPv6 first, subject to the address selection rules that are defined in RFC 3484. For more information, see the “Source and Destination Address Selection” section in this chapter.

The preference of IPv6 over IPv4 can provide IPv6-enabled applications better network connectivity because IPv6 connections can use IPv6 transition technologies such as Teredo, which allow peer or server applications to operate behind Network Address Translators (NATs) without requiring NAT configuration or application modification.

Enabling IPv6 by default and preferring IPv6 traffic does not impair IPv4 connectivity in most cases. For example, on networks without IPv6 records in the DNS infrastructure, communications using IPv6 addresses are not attempted unless the user or application specifies a destination IPv6 address. There are cases, however, when an application can attempt an IPv6-based connection and fail, even though IPv4 connectivity exists. For more information about deployment considerations for IPv6-capable applications, see Chapter 16, “Deploying IPv6.”

To take advantage of IPv6 connectivity, networking applications might need to be updated to use networking application programming interfaces (APIs) that support IPv6. (See the section “Application Support” in this chapter.) For example, applications that use Windows Sockets might be written to use Windows Sockets functions that are IPv4-specific. You need to update these applications to use newer Windows Sockets functions that are not specific to IPv4 or IPv6. For more information, see Appendix B, “Windows Sockets Changes for IPv6,” or see the “IPv6 Guide for Windows Sockets Applications” at http://go.microsoft.com/fwlink/ ?LinkID=87735.

Basic IPv6 Stack Support

The IPv6 protocol for Windows Server 2008 and Windows Vista supports Internet Engineering Task Force (IETF) standards for IPv6 protocol stack functionality, including the following:

■The IPv6 header (RFC 2460)

■Unicast, multicast, and anycast addressing (RFC 4291)

■The Internet Control Message Protocol for IPv6 (ICMPv6) (RFC 4443)

■Neighbor Discovery (ND) (RFC 4861)

■Multicast Listener Discovery (MLD) (RFC 2710) and MLD version 2 (MLD v2) (RFC 3810)

■Stateless address autoconfiguration (RFC 4862)

IPv6 Stack Enhancements

The IPv6 protocol for Windows Server 2008 and Windows Vista also supports the following enhancements:

■Default route preferences and Route Information options in router advertisements (RFC 4191) With default router preferences, you can configure the advertising routers on a subnet to indicate a preference level so that hosts use the most preferred router as their default router. With Route Information options in router advertisements, routers that do not advertise themselves as default routers can advertise directly attached routes to hosts. For more information, see Chapter 6.

■ Strong host model for both sending and receiving The strong host model requires that unicast traffic sent or received must be associated with the network interface on which the traffic is sent or received. For sent traffic, IPv6 can send packets on an interface only if the interface is assigned the source IPv6 address of the packet being sent. For received traffic, IPv6 can receive packets on an interface only if the interface is assigned the destination IPv6 address of the packet being received. For more information, see Chapter 10, “IPv6 Routing.”

22 Understanding IPv6, Second Edition

GUI and Command-Line Configuration

With Windows Server 2008 and Windows Vista, you can manually configure IPv6 settings through the following:

■The Windows GUI from the properties of the Internet Protocol version 6 (TCP/IPv6) component in the Network Connections folder

■The Windows command prompt with commands in the netsh interface ipv6 context

For more information, see the “Manually Configuring the IPv6 Protocol” section in this chapter.

Integrated IPsec Support

IPsec support for IPv6 traffic in Windows XP and Windows Server 2003 was limited. There was no support for Internet Key Exchange (IKE) or data encryption. IPsec security policies, security associations, and keys were configured through text files and activated through a command-line tool, Ipsec6.exe.

In Windows Server 2008 and Windows Vista, IPsec support for IPv6 traffic is the same as that for IPv4. IPsec for IPv6 traffic now supports IKE and data encryption. Windows Server 2008 and Windows Vista support the configuration of IPsec policies for IPv6 traffic in the same way as IPv4 traffic using either the IP Security Policies snap-in or the new Windows Firewall with Advanced Security snap-in.

Windows Firewall Support

Windows Firewall is a built-in host-based firewall that helps protect a computer running Windows Server 2008 or Windows Vista by blocking unsolicited incoming or outgoing traffic. Windows Firewall supports IPv6 traffic and the configuration of incoming or outgoing traffic exceptions in the same way as IPv4. Both IPv4 and IPv6 share the same settings for excepted traffic. For example, if you configure an inbound rule to allow file-and-print-sharing traffic, by default unsolicited incoming file-and-print-sharing traffic over both IPv4 and IPv6 are allowed. Windows Firewall is enabled by default for both Windows Server 2008 and Windows Vista.

Temporary Addresses

To provide a level of anonymity when accessing Internet resources, the IPv6 protocol for Windows Server 2008 and Windows Vista supports the use of temporary addresses containing randomly derived interface identifiers. Temporary addresses change over time, making it difficult to track someone’s Internet usage based on their IPv6 address. Temporary addresses are enabled by default for Windows Vista and disabled by default for Windows Server 2008. You can enable them with the netsh interface ipv6 set privacy enabled command. Temporary