To create a configured tunnel between Router 1 and Router 2, you would use the following commands on Router 1:

netsh interface ipv6 add v6v4tunnel TunnelTo2 131.107.47.121 157.54.9.211 netsh interface ipv6 add route 2001:db8:0:2::/64 TunnelTo2

Similarly, you would use the following commands at Router 2:

netsh interface ipv6 add v6v4tunnel TunnelTo1 157.54.9.211 131.107.47.121 netsh interface ipv6 add route 2001:db8:0:1::/64 TunnelTo1

Automatic Tunnels

An automatic tunnel is a tunnel that does not require manual configuration. Tunnel endpoints for automatic tunnels are determined by the use of routes, tunnel interfaces, and next-hop addresses for destination IPv6 addresses. The IPv6 protocol for Windows Server 2008 and Windows Vista supports the following automatic tunneling technologies:

■ISATAP Used for unicast communication between IPv6/IPv4 hosts across an IPv4-only intranet. For more information, see Chapter 12.

■6to4 Used for unicast communication between IPv6/IPv4 hosts and IPv6-capable sites across the IPv4 Internet when 6to4 routers or 6to4 host/routers have public IPv4 addresses. For more information, see Chapter 13.

■Teredo Used for unicast communication between IPv6/IPv4 hosts across the IPv4 Internet, even when they have private IPv4 addresses and are located behind NATs. For more information, see Chapter 14.

For automatic tunneling technologies in Windows Server 2008 and Windows Vista, the sending or forwarding node determines the IPv6-over-IPv4 tunnel endpoints from the following:

■The IPv4 address of the remote tunnel endpoint is embedded or encoded in the nexthop IPv6 address corresponding to the matching route for the destination IPv6 address.

■The IPv4 address of the local tunnel endpoint is determined by the best source IPv4 address to reach the destination IPv4 address (the remote tunnel endpoint).

PortProxy

To facilitate the communication between nodes or applications that cannot connect using a common Internet layer protocol (IPv4 or IPv6), the IPv6 protocol for Windows Server 2008 and Windows Vista provides PortProxy, a component that allows the proxying of the following traffic:

■IPv4 to IPv4 TCP traffic to an IPv4 address is proxied to TCP traffic at another IPv4 address.

272Understanding IPv6, Second Edition

■IPv4 to IPv6 TCP traffic to an IPv4 address is proxied to TCP traffic at an IPv6 address.

■IPv6 to IPv6 TCP traffic to an IPv6 address is proxied to TCP traffic at another IPv6 address.

■IPv6 to IPv4 TCP traffic to an IPv6 address is proxied to TCP traffic at an IPv4 address.

The most interesting and useful proxying for IPv6 transition is from IPv4 to IPv6 and from IPv6 to IPv4, which enables the following scenarios:

■An IPv4-only node can indirectly access an IPv6-only node. In the IPv4 DNS infrastructure of the IPv4-only node, the name of the IPv6-only node resolves to an IPv4 address assigned to an interface of the PortProxy computer. This might require manual configuration of an A record in the DNS. When the PortProxy computer is configured to proxy IPv4 to IPv6, all TCP traffic sent by the IPv4-only node is proxied in a manner similar to Internet proxy servers: the IPv4-only node establishes a TCP connection with the PortProxy computer, and the PortProxy computer establishes a separate TCP connection with the IPv6-only node. The PortProxy computer transfers TCP connection data between the IPv4-only node and the IPv6-only node.

■An IPv6-only node can access an IPv4-only node. In the IPv6 DNS infrastructure of the IPv6-only node, the name of the IPv4-only node resolves to an IPv6 address assigned to an interface of the PortProxy computer. This might require manual configuration of AAAA records in the DNS. When the PortProxy computer is configured to proxy IPv6 to IPv4, PortProxy proxies (translates) the TCP traffic sent between the IPv6-only node and the IPv4-only node.

■An IPv6 node can access an IPv4-only service running on an IPv6/IPv4 node. In the IPv6 DNS infrastructure of the IPv6-only node, the name of the IPv6/IPv4 node resolves to an IPv6 address assigned to an interface of the PortProxy computer. When the PortProxy computer is configured to proxy from IPv6 to IPv4, PortProxy proxies the TCP traffic sent between the IPv6-only node and the IPv4-only service or application running on the PortProxy computer.

To configure the PortProxy component, use the netsh interface portproxy add|set|delete v4tov4|v4tov6|v6tov4|v6tov6 commands.

The syntax for the netsh interface portproxy add v6tov4 command is

netsh interface portproxy add v6tov4 [listenport=]LPortNumber|LPortName

[[connectaddress=]IPv4Address|IPv4HostName] [[connectport=]CPortNumber|CPortName] [[listenaddress=]IPv6Address|IPv6HostName]

■LPortNumber|LPortName is the TCP port number or service name on which PortProxy is listening.

■IPv6Address|IPv6HostName is the IPv6 address or host name on which PortProxy is listening. (If it is unspecified, all IPv6 addresses assigned to the PortProxy computer are assumed.)

■CPortNumber|CPortName is the TCP port number or service name that PortProxy attempts to connect to. (If it is unspecified, the connect port is set to the same port as the listening port.)

■IPv4Address|IPv4HostName is the IPv4 address or host name that PortProxy attempts to connect to. (If it is unspecified, the loopback address is assumed.)

The syntax for the netsh interface portproxy add v4tov6 command is

netsh interface portproxy add v4tov6 [listenport=]LPortNumber|LPortName

[[connectaddress=]IPv6Address|IPv6HostName] [[connectport=]CPortNumber|CPortName] [[listenaddress=]IPv4Address|IPv4HostName]

■LPortNumber|LPortName is the TCP port number or service name on which PortProxy is listening.

■IPv4Address|IPv4HostName is the IPv4 address or host name on which PortProxy is listening. (If it is unspecified, all IPv4 addresses assigned to the PortProxy computer are assumed.)

■CPortNumber|CPortName is the TCP port number or service name that PortProxy attempts to connect to. (If it is unspecified, the connect port is set to the same port as the listening port.)

■IPv6Address|IPv6HostName is the IPv6 address or host name that PortProxy attempts to connect to. (If it is unspecified, the loopback address is assumed.)

Note PortProxy works only for TCP traffic and for application-layer protocols that do not embed address or port information inside the TCP connection data. Unlike NATs, there are no equivalents to NAT editors for PortProxy. An example of a protocol that will not work across a PortProxy computer is File Transfer Protocol (FTP), which embeds IPv4 addresses when using the FTP Port command.

References

The following references were cited in this chapter:

■RFC 1752 — “The Recommendation for the IP Next Generation Protocol”

■RFC 2529 — “Transmission of IPv6 over IPv4 Domains without Explicit Tunnels”

■RFC 2893 — “Transition Mechanisms for IPv6 Hosts and Routers”

274Understanding IPv6, Second Edition

■RFC 3056 — “Connection of IPv6 Domains via IPv4 Clouds”

■RFC 3484 — “Default Address Selection for IPv6”

■RFC 4214 — “Intra-Site Automatic Tunnel Addressing Protocol (ISATAP)”

■RFC 4380 — “Teredo: Tunneling IPv6 over UDP through Network Address Translations (NATs)”

You can obtain these RFCs from the \RFCs_and_Drafts folder on the companion CD-ROM or from http://www.ietf.org/rfc.html.

Testing for Understanding

To test your understanding of IPv6 transition, answer the following questions. See Appendix D, “Testing for Understanding Answers,” to check your answers.

1.Describe the difference between migration and coexistence.

2.How does an IPv4-only host communicate with an IPv6-only host?

3.What is an IPv4-mapped address used for?

4.Is the IPv6 protocol for Windows Server 2008 and Windows Vista a dual IP layer? Why or why not?

5.How are the source and destination addresses in the IPv4 header determined for IPv6- over-IPv4 tunnel traffic?

6.What is the Netsh command to enable the proxying of TCP connection data between an IPv6-only host and an IPv4-only service that is running on the PortProxy computer and listening on TCP port 32175?

7.Why might you have to manually add A or AAAA DNS records to help facilitate communication between IPv4-only nodes and IPv6-only nodes when using PortProxy?