What You Need to Know About IPv6 in Order to Pass a Microsoft Exam, Part 2
Like this article? We recommend
Like this article? We recommend
Like this article? We recommend
In Part One of this article, we covered the specific technical elements of IPv6, such as how an IPv6 address looks, how it can be abbreviated, how it communicates and how it is different from IPv4. This is the important—although not always the most fun to learn—information that you need at the foundation of your Microsoft studies for IPv6. In part two we are going to cover the specific IPv6 influences within a Microsoft environment.
Throughout the networking series, IPv6 appears, from the client exams through to the most advanced Microsoft infrastructure accreditations. It is important to not only understand how IPv6 works, as we discussed in the previous article, but also how you configure and deploy IPv6 on a live network. As time goes on and IPv4 addresses begin to disappear, Microsoft will only continue to step up the need for IPv6 knowledge within their exam topics, so it’s better to come to grips with it now and stay ahead of the game.
Networking in general
When Windows Vista first became available, one of the first changes users noticed was the introduction of IPv6 into the properties of a network card. Although support for IPv6 had been around since Windows 2000, this was the first time you could actually configure it on a PC or server. Within the Microsoft client exams IPv6 is now covered as a key topic as early as the MCTS exams. Although at this level the required IPv6 knowledge is fairly limited, it is important to know where the IPv6 TCP/IP properties is and how its configured.
The first thing to notice when you open the IPv6 properties is that it is fairly similar to the IPv4 layout. You can select to obtain an IPv6 address by DHCP (more on that later), and you have the same number of boxes to fill in too. However, what goes in the boxes is very different; first, you enter your IPv6 address which can be abbreviated according to the notation rules (outlined in part one). Second, instead of the subnet mask entry, you enter the prefix length; this is always 64 bits, and the default gateway still means the IP of your router. The DNS entries would also be based the same as on an IPv4 client and so if you were on a Windows domain this would be the IPv6 address of your DNS server(s).
A new DHCP
When it comes to DHCP (Dynamic Host Configuration Protocol), the changes are much more noticeable, to the point where a new version of DHCP has been created—DHCPv6. Although the concept is the same, DHCPv6 is no longer based on the older BOOTP version used in IPv4. The ports used in DHCPv6 are different from the existing 168/169, but they are still UDP. It is important that for your Microsoft-based infrastructure exams you understand how the two versions are different. If you are familiar with the original DHCPv4 console then make sure you become just as familiar with the DHCPv6 console as well.
With DHCPv6 there are two methods of configuration, stateless and stateful, as explained below:
- Stateless—This is where the DHCP clients have been configured with a DHCP address already, either manually or from another DHCP such as a router. They inform the DHCP server that they are configured and don’t need an address. The client communicates this to the server using a DHCPINFORM message.
- Stateful—The stateful method is more similar to the traditional DHCP in that it assigns IPv6 addresses to clients who are set to auto configuration and request an IP address. The DORA process used in IPv4 (Discover, Offer, Reply, Acknowledge) has changed, however, and now follows the slightly less catchy name of SARR (Solicit, Advertise, Request, Reply). This is the same process; it’s just another way for Microsoft to confuse us and make us remember something extra for their exams!
This is really the most you will need to know about DHCPv6 for the current Windows server 2008 examination track. However, as time goes on and DHCPv6 develops further, Microsoft will expect you to know more.
DNS Server
As mentioned earlier, support for IPv6 existed long ago in Windows Server 2000, where the DNS service first allowed for the processing of IPv6 requests. However, it is only since Windows server 2008 that the more configurable options are available. The DNS console is one particular area where new and odd looking records have appeared alongside the traditional ones. However, their purpose is the same, and for the exam, you should familiarize yourself with these changes so you know what they are and what their purpose is.
The most noticeable addition is the AAAA record (also called quad A, as an IPv6 address is four times larger than a traditional A record); this performs the same function as the A record in resolving the hostname to the IP address. The PTR records are also still used; however, the PTR INT record is being phased out in favor of the PTR ARPA addresses as there is an issue with the INT address, which in short increases the workload when performing IPv6 DNS devolution. The main point to note for the exam is the records themselves and what they do.
As you navigate through the DNS server properties, you can see where the IPv6 additions come in, such as the listening interface IP.
Security and IPSEC
In the same vein as DHCP there is a new version of IPSEC to handle the IPv6 traffic, this is originally entitled IPSEC6. Although this is only really configurable at the command line using the IPSEC6 command line tool (more mentioned later), this allows IPv6 clients to create security associations securely. One of the main features of IPv6 is the fact that NAT-ting is going to become a thing of the past and that segregation of private and public WAN’s will become much more blurred. Although the security of IPv6 isn’t a big topic at the moment, it is good to consider the security requirements of IPv6 and what is needed to ensure you can still transmit data safely over a Microsoft network.
Command line tools
You are probably getting the idea now that when it comes to the actual configuration and management of IPv6, there isn’t a massive difference in the tools used. The same applies to the command line utilities that you can use as well:
- Netsh—more specifically the show interface IPv6 switch, which allows you to configure the IPv6 interface. This is a powerful tool, and it is unlikely that you will come across the need to use it in an exam simulation. However, knowing that it can be used the same as the IPv4 version is helpful for troubleshooting purposes.
- IPconfig /displaydns—This is a useful tool and another familiar friend of the IPv4 family; it supplies the same way in IPv6, and it allows you to view the IPv6 records that have registered on the PC.
- IPSEC6—More specifically, the sa command, which allows you to view the security associations and the sp for security policies that are active on that specific interface. If you are questioned on the use of IPSEC on IPv6, just make sure that you know a separate version is used to establish secure IPv6 to IPv6 connections.
As IPv6 is a networking protocol, there aren’t many areas within a Windows infrastructure that it doesn’t affect. At the moment, the issues that are caused in mixed IPv4 and IPv6 environments are not common Microsoft questions, but they are very likely to become so as time goes on. This means that all network-based infrastructure server tools will be affected as the transition takes place. It would be a good idea for your studies to implement a lab environment, convert it IPv6, and get some hands on practice of running it alongside IPv4 and using the Windows infrastructure tools that manage it.
As IPv6 begins to more of a reality in day-to-day networking, it will increase in its appearance within Microsoft examinations; thus, it is worth knowing. The configuration elements of IPv6 are quite straightforward, especially if you get hands-on practice in a live or lab environment. However, there may be many more questions to answer on the issues Microsoft infrastructure roles have with IPv6, such as clustering with Windows server 2008 R2 and that fact that Threat Management Gateway (TMG) 2010 doesn’t process IPv6 traffic at all.
When approaching IPv6 in your Microsoft exams, always keep it in the back of your mind and don’t just see it as a big string of numbers that you can worry about later. Start learning about the differences between IPv4 and IPv6 and how, within a Microsoft infrastructure, it is configured now so that that as the technology develops you can too.