8-3. IPv6 Network Settings
Almost all the modern computer operating systems being used today are IPv6 capable. On most operating systems, the IPv6 configuration settings can be found at the same location where the TCP/IP settings for IPv4 reside. This is provided in the Local Area Connections Properties window for both Windows XP and Windows 7. The Local Area Connections Properties window for Windows XP is provided in Figure 8-4. The Local Area Connections Properties window for Windows 7 is provided in Figure 8-5.
Figure 8-4. The Local Area Connections Properties window for Windows XP
Figure 8-5. The Local Area Connections Properties window for Windows 7
There is an option available to obtain the IPv6 configuration automatically as well as an option for manual configuration. This option is available in the Internet Protocol Version 6 (TCP/IPv6) Properties window, as shown in Figure 8-6. This same feature is available with IPv4. However, Windows XP is one of the exceptions where there is no manual configuration mode for assigning the IPv6 address. The majority of the operating systems enable IPv6 with the automatic configuration mode by default. The following is a summary of the configuration options provided in the TCP/IPv6 Properties window:
- Obtain an IPv6 address automatically: In this option, the IPv6 address is automatically configured for this network connection.
- Use the following IPv6 address: Specifies the IPv6 address and default gateway are manually configured:
- IPv6 address: This space is used to type in an IPv6 unicast address.
- Subnet prefix length: This space is used to specify the subnet prefix length for the IPv6 address. For unicast addresses, the default value is 64.
- Default gateway: This space is used to enter the IPv6 address for the default gateway.
- Obtain DNS server address automatically: This selection indicates the IPv6 addresses for the DNS servers are automatically configured.
- Use the following DNS server addresses: This space is used to specify IPv6 addresses of the preferred and alternate DNS servers for this network connection:
- Preferred DNS server: This space is used to input the IPv6 unicast address for the preferred DNS server.
- Alternate DNS server: This space is used to enter the IPv6 unicast address of the alternate DNS server.
Figure 8-6. Internet Protocol Version 6 (TCP/IPv6) Properties window for Windows 7
IPv6 configuration settings are also available for the Mac OS X operating system in the TCP/IP window, as shown in Figure 8-7. The user has the option to configure the IPv6 address automatically or manually. The option for automatically configuring the IPv6 address is selected in Figure 8-7.
Figure 8-7. Mac OS X IPv6 configuration
In typical places, such as homes and businesses, IPv6 is not yet enabled on the network environment. So, what would happen to all the machines with IPv6 enabled in the automatic configuration mode? The answer is what is called the IPv6 stateless autoconfiguration. This feature enables IPv6-enabled devices that are attached to the IPv6 network to connect to the network without requiring support of an IPv6 DHCP server.
This means that, even though an IPv6 DHCP server and an IPv6 enabled router are not involved, any IPv6 machine can self-configure its own link-local address. The term link-local address indicates the IP address is self-configured. This means that any IPv6 host should be able to communicate with other IPv6 hosts on its local link or network. The interface identifier of the link-local address is derived by transforming the 48 bits of the EUI-48 MAC address to 64 bits for EUI-64. This EUI-48 to EUI-64 transform algorithm is also used to derive the interface identifier for the global unicast address. Example 8-2 demonstrates how to convert an EUI-48 MAC address of 000C291CF2F7 to a modified EUI-64 format.
To complete the autoconfiguration IPv6 address, the subnet prefix of FE80::/64 is then prepended to the interface identifier resulting in a 128-bit link-local address. To ensure that there is no duplicate address on the same link, the machine sends a Neighbor Solicitation message out on the link. The purpose of this solicitation is to discover the link-layer address of another IPv6 node or to confirm a previously determined link-layer address. If there is no response to the message, it assumes that the address is unique and therefore assigns the link-local address to its interface. The process of detecting another machine with the same IPv6 address is called Duplicate Address Detection (DAD). Figures 8-8, 8-9, and 8-10 show the local-link addresses from different operating systems. Look for the FE80:: prefix in each figure.
Figure 8-8. Windows XP—ipconfig result with a link-local address
Figure 8-9. Windows 7—ipconfig result with a link-local address
Figure 8-10. Mac OS X—ifconfig result with a link-local address
The derivation of the IPv6 interface identifier from the MAC address generates some concerns regarding privacy issues. The concern is that the MAC address can be tracked throughout the Internet. A MAC address always attaches to the device v, and the interface identifier does not change no matter where it is physically located. The danger of this is that the movement or location of the device can be traced using the MAC address. To remedy these concerns, the IETF created RFC 4941 “Privacy Extensions for Stateless Address Autoconfiguration in IPv6.” This RFC allows the generation of a random identifier with a limited lifetime to replace the machine’s MAC address. An address like this will be difficult to trace because it regularly changes. Figure 8-9 shows the link-local address of a Windows 7 machine, which has been randomly generated. Therefore, this IPv6 address does not appear to be anything resembling its MAC address. The link-local address shown in Figure 8-9 is
where %11 is the interface index or scope ID designated by Windows 7. IPv6 enables a socket application to specify an interface to use for sending data by specifying an interface index. It is possible for a computer to have more than one network interface card (NIC) and as a result to have multiple link-local addresses. Additionally, each link-local address can have a different scope. The purpose of the scope ID is to indicate which address it is used for.
The MAC or physical address is 000C2902E57E.