ipv6configs

8/3/2019 ipv6configs

1/33

IPv6 Configurations and Test Lab

Microsoft Corporation

Published: September 2002

Abstract

The Microsoft Windows .NET Server family and Windows XP with Service Pack 1 include a supported versionof the new IP version 6 (IPv6) protocol. This article describes five IPv6 configurations and instructions on how to

create an IPv6 test lab so that application developers can test their modified applications with a supported

protocol suite and Windows networking professionals to begin learning and experimenting with IPv6 prior to

deploying IPv6 in their organizations.


2/33

Microsoft Windows .NET Server 2003 White Paper

This is a preliminary document and may be changed substantially prior tofinal commercial release of the software described herein.

The information contained in this document represents the current view ofMicrosoft Corporation on the issues discussed as of the date ofpublication. Because Microsoft must respond to changing marketconditions, it should not be interpreted to be a commitment on the part ofMicrosoft, and Microsoft cannot guarantee the accuracy of any informationpresented after the date of publication.

This document is for informational purposes only. MICROSOFT MAKES

NO WARRANTIES, EXPRESS OR IMPLIED, AS TO THEINFORMATION IN THIS DOCUMENT.

Complying with all applicable copyright laws is the responsibility of theuser. Without limiting the rights under copyright, no part of this documentmay be reproduced, stored in or introduced into a retrieval system, ortransmitted in any form or by any means (electronic, mechanical,photocopying, recording, or otherwise), or for any purpose, without theexpress written permission of Microsoft Corporation.

Microsoft may have patents, patent applications, trademarks, copyrights,or other intellectual property rights covering subject matter in thisdocument. Except as expressly provided in any written license agreementfrom Microsoft, the furnishing of this document does not give you anylicense to these patents, trademarks, copyrights, or other intellectualproperty.

2002 Microsoft Corporation. All rights reserved.

Microsoft and Windows are either registered trademarks or trademarks ofMicrosoft Corporation in the United States and/or other countries.

The names of actual companies and products mentioned herein may bethe trademarks of their respective owners.


3/33


iii

Contents

Introduction .................................................... ........................................................ .......................1Single Subnet with Link-local Addresses...................................................... ................................3

Testing Connectivity Between Two Link-local Hosts........................................................................4Using the Zone ID ................................................... ....................................................... ..............5

Using IPSec Between Two Local Link Hosts.................................................. ................................6Table 1 Security Policy Entry for Host 1................................................... ................................6Table 2 First Security Association Entry for Host 1...... ..... ...... ...... ..... ...... ..... ...... ...... ..... ...... ..... .6Table 3 Second Security Association Entry for Host 1...... ...... ...... ..... ...... ..... ...... ...... ..... ...... ..... .7Table 4 Security Policy Entry for Host 2................................................... ................................8Table 5 First Security Association Entry for Host 2...... ..... ...... ...... ..... ...... ..... ...... ...... ..... ...... ..... .9Table 6 Second Security Association Entry for Host 2...... ...... ...... ..... ...... ..... ...... ...... ..... ...... ..... .9

IPv6 Traffic Between Nodes on Different Subnets of an IPv6 Internetwork..................................11IPv6 Traffic Across an IPv4 Intranet...................................................... ....................................... 13

Table 7 Example ISATAP Addresses.................................... ................................................. 14Using an ISATAP Router .................................................. ........................................................ ..14

Resolving the ISATAP Name .................................................. ................................................. 15Using the netsh interface ipv6 isatap set router Command ...... ..... ...... ..... ..... ...... ..... ...... ..... ...... ..15

IPv6 Traffic Across the IPv4 Internet..................................................... ....................................... 17Setting up an IPv6 Test Lab............................................... ........................................................ ..20

Setting Up the Infrastructure.......................................................................... .............................. 20DNS1.....................................................................................................................................21 CLIENT1 ................................................... ........................................................ .....................21ROUTER1..............................................................................................................................22 ROUTER2..............................................................................................................................22 CLIENT2 ................................................... ........................................................ .....................23

IPv6 Test Lab Tasks......................................................... ........................................................ ..23Link-local ping................. ....................................................... ................................................. 23Creating a static routing infrastructure ........................................................ .............................. 24Using name resolution............................................................ ................................................. 25


4/33


iv

Using temporary addresses .................................................... ................................................. 26Summary ............................................... ........................................................ .............................. 28Related Links...............................................................................................................................29


5/33


IPv6 Configurations and Test Lab 1

Introduction

IP version 6 (IPv6) is a suite of standard protocols that is the next generation of network layer protocols for

the Internet. The current version of the Internet Protocol (known as IP version 4 or IPv4) has not been

substantially changed since RFC 791 was published in 1981. IPv4 has proven to be robust, easilyimplemented and interoperable, and has stood the test of scaling an internetwork to a global utility the size

of today's Internet.

However, the initial design of IPv4 did not anticipate:

The recent exponential growth of the Internet and the impending exhaustion of the IPv4 address

space.

Internet growth and the ability of Internet backbone routers to maintain large routing tables.

The need for simpler configuration.

The requirement for security at the IP level.

The need for better support for real-time delivery of data (also known as quality of service).

To address these concerns, the Internet Engineering Task Force (IETF) has developed a suite of protocols

and standards known as IP version 6 (IPv6). This new version, previously named IP-The Next Generation

(IPng), incorporates the concepts of many proposed methods for updating the IPv4 protocol. IPv6 is

intentionally designed for minimal impact on upper and lower layer protocols by avoiding the arbitrary

addition of new features.

In order to justify the deployment of IPv6, it must be used by applications. Applications must be modified to

use new Windows Sockets application programming interfaces (APIs) that are IP version independentthe

same API function is used for IPv4 or IPv6, and the result of the API call depends on the installed protocols

and the available addresses. For more information about modifying applications to work over IPv4 and IPv6,see the white paper titled "Adding IPv6 Capability to Windows Sockets Applications" and the Microsoft IPv6

Web site at http://www.microsoft.com/ipv6.

The Windows .NET Server 2003 family and Windows XP with Service Pack 1 (SP1) includes a supported

IPv6 protocol suite that includes a number of features that allow you to set up and test IPv6 functionality

either using native IPv6 packets or by sending IPv6 packets over an IPv4 routing infrastructure. Separate

sections of this article describe the following configurations:

Single subnet with link-local addresses.

Using IPSec between two local link hosts.

IPv6 traffic between nodes on different subnets of an IPv6 internetwork.

IPv6 traffic across an IPv4 intranet.

IPv6 traffic across the IPv4 Internet.

Additionally, this article contains instructions on how to use five computers to create a working IPv6 test lab

network.

Note: This article assumes familiarity with IPv6 concepts, protocols, and addressing. For information, see the white paper titled


6/33



"Introduction to IP Version 6" at

http://www.microsoft.com/windows2000/techinfo/howitworks/communications/nameadrmgmt/introipv6.asp.


7/33



Single Subnet with Link-local Addresses

This configuration requires only the installation of the IPv6 protocol on at least two nodes on the same

network segment (also known as a link or subnet) with no intermediate routers.

Figure 1 shows the configuration of two nodes on a single subnet using link-local addresses.

Figure 1: Two nodes on a single subnet using link -local addresses

By default, the IPv6 protocol for the Windows .NET Server 2003 family and Windows XP automatically

configures link-local addresses for each interface that corresponds to installed Ethernet network adapters.

Link-local addresses have the prefix of FE80::/64. The last 64 bits of the IPv6 address is known as the

interface identifier. It is derived from the 48-bit MAC address of the network adapter.

To create the IPv6 interface identifier from the 48-bit (6-byte) Ethernet MAC address:

The hexadecimal digits 0xFFFE are inserted between the third and fourth bytes of the MAC

address.

The Universal/Local bit (the second low-order bit of the first byte of the MAC address) is

complemented. If it is a 1, it is set to 0; and if it is a 0, it is set to 1.

For example, for the MAC address of 00-60-08-52-F9-D8:

The hexadecimal digits 0xFFFE are inserted between 0x08 (the third byte) and 0x52 (the fourth

byte) of the MAC address, forming the 64-bit address of 00-60-08-FF-FE-52-F9-D8.

The Universal/Local bit, the second low-order bit of 0x00 (the first byte) of the MAC address, is

complemented. The second low-order bit of 0x00 is 0 which, when complemented, becomes 1. The

result is that for the first byte, 0x00 becomes 0x02.

As a result, the IPv6 interface identifier that corresponds to the Ethernet MAC address of 00-60-08-52-F9-

D8 is 02-60-08-FF-FE-52-F9-D8.

The link-local address of a node is the combination of the prefix FE80::/64 and the 64-bit interface identifier

expressed in colon-hexadecimal notation. As a result, the link-local address of this example node, with the

prefix of FE80::/64 and the interface identifier 02-60-08-FF-FE-52-F9-D8, is FE80::260:8FF:FE52:F9D8.

You can view your link local address by using the netsh interface ipv6 show address command, as

demonstrated in the following example output:


8/33



Interface 3: Local Area Connection

Addr Type DAD State Valid Life Pref. Life Address--------- ---------- ------------ ------------ ---------------------------Link Preferred infinite infinite fe80::204:5aff:fe56:1006

Interface 2: Automatic Tunneling Pseudo-Interface

Addr Type DAD State Valid Life Pref. Life Address--------- ---------- ------------ ------------ ---------------------------Link Preferred infinite infinite fe80::5efe:10.60.137.151

Interface 1: Loopback Pseudo-Interface

Addr Type DAD State Valid Life Pref. Life Address--------- ---------- ------------ ------------ ---------------------------Loopback Preferred infinite infinite ::1Link Preferred infinite infinite fe80::1

Local Area Connection is an interface that corresponds to an installed Ethernet adapter with a link-local

address of FE80::204:5AFF:FE56:FA4.

The IPv6 protocol for the Windows .NET Server 2003 family and Windows XP identifies an interface with

either a name or an interface index, which is a number assigned to an interface by the IPv6 protocol. In the

display of the netsh interface ipv6 show address command, the interface index is the number after

"Interface." For example, in the previous display, the interface index of the Local Area Connection interface

is 3.

Testing Connectivity Between Two Link-local Hosts

You can perform a simple ping (an exchange of ICMPv6 Echo Request and Echo Reply messages) with

IPv6 between two link-local hosts by completing the following steps:

1.Use the netsh interface ipv6 install command to install the IPv6 protocol on two host computers

(Host A and Host B) that are on the same link. For the Windows .NET Server 2003 family and for

Windows XP with SP1, you can also add the IPv6 protocol using Network Connections.

2.Use netsh interface ipv6 show address on Host A to obtain the link-local address and the interface

index for the interface named Local Area Connection.

For example, the link-local address of Host A is FE80::210:5AFF:FEAA:20A2 and the interface index of

the named Local Area Connection is 4.

3.Use netsh interface ipv6 show address on Host B to obtain the link-local address and the interface

index for the interface named Local Area Connection.

For example, the link-local address of Host B is FE80::260:97FF:FE02:6EA5 and the interface index for

the named Local Area Connection is 5.

4.From Host A, use Ping.exe to ping Host B using the interface index of Host A's Local Area

Connection interface.

For example, to ping Host B using our example addresses and interface index, the command is ping

fe80::260:97ff:fe02:6ea5%4.

Note: The use of lowercase alphabetic characters for IPv6 addresses and prefixes in Netsh and other commands in this document is

by convention only. You can use either upper or lower case.

Note: The ping command for the IPv6 protocol for Windows XP (prior to Service Pack 1) does not support IPv6 addresses. Use the


9/33



ping6 command instead.

Using the Zone ID

When you specify a link-local destination address, you must specify the zone ID to make the zone, the area

of the network, for the traffic specific. When you specify a site-local destination address, you might have to

specify the zone ID. Zone IDs are not needed for global addresses.

For example, on a computer with multiple Ethernet adapters that are connected to separate links, each

Ethernet adapter is assigned a link-local address. Destination link-local addresses in this configuration are

ambiguous because a specific link-local address can be assigned to multiple nodes located on the links that

are reachable from all of the installed Ethernet adapters. To define the area of the network for which the

destination is intended, the zone ID is used to select the link over which traffic is sent and received. In the

IPv6 protocol for the Windows .NET Server 2003 family and Windows XP, the zone ID for link -local

addresses is typically the interface index from the display of the netsh interface ipv6 show interface

command. The interface index is defined locally on each IPv6 host. Because of this, the interface index

used by Host A to reach Host B might not be the same as the interface index used by Host B to reach Host

A.

When using site-local addresses, it is possible to be connected to multiple sites. In this case, each site is

assigned a site identifier. To define the area of the network for which the destination is intended, the zone

ID is used to indicate the site identifier. For the IPv6 protocol for the Windows .NET Server 2003 family or

Windows XP, the zone ID is the "Zone ID for Site" from the display of the netsh interface ipv6 show

interface level=verbose command. If you are connected only to a single site, the default site identifier is 1

and the zone ID does not have to be specified. The site identifier is defined locally on each IPv6 host.

Because of this, the site identifier used by Host A to reach Host B might not be the same as the site

identifier used by Host B to reach Host A.

The notation that is used to specify the zone ID with an address is Address%ZoneID, in which Addressis a

link-local or site-local IPv6 address and ZoneIDis the zone ID, typically either an interface index or site

identifier.


10/33



Using IPSec Between Two Local Link Hosts

This configuration shows an example of how to create an Internet Protocol security (IPSec) security

association (SA) between two hosts on the same subnet. The SA performs data origin authentication by

using the Authentication Header (AH) and the Message Digest 5 (MD5) hashing algorithm. In this example,the configuration secures all traffic between two neighboring hosts. Host 1 has the link-local address of

FE80::2AA:FF:FE53:A92C, and Host 2 has the link-local address of FE80::2AA:FF:FE92:D0F1.

To create a SA between two hosts on the same subnet:

1.On Host 1, create blank security association (.sad) and security policy (.spd) files by using the ipsec6

s command. In this example, the Ipsec6.exe command is ipsec6 s test. This creates two files with

blank entries for manually configuring security associations (Test.sad) and security policies

(Test.spd).

2.On Host 1, edit the .spd file, adding a security policy that secures all traffic between Host 1 and Host 2.

Table 1 shows the security policy entry that is added to Test.spd before the first entry (the first entry in

Test.spd is not modified).

Table 1 Security Policy Entry for Host 1

.spd file field name Example value

Policy 2

RemoteIPAddr - FE80::2AA:FF:FE92:D0F1

LocalIPAddr - *

Protocol - *

RemotePort - *

LocalPort - *

IPSecProtocol AH

IPSecMode TRANSPORT

RemoteGWIPAddr *

SABundleIndex NONE

Direction BIDIRECT

Action APPLY

InterfaceIndex 0

Type a semicolon at the end of the entry configuring this security policy. Policy entries must be placed in

decreasing numerical order.

3.On Host 1, edit the .sad file, adding SA entries to secure all traffic between Host 1 and Host 2. Two

security associations must be created, one for traffic to Host 2 and one for traffic from Host 2.

Table 2 shows the first SA entry that is added to Test.sad (for traffic to Host 2).

Table 2 First Security Association Entry for Host 1

.sad file field name Example value


11/33



SAEntry 2

SPI 3001

SADestIPAddr FE80::2AA:FF:FE92:D0F1

DestIPAddr POLICY

SrcIPAddr POLICY

Protocol POLICY

DestPort POLICY

SrcPort POLICY

AuthAlg HMAC-MD5

KeyFile Test.key

Direction OUTBOUND

SecPolicyIndex 2

Type a semicolon at the end of the entry configuring this SA.

Table 3 shows the second SA entry that is added to Test.sad (for traffic from Host 2).

Table 3 Second Security Association Entry for Host 1


SAEntry 1

SPI 3000

SADestIPAddr FE80::2AA:FF:FE53:A92C

DestIPAddr POLICY

SrcIPAddr POLICY

Protocol POLICY

DestPort POLICY

SrcPort POLICY

AuthAlg HMAC-MD5

KeyFile Test.key

Direction INBOUND

SecPolicyIndex 2

Type a semicolon at the end of the entry configuring this SA. SA entries must be placed in decreasing

numerical order.

4.On Host 1, create a file that contains data used to create and validate the Message Digest 5 (MD5)

keyed hash on each IPSec-protected packet that is exchanged with Host 2. In this example, a text file is

used. Test.key is created with the contents "This is a test." with no extra characters, spaces, or lines.

The IPv6 protocol for the Windows .NET Server 2003 family and Windows XP supports only manually

configured keys for quick mode SAs (also known as IPSec or Phase II SAs), because main mode

negotiation through Internet Key Exchange (IKE) is not performed. Manual keys are configured by

creating files that contain either the text or binary data of the manual key. In this example, the same key


12/33



for the SAs is used in both directions. You can use different keys for inbound and outbound SAs by

creating different key files and referencing them with the KeyFile field in the .sad file.

5.On Host 2, use the ipsec6 scommand to create blank security association (.sad) and security policy

(.spd) files. In this example, the Ipsec6.exe command is ipsec6 s test. This creates two files with blank

entries for manually configuring security associations (Test.sad) and security policies (Test.spd).

To simplify the example, the same file names for the .sad and .spd files are used on Host 2. You can

choose to use different file names on each host.

6.On Host 2, edit the .spd file, adding a security policy that secures all traffic between Host 2 and Host 1.

Table 4 shows the security policy entry that is added to Test.spd before the first entry (the first entry in

Test.spd is not modified).

Table 4 Security Policy Entry for Host 2

.spd file field name Example value

Policy 2

RemoteIPAddr - FE80::2AA:FF:FE53:A92C

LocalIPAddr - *

Protocol - *

RemotePort - *

LocalPort - *

IPSecProtocol AH

IPSecMode TRANSPORT

RemoteGWIPAddr *

SABundleIndex NONE

Direction BIDIRECT

Action APPLY

InterfaceIndex 0

Type a semicolon at the end of the entry configuring this security policy. Policy entries must be placed in

decreasing numerical order.

7.On Host 2, edit the .sad file, adding SA entries to secure all traffic between Host 2 and Host 1. Two

security associations must be created: one for traffic to Host 1 and one for traffic from Host 1.

Table 5 shows the first SA entry that is added to Test.sad (for traffic to Host 1).


13/33



Table 5 First Security Association Entry for Host 2


SAEntry 2

SPI 3000

SADestIPAddr FE80::2AA:FF:FE53:A92C

DestIPAddr POLICY

SrcIPAddr POLICY

Protocol POLICY

DestPort POLICY

SrcPort POLICY

AuthAlg HMAC-MD5

KeyFile Test.key

Direction OUTBOUND

SecPolicyIndex 2

Type a semicolon at the end of the entry configuring this SA.

The following table shows the second SA entry that is added to Test.sad (for traffic from Host 1):

Table 6 Second Security Association Entry for Host 2


SAEntry 1

SPI 3001

SADestIPAddr FE80::2AA:FF:FE92:D0F1

DestIPAddr POLICY

SrcIPAddr POLICY

Protocol POLICY

DestPort POLICY

SrcPort POLICY

AuthAlg HMAC-MD5

KeyFile Test.key

Direction INBOUND

SecPolicyIndex 2

Type a semicolon at the end of the entry configuring this SA. SA entries must be placed in decreasing

numerical order.

8.On Host 2, create a text file that contains a text string that is used to authenticate the SAs created with

Host 1. In this example, Test.key is created with the contents "This is a test." with no extra characters,

spaces, or lines.

9.On Host 1, use the ipsec6 l command to add the configured security policies and SAs from the .spd and

.sad files. In this example, the ipsec6 l test command is run on Host 1.


14/33



10.On Host 2, use the ipsec6 l command to add the configured security policies and SAs from the .spd and

.sad files. In this example, the ipsec6 l test command is run on Host 2.

11.On Host 2, use the ping command to ping Host 1.

If you use Network Monitor to capture the traffic, you should see the exchange of ICMPv6 Echo Request

and Echo Reply messages, with an Authentication Header (AH) between the IPv6 header and theICMPv6 header.

To remove the IPSec settings for this example, type the following commands on both Host 1 and Host 2:

ipsec6 d sp 2

ipsec6 d sa 1

ipsec6 d sa 2


15/33



IPv6 Traffic Between Nodes on Different Subnets of an IPv6Internetwork

This configuration requires three computers (two hosts and one router computer) and additional router

configuration beyond the installation of the IPv6 protocol. There are two separate network segments (alsoknown as links or subnets) and an IPv6-capable router that forwards IPv6 packets between hosts on the

segments.

Figure 2 shows the configuration of two hosts on separate network segments that are connected by a

router.

Figure 2: Two hosts on separate network segments connected by a router

By default, the IPv6 protocol for the Windows .NET Server 2003 family and Windows XP configures link-

local IP addresses for each LAN interface that corresponds to Ethernet or FDDI network adapters. Link-

local addresses have the prefix of FE80::/64. The last 64 bits of the IPv6 address are the interface identifier,

as derived from the 48-bit MAC address of the network adapter. With link-local addresses, Host A and Host

B can communicate with the router computer, but not with each other.

In this configuration, the router advertises additional site-local prefixes. The site-local prefixes are used by

Host A and Host B to automatically configure site-local addresses that are derived from the 48-bit MAC

address of the network adapter. After Host A and Host B have site-local addresses, they can communicate

with each other.

On the router computer, type the netsh interface ipv6 show interface command to obtain the interface

names and index numbers of the two network adapters. Subnet 1 is the network segment to which Host A is

attached. Subnet 2 is the network segment to which Host B is attached.

After you have obtained the names and interface index numbers, type the following commands on the

router computer:

netsh interface ipv6 set interface Subnet1InterfaceNameOrIndexforwarding=enabledadvertise=enabled

netsh interface ipv6 set interface Subnet2InterfaceNameOrIndexforwarding=enabled

advertise=enabled

netsh interface ipv6 add route fec0:0:0:1::/64 Subnet1InterfaceNameOrIndexpublish=yes

netsh interface ipv6 add route fec0:0:0:2::/64 Subnet2InterfaceNameOrIndexpublish=yes


16/33



where:

Subnet1InterfaceNameOrIndexis either the name or interface index of the router computer's

network adapter that is attached to Subnet 1

Subnet2InterfaceNameOrIndexis either the name or interface index of the router computer's

network adapter that is attached to Subnet 2

For example, if the names of the interfaces attached to Subnet 1 and Subnet 2 are "Local Area Connection"

and "Local Area Connection 2" respectively, the commands are:

netsh interface ipv6 set interface "Local Area Connection"forwarding=enabled advertise=enabled

netsh interface ipv6 set interface "Local Area Connection 2"forwarding=enabled advertise=enabled

netsh interface ipv6 add route fec0:0:0:1::/64 "Local Area Connection" publish=yes

netsh interface ipv6 add route fec0:0:0:2::/64 "Local Area Connection 2" publish=yes

You should wait about 30 seconds for the router computer to advertise new site-local prefixes on Subnets 1

and 2, and for Hosts A and B to automatically configure site-local addresses based on these prefixes.

On Host A, type the netsh interface ipv6 show interface command to check for a new IPv6 address for

the Ethernet adapter that is based on the site-local prefix of FEC0:0:0:1::/64. On Host B, type the netsh

interface ipv6 show interface command to check for a new IPv6 address for the Ethernet adapter that is

based on the site-local prefix of FEC0:0:0:2::/64.

On Host A, use the ping command and the site-local address of Host B to ping Host B. For example, if the

Host B site-local address is FEC0::2:260:97FF:FE02:6EA5, the command is ping

fec0::2:260:97ff:fe02:6ea5.


17/33



IPv6 Traffic Across an IPv4 Intranet

The IPv6 protocol for the Windows .NET Server 2003 and Windows XP provides the following methods for

communicating between IPv6 nodes on different subnets of an IPv4 intranet:

Using Intra-site Automatic Tunnel Addressing Protocol (ISATAP) addresses

ISATAP allows IPv6/IPv4 hosts to exchange unicast IPv6 traffic over an IPv4 intranet. ISATAP is

enabled by default.

Using 6over4

6over4 allows IPv6/IPv4 hosts to exchange unicast and multicast IPv6 traffic over an IPv4 intranet.

However, 6over4 requires that the IPv4 intranet be multicast-capable. Because most IPv4 intranets are

not multicast-capable, 6over4 is rarely used. For more information, see RFC 2529. 6over4 is disabled

by default.

Note: Although IPv6 packets are being carried as the payload of an IPv4 packet (treating the IPv4 infrastructure as an IPv6 link

layer), it is still IPv6 traffic. Applications that use the addresses associated with these methods are using the same Windows Sockets

functions as if global IPv6 addresses and an IPv6 infrastructure were being used. You can use these methods to test IPv6

functionality for your applications without having to deploy IPv6-capable routers in your organization.

ISATAP is an address assignment and automatic tunneling technology that is used to provide unicast IPv6

connectivity between IPv6 hosts across an IPv4 intranet. ISATAP is described in the Internet draft titled

"Intra-Site Automatic Tunnel Addressing Protocol (ISATAP)" (draft -ietf-ngtrans-isatap-0x.txt). ISATAP

addresses use the locally administered interface ID ::0:5EFE: w.x.y.zwhere:

The 0:5EFE portion denotes an ISATAP interface ID.

The w.x.y.zportion is any unicast IPv4 address, which includes both public and private addresses.

The ISATAP interface ID can be combined with any 64-bit prefix that is valid for IPv6 unicast addresses.

This includes the link-local address prefix (FE80::/64), site-local prefixes, and global prefixes (including 6to4

prefixes).

ISATAP addresses contain an embedded IPv4 address that is used to determine either source or

destination IPv4 addresses within the IPv4 header when ISATAP-addressed IPv6 traffic is tunneled across

an IPv4 network.

By default, the IPv6 protocol for the Windows .NET Server 2003 family and Windows XP automatically

configures an ISATAP address of FE80::5EFE:w.x.y.zon the Automatic Tunneling Pseudo-Interface

(interface index 2) for each IPv4 address that is assigned to the node. This link-local ISATAP address

allows two hosts to communicate over an IPv4 network by using each other's link-local ISATAP address.

For an example, see the example output of the netsh interface ipv6 show address command in "Single

subnet with link-local addresses" in this article.

For example, Host A is configured with the IPv4 address of 10.40.1.29 and Host B is configured with the

IPv4 address of 192.168.41.30. When the IPv6 protocol for the Windows .NET Server 2003 family and

Windows XP is started, Host A is automatically configured with the ISATAP address of

FE80::5EFE:10.40.1.29 and Host B is automatically configured with the ISATAP address of


18/33



FE80::5EFE:192.168.41.30. When Host A sends IPv6 traffic to Host B by using Host B's ISATAP address,

the source and destination addresses for the IPv4 and IPv6 headers are listed in Table 7.

Table 7 Example ISATAP Addresses

Field Value

IPv6 Source Address FE80::5EFE:10.40.1.29

IPv6 Destination Address FE80::5EFE:192.168.41.30

IPv4 Source Address 10.40.1.29

IPv4 Destination Address 192.168.41.30

To test connectivity, use the ping command. For example, Host A would use the following command to ping

Host B by using its link-local ISATAP address:

ping fe80::5efe:192.168.41.30%2

Because the destination of the ping command is a link-local address, the % ZoneIDportion of the command

is used to specify the interface index of the link from which traffic is sent. In this case, %2 specifies link 2,

which is the link ID assigned to the Automatic Tunneling Pseudo-Interface on Host A.

Using an ISATAP Router

The use of link-local ISATAP addresses allows IPv6/IPv4 hosts on the same logical IPv6 subnet (an IPv4

network) to communicate with each other, but not with other IPv6 addresses on other subnets. To

communicate outside the logical IPv6 subnet using ISATAP-derived global addresses, IPv6 hosts using

ISATAP addresses must tunnel their packets to an ISATAP router.

An ISATAP router is an IPv6 router that performs the following:

Forwards packets between ISATAP hosts on a logical IPv6 subnet (an IPv4 intranet) and hosts on

other subnets.

The other subnets can be other IPv4 networks (such as another portion of an organization's IPv4

network or the IPv4 Internet) or subnets in a native IPv6 routing domain (such as an organization's IPv6

network or the IPv6 Internet).

Acts as a default router for ISATAP hosts.

Advertises address prefixes to identify the logical IPv6 subnet on which ISATAP hosts are located.

ISATAP hosts use the advertised address prefixes to configure site-local and global ISATAP

addresses.

When an ISATAP host receives a router advertisement from an ISATAP router that is acting as a default

router, a default route (::/0) is added using the Automatic Tunneling Pseudo-Interface and with next-hop

address set to the link-local ISATAP address that corresponds to the logical subnet interface of the ISATAP

router. When packets destined to locations outside the logical subnet are sent, they are tunneled to the IPv4

address of the ISATAP router corresponding to the ISATAP router's interface on the logical IPv6 subnet

defined by the IPv4 intranet containing the ISATAP router and ISATAP host. The ISATAP router then

forwards the IPv6 packet.

For the IPv6 protocol for the Windows .NET Server 2003 family and Windows XP with SP1, the

configuration of the intranet IPv4 address of the ISATAP router is obtained through either of the following:


19/33



The successful resolution of the name "ISATAP" to an IPv4 address.

The netsh interface ipv6 isatap set router command.

Note: The IPv6 protocol for Windows XP (prior to Service Pack 1) attempts to resolve the name "_ISATAP", rather than "ISATAP".

Resolving the ISATAP NameWhen the IPv6 protocol for the Windows .NET Server 2003 family and Windows XP with SP1 starts, it

attempts to resolve the name ISATAP to an IPv4 address using normal TCP/IP host and NetBIOS name

resolution techniques. If successful, the host sends an IPv4-encapsulated Router Solicitation message to

the ISATAP router. The ISATAP router responds with an IPv4-encapsulated unicast Router Advertisement

message advertising itself as a default router and containing prefixes to use for autoconfiguration of

ISATAP-based addresses.

To ensure that the resolution of ISATAP is successful, you can do one of the following:

If the ISATAP router is a computer running a member of the Windows .NET Server 2003 family or

Windows XP, name the computer ISATAP and it will automatically attempt to register the

appropriate records in DNS (provided DNS dynamic update is enabled on the DNS server of theISATAP router) and WINS.

Manually create an ISATAP address (A) record in the appropriate domain in DNS. For example, for

the example.com domain, create an A record for isatap.example.com.

Manually create a static WINS record in WINS for the NetBIOS name "ISATAP ".

Add the following entry to the Hosts file of the computers that need to resolve the name ISATAP:

IPv4Address ISATAP

Add the following entry to the Lmhosts file of the computers that need to resolve the name ISATAP:

IPv4Address ISATAP

Using the netsh interface ipv6 isatap set router Command

Although the automatic resolution of the ISATAP name is the recommended method for determining the

IPv4 address of the ISATAP router, you can perform manual configuration with the netsh interface ipv6

isatap set router command. The syntax of this command is:

netsh interface ipv6 isatap set routerRouterNameOrAddress

where RouterNameOrAddressis the name of the router that is resolved to the IPv4 address of the ISATAP

router's intranet interface or the IPv4 address of the ISATAP router's intranet interface. For example, if the

ISATAP router's IPv4 address is 192.168.39.1, the command is:

netsh interface ipv6 isatap set router 192.168.39.1

Once configured, the host sends an IPv4-encapsulated Router Solicitation message to the ISATAP router.

The ISATAP router responds with an IPv4-encapsulated unicast Router Advertisement message containing

prefixes to use for autoconfiguration of ISATAP-based addresses. This additional configuration is only

needed when there is no IPv6 router on the host's subnet.

Note: The IPv6 protocol for Windows XP (prior to Service Pack 1) does not support the netsh interface ipv6 isatap set router

command. Use the ipv6 rlu command instead.


20/33




21/33



IPv6 Traffic Across the IPv4 Internet

The IPv6 protocol for the Windows .NET Server 2003 and Windows XP provides the following methods for

communicating between IPv6 hosts or sites across the IPv4 Internet:

Using 6to4

6to4 allows IPv6/IPv4 hosts or IPv6 hosts within sites to exchange unicast IPv6 traffic over the IPv4

Internet. 6to4 is enabled by default.

Using IPv4-compatible addresses

IPv4-compatible addresses allow IPv6/IPv4 hosts to exchange unicast IPv6 traffic over the IPv4

Internet. However, IPv4-compatible addresses are rarely used and are disabled by default.

6to4 is an address assignment and automatic tunneling technology that is used to provide unicast IPv6

connectivity between IPv6 sites and hosts across the IPv4 Internet. When 6to4 is used, IPv6 traffic is

encapsulated with an IPv4 header before it is sent over the IPv4 Internet.

6to4 uses the global address prefix of 2002:WWXX:YYZZ::/48, where WWXX:YYZZis both the Next Level

Aggregator (NLA) portion of a global address and the colon-hexadecimal representation of a public IPv4

address (w.x.y.z) that is assigned to the site or host. The complete 6to4 address of a 6to4 host is

2002:WWXX:YYZZ:SLA_ID:Interface_ID.

RFC 3056 defines the following terms:

6to4 host

An IPv6 host that is configured with at least one 6to4 address.

6to4 router

An IPv6/IPv4 router that forwards 6to4-addressed traffic between the 6to4 hosts within a site and other6to4 routers or 6to4 relay routers on the Internet.

6to4 relay router

An IPv6/IPv4 router that forwards 6to4-addressed traffic between 6to4 routers on the Internet and hosts

on the IPv6 Internet.

When you use 6to4 hosts, an IPv6 routing infrastructure within 6to4 sites, a 6to4 router at site boundaries,

and a 6to4 relay router, the following types of communication are possible:

A 6to4 host can communicate with another 6to4 host within the same site.

This type of communication is available through the IPv6 routing infrastructure, which provides

reachability to all hosts within the site.

A 6to4 host can communicate with 6to4 hosts in other sites across the IPv4 Internet.

This type of communication occurs when a 6to4 host forwards IPv6 traffic that is destined to a 6to4 host

in another site to the local site 6to4 router. The local site 6to4 router encapsulates the IPv6 traffic with

an IPv4 header and sends it to the 6to4 router at the destination site on the Internet. The 6to4 router at


22/33



the destination site removes the IPv4 header and forwards the IPv6 packet to the appropriate 6to4 host

by using the IPv6 routing infrastructure of the destination site.

A 6to4 host can communicate with hosts on the IPv6 Internet.

This type of communication occurs when a 6to4 host forwards IPv6 traffic that is destined for a IPv6

Internet host to the local site 6to4 router. The local site 6to4 router encapsulates the IPv6 traffic with anIPv4 header and sends it to a 6to4 relay router that is connected to both the IPv4 Internet and the IPv6

Internet. The 6to4 relay router removes the IPv4 header and forwards the IPv6 packet to the

appropriate IPv6 Internet host by using the IPv6 routing infrastructure of the IPv6 Internet.

All of these types of communication use IPv6 traffic without the requirement of obtaining either a direct

connection to the IPv6 Internet or an IPv6 global address prefix from an Internet service provider (ISP).

Figure 3 shows how 6to4 is used to communicate between 6to4 hosts, 6to4 sites, and the IPv6 Internet.

Figure 3: Using 6to4 to communicate between 6to4 hosts, 6to4 sites, and the IPv6 Internet

Support for 6to4 hosts and routers is provided in the 6to4 component that is included with the IPv6 protocol

for the Windows .NET Server 2003 family and Windows XP. If an IPv6 router advertisement is not received

(either from a router on a local link or from an ISATAP router) and the computer has a public IPv4 address

assigned, the 6to4 component automatically performs the following:

Creates an interface that is named 6to4 Tunneling Pseudo-Interface and configures 6to4 addresses

on the interface for all public IPv4 addresses that are assigned to interfaces on the computer.

Creates a 2002::/16 route that forwards all 6to4 traffic with the 6to4 Tunneling Pseudo-Interface. Alltraffic forwarded by this host to 6to4 destinations is encapsulated with an IPv4 header.

Automatically determines the IPv4 address of a 6to4 relay router on the IPv4 Internet.

Through this automatic configuration, any host that is running the IPv6 protocol for the Windows .NET

Server 2003 family and Windows XP is automatically configured as a 6to4 host. A 6to4 host can perform its

own tunneling to reach 6to4 hosts in other sites or hosts on the IPv6 Internet.


23/33



If Internet Connection Sharing (ICS) is enabled on an interface that is assigned a public IPv4 address, the

6to4 components:

Enable routing on the private interface.

Send Router Advertisements that contain 6to4 address prefixes that are based on the public IPv4

address of the public interface. The SLA ID in the 6to4 address prefix is set to the interface index ofthe interface on which the advertisements are sent.

By enabling ICS, you can use a computer running the IPv6 protoc ol for the Windows .NET Server 2003

family and Windows XP as a 6to4 router, which is capable of both encapsulating and forwarding 6to4 traffic

to other 6to4 hosts or sites on the Internet, and forwarding IPv6 Internet traffic to a 6to4 relay router on the

Internet.

Figure 4 shows how Windows XP and the Windows .NET Server 2003 family supports 6to4.

Figure 4: 6to4 support in Windows XP and the Windows .NET Server 2003 family

Each site uses a computer running a member of the Windows .NET Server 2003 family or Windows XP with

ICS enabled on the public interface to create a 6to4 router. Alternately, an Internet gateway device (IGD)

the supports 6to4 can be used. Host computers running a member of the Windows .NET Server 2003 family

or Windows XP on the private network segments receive the router advertisement that is sent by their site's6to4 router and contains a 6to4 address prefix. As the result, two 6to4 hosts (6to4 host A and 6to4 host C)

can communicate or a 6to4 host can communicate with the IPv6 Internet (6to4 host A and IPv6 host D) by

using 6to4 addresses over the IPv4 Internet.

Host computers running a member of the Windows .NET Server 2003 family or Windows XP that are

directly connected to the Internet act as a 6to4 host and router and create their own 6to4 site (6to4

host/router E).


24/33



Setting up an IPv6 Test Lab

This section provides information about how you can use five computers to create a test lab to configure

and test the IPv6 protocol for the Windows .NET Server 2003 family and Windows XP. These instructions

are designed to walk you through a set of tasks, exposing you to the IPv6 protocol and its associatedfunctionality. Beyond the set of tasks, these instructions leave you with a functioning IPv6 configuration.

You can use this configuration to learn about and experiment with IPv6 features and functionality, and to aid

in developing applications for IPv6 or modifying existing IPv4 applications to work over both IPv4 and IPv6.

Setting Up the Infrastructure

The infrastructure for the IPv6 test lab network consists of five computers performing the following services:

A computer running a member of the Windows 2000 or Windows .NET Server 2003 families that is

used as a Domain Name System (DNS) server. This computer is named DNS1.

A computer running a member of the Windows .NET Server 2003 family or Windows XP that is

used as a client. This computer is named CLIENT1.


used as a router. This computer is named ROUTER1.


used as a router. This computer is named ROUTER2.


used as a client. This computer is named CLIENT2.

Figure 5 shows the configuration of the IPv6 test lab.

Figure 5: The configuration of the IPv6 test lab

There are three network segments:

A network segment known as Subnet 1 that uses the private IP network ID of 10.0.1.0/24 and site-

local subnet ID of FEC0:0:0:1::/64.



25/33






All computers on each subnet are connected to a separate common hub or Layer 2 switch. Both router

computers, ROUTER1 and ROUTER2, have two network adapters installed.

For the IPv4 configuration, each computer is manually configured with the appropriate IP address, subnet

mask, default gateway, and DNS server IP address. Dynamic Host Configuration Protocol (DHCP) and

Windows Internet Name Service (WINS) servers are not used. For the IPv6 configuration, link-local

addresses are used initially.

The following sections describe how each of the computers in the test lab is configured. To reconstruct this

test lab, please configure the computers in the order presented.

Note: The following instructions are for configuring an IPv6 test lab using a minimum number of computers. Individual computers are

needed to separate the services provided on the network and to clearly show the desired functionality. This configuration is neither

designed to reflect best practices nor is it designed to reflect a desired or recommended configuration for a production network. The

configuration, including addresses and all other configuration parameters, is designed only to work on a separate test lab network.

DNS1

DNS1 is a computer running a member of the Windows 2000 or Windows .NET Server 2003 families. It is

providing DNS Server services for the testlab.example.com DNS domain. To configure DNS1 for this

service, perform the following steps:

1.Install a member of the Windows 2000 or Windows .NET Server 2003 families as a stand-alone

server. Set the Administrator password.

2.After restarting, log on as Administrator.

3.Configure the TCP/IP protocol with the IP address of 10.0.1.2, the subnet mask of 255.255.255.0,

and the default gateway of 10.0.1.1.

4.Install the Domain Name System (DNS) Server service.

5.Create a forward lookup zone named "testlab.example.com" as a primary zone that allows dynamic

updates.

6.Install the IPv6 protocol using the netsh interface ipv6 install command.

Note: The domain name testlab.example.com is used here for example purposes only. You can use any domain name in your test

lab configuration.

CLIENT1

CLIENT1 is a computer that is being used as a client. To configure CLIENT1 as a client computer, perform

the following steps:

1.On CLIENT1, install a member of the Windows .NET Server 2003 family or Windows XP as a

workgroup computer. Set the Administrator password.




26/33



4.Configure the TCP/IP protocol with the IP address of 10.0.1.3, the subnet mask of 255.255.255.0, a

default gateway of 10.0.1.1, and the DNS server IP address of 10.0.1.2.

ROUTER1

ROUTER1 is a computer that is being used as a router between Subnet 1 and Subnet 2. To configure

ROUTER1 as a router, perform the following steps:1.On ROUTER1, install a member of the Windows .NET Server 2003 family or Windows XP as a




4.In Control Panel-Network Connections, rename the LAN connection connected to Subnet 1 to

"Subnet 1 Connection" and rename the LAN connection connected to Subnet 2 to "Subnet 2

Connection."

5.For Subnet 1 Connection, configure the TCP/IP protocol with the IP address of 10.0.1.1, the subnet

mask of 255.255.255.0, and the DNS server IP address of 10.0.1.2.


mask of 255.255.255.0, and a default gateway of 10.0.2.2.

7.Run the registry editor (Regedit.exe) and set HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\

Services\ Tcpip\Parameters\ IPEnableRouter to 1. Restart the computer.

This step enables IPv4 routing between Subnet 1 and Subnet 2.

ROUTER2

ROUTER2 is a computer that is being used as a router between Subnet 2 and Subnet 3. To configure

ROUTER2 as a router, perform the following steps:

1.On ROUTER2, install a member of the Windows .NET Server 2003 family or Windows XP as a




4.In Control Panel-Network Connections, rename the LAN connection connected to Subnet 2 to

"Subnet 2 Connection" and rename the LAN connection connected to Subnet 3 to "Subnet 3

Connection."


mask of 255.255.255.0, and a default gateway of 10.0.2.1.

6.For Subnet 3 Connection, configure the TCP/IP protocol with the IP address of 10.0.3.1, and the

subnet mask of 255.255.255.0.

7.Run the registry editor (Regedit.exe) and set HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\

Services\ Tcpip\Parameters\ IPEnableRouter to 1. Restart the computer.

This step enables IPv4 routing between Subnet 2 and Subnet 3.


27/33



CLIENT2

CLIENT2 is a computer that is being used as a client. To configure CLIENT2 as a client computer, perform


1.On CLIENT2, install a member of the Windows .NET Server 2003 family or Windows XP as a




4.Configure the TCP/IP protocol with the IP address of 10.0.3.2, the subnet mask of 255.255.255.0,

and a default gateway of 10.0.3.1.

5.Verify the integrity of the IPv4 routing infrastructure with the ping 10.0.1.3 command.

This step tests whether IPv4 packets can be forwarded between CLIENT2 on Subnet 3 and CLIENT1 on

Subnet 1.

IPv6 Test Lab Tasks

The following tasks are designed to take you through some common IPv6 tasks by using the test lab

infrastructure:

Link-local ping

Creating a static routing infrastructure

Using name resolution

Using temporary addresses

Link-local ping

To ping a node using link-local addresses and view the entries created in the neighbor and route caches,

complete the following steps:

1.On ROUTER1, type the netsh interface ipv6 show address command to obtain the link-local

address of the interface named Subnet 1 Connection.

2.On CLIENT1, type the netsh interface ipv6 show address command to obtain the link-local

address and interface index of the interface named Local Area Connection.

3.On CLIENT1, type the following command to ping the link-local address of ROUTER1's interface on

Subnet 1:

ping ROUTER1LinkLocalAddress%ZoneID

For example, if the link-local address of ROUTER1's interface on Subnet 1 is FE80::2AA:FF:FE9D:10C5,and the interface index for the Local Area Connection interface on CLIENT1 is 3, the command is:

ping fe80::2aa:ff:fe9d:10c5%3

4.On CLIENT1, type the following command:

netsh interface ipv6 show neighbors


28/33



Note the entry in the CLIENT1 neighbor cache for ROUTER1. You should see an entry for ROUTER1's

link-local address.


netsh interface ipv6 show destinationcache

Note the view the entry in the CLIENT1 destination cache for ROUTER1.


netsh interface ipv6 show routes

This command displays the entries in the CLIENT1 routing table.

Creating a static routing infrastructure

To configure a static routing infrastructure so that all test lab nodes are reachable using IPv6 traffic,

complete the following steps:

1.On ROUTER1, type the netsh interface ipv6 show address command to obtain the interface

indexes of the interfaces named Subnet 1 Connection and Subnet 2 Connection and their link-localaddresses.

2.On ROUTER2, type the netsh interface ipv6 show address command to obtain the interface

indexes of the interfaces named Subnet 2 Connection and Subnet 3 Connection and their link-local

addresses.

3.On ROUTER1, type the following commands:

netsh interface ipv6 set interface "Subnet 1 Connection" forwarding=enabled advertise=enabled


netsh interface ipv6 add route fec0:0:0:1::/64 "Subnet 1 Connection" publish=yes


netsh interface ipv6 add route ::/0 "Subnet 2 Connection" nexthop=ROUTER2AddressOnSubnet2

publish=yes

where ROUTER2AddressOnSubnet2is the link-local address assigned to ROUTER2's Subnet 2


For example, if ROUTER2's Subnet 2 Connection interface is FE80::2AA:FF:FE87:4D5C, the last

command is typed as follows:

netsh interface ipv6 add route ::/0 "Subnet 2 Connection" nexthop=fe80::2aa:ff:fe87:4d5c

publish=yes







29/33



netsh interface ipv6 add route ::/0 "Subnet 2 Connection" nexthop=ROUTER1AddressOnSubnet2

publish=yes

where ROUTER1AddressOnSubnet2is the link-local address assigned to ROUTER1's Subnet 2


For example, if the link-local address of the ROUTER1's Subnet 2 interface is FE80::2AA:FF:FE9A:203F,the last command should be typed as follows:

netsh interface ipv6 add route ::/0 "Subnet 2 Connection" nexthop=fe80::2aa:ff:fe9a:203f

publish=yes

5.On CLIENT1, type the netsh interface ipv6 show address command to view a new address on the

LAN interface that is based on the site-local prefix of FEC0:0:0:1::/64.

6.On CLIENT1, type the netsh interface ipv6 show routescommand to view new routes for

FEC0:0:0:1::/64, FEC0:0:0:2::/64, and ::/0.

7.On CLIENT2, type the netsh interface ipv6 show address command to view a new address on the

LAN interface that is based on the site-local prefix of FEC0:0:0:3::/64.

8.On CLIENT2, type the netsh interface ipv6 show routescommand to view new routes for

FEC0:0:0:2::/64, FEC0:0:0:3::/64, and ::/0.

9.On CLIENT1, type the following command to ping CLIENT2's site-local address:

ping CLIENT2SiteLocalAddress

On CLIENT1, type the following tracert command with the -d option to trace the route between CLIENT1

and CLIENT2:

tracert -d CLIENT2SiteLocalAddress

In the tracert display, you can view the site-local address of the Subnet 1 Connection for ROUTER1 and

the site-local address of the Subnet 2 Connection for ROUTER2.


netsh interface ipv6 show neighbors

to view the entries in the ROUTER1 neighbor cache for CLIENT1 and ROUTER2.

netsh interface ipv6 show destinationcache

to view the entries in the ROUTER1 destination cache for CLIENT1 and ROUTER2.

Note: The IPv6 protocol for the Windows .NET Server 2003 2003 family advertises directly attached off-link prefixes as specific

routes using the Route Information option in Router Advertisement messages. These specific routes become routes in the routing

table of the receiving host.

Note: The tracert command for the IPv6 protocol for Windows XP (prior to Service Pack 1) does not support IPv6 addresses. Use

the tracert6 command instead.

Using name resolution

To configure DNS and the local Hosts file to resolve names to IPv6 addresses, complete the following

steps:


30/33



1.On DNS1, use the DNS snap-in to view the A and AAAA records in the testlab.example.com forward

lookup zone that were dynamically registered by the computers in the test lab. Verify that an AAAA,

or quad A, record for CLIENT2 exists.

2.If an AAAA record for CLIENT2 does not exist, create a AAAA (quad-A) resource record for CLIENT2

with the DNS name client2.testlab.example.com for its site-local IPv6 address using the IPv6 Host

(AAAA) resource record type.

For example, if CLIENT2's site-local address is FEC0::3:260:8FF:FE52:F9D8, the AAAA resource record

is configured as follows:

Host: client2

IP version 6 host address: FEC0:0:0:3:260:8FF:FE52:F9D8


ping client2.testlab.example.com

The name client2.testlab.example.com is resolved to its site-local address by sending a DNS query to

DNS1.

4.On CLIENT2, create the following entry in the Hosts file (located in the

SystemRoot\System32\Drivers\Etc folder):

client1 Client1SiteLocalAddress

For example, if CLIENT1's site-local address is FEC0::1:260:8FF:FE2A:15F2, the entry in the Hosts file

is:

client1 fec0::1:260:8ff:fe2a:15f2


ping client1

The name client1 is resolved to its site-local address by using the local Hosts file.

Using temporary addresses

To use temporary addresses (also known as anonymous addresses) for global address prefixes, complete


1.On ROUTER1, type the following command:

netsh interface ipv6 add route 3ffe:ffff:0:1::/64 "Subnet 1 Connection" publish=yes

2.If CLIENT1 is running a member of the Windows .NET Server 2003 2003 family, type the netsh

interface ipv6 set privacy state=enabled command to enable temporary addresses.

3.On CLIENT1, type the netsh interface ipv6 show address command to view new addresses on the

interface named Local Area Connection that is based on the global prefix of 3FFE:FFFF:0:1::/64.

There should be two addresses that are based on the 3FFE:FFFF:0:1::/64 prefix. One address uses an

interface identifier that is based on the EUI-64 address of the interface. The other address is a temporary

address for which the interface identifier is randomly derived.

4.On ROUTER1, type the following command:


31/33



netsh interface ipv6 delete route 3ffe:ffff:0:1::/64 "Subnet 1 Connection"

This removes the global prefix from the ROUTER1 routing table and prevents ROUTER1 from

advertising it on its interfaces.


32/33



Summary

The configurations described in this article include using a single subnet with link-local addresses, using

IPSec between two local link hosts, sending IPv6 traffic between nodes on different subnets of an IPv6

internetwork, sending IPv6 traffic across an IPv4 intranet with ISATAP, and sending IPv6 traffic across theIPv4 Internet using 6to4. Additionally, this article included instructions on how to use five computers to

create a working IPv6 test lab network.


33/33


Related Links

For more information on Microsoft's support for IPv6, check out our Web site a

http://www.microsoft.com/ipv6 .

For the latest information about Windows .NET Server 2003, see the Windows .NET Server 2003 Web siteat http://www.microsoft.com/windows.netserver.

ipv6configs

Documents