Get your Windows networks IPv6-ready -- while you still can

IPv4 finally has to yield way to its predecessor IPv6; here's what Windows admins need to know

The day has finally arrived -- IPv4 addresses have run out. When the Internet Assigned Numbers Authority (IANA) started handing out IP addresses, they had about 4.3 billion to disperse. Sounds like a lot, right? But when you consider there are 7 billion humans on the planet, with people in developed nations needing two or more devices with an address each, you can see how this number might become depleted.
Of course, IANA anticipated this depletion and created a new flavor of IP (version 6, or iPv6) in 1995 that will allow for trillions upon trillions of addresses, thanks to its 128-bit address length (versus IPv4's 32-bit length). And IPv6 is more than just an address expansion upgrade: It includes built-in IPSec security and easier management through autoconfiguration of devices. But now that IPv4 addresses are depleted, what's a Windows network administrators to do?


Most Windows PCs and servers are IPv6-enabledThe good news is that Microsoft and others started working on implementing IPv6 quite some time ago. In 1998, Microsoft released its first trial IPv6 protocol stack for Windows 95 and 98, though its capabilities were limited. Windows 2000 saw an IPv6 Technology Preview program that was also limited in capability and is no longer supported.
Windows XP had an optional IPv6 stack, but it wasn't until Windows XP SP1 that Microsoft released a production-quality IPv6 version. XP SP2's Advanced Networking Pack added simultaneous firewall support for IPv4 and IPv6, so PCs using both protocols were protected via the same firewall. Windows Server 2003 SP1 has the same pack.
As most organizations use XP SP1 or later, they have IPv6-compatible client computers already deployed. Those with Windows Server 2003 SP1 or later have IPv6-compatible servers deployed as well. Organizations using Windows Vista or Windows 7, paired with Windows Server 2008 or later, benefit from a unified dual-layer stack. Additionally, both IPv4 and IPv6 are installed and enabled by default, and the combination of IPv6 being used on both the client and the server sides will boost networking performance and security. (Mac OS X and Linux have similarly been IPv6-enabled for about as long.)

Windows 7's IPv6 network settings.

Enabling all the pieces for IPv6If your clients use DHCP, your IPv6-enabled clients should have no trouble working with IPv6-enabled DHCP servers (running DHCPv6), assuming thery're all on IPv6-compatible OSes and have IPv6 turned on. However, you need to make sure your routers are ready for IPv6 and can play nice with it. That means you and your users may need to upgrade your networking hardware at home or in the office.
Of course, IPv4 isn't going away, even if there are no new IPv4 addresses to issue. Some hardware, including certain mobile clients, may not support IPv6, and you may not want to mess with reconfiguring users' home systems. That's why the major OSes and networking hardware support both protocols and can run them simultaneously. Note, though, that IPv4 and IPv6 are not compatible: IPv6 may work on the same wire as IPv4, but they don't talk to each other. Thus, expect to manage two sets of IP addresses for the foreseeable future, and don't be surprised to see implications for your security and access control settings.
You'll still use NAT (network address translation) to handle IP address mapping within your network for IPv4 addresses, but over time, as you move to IPv6, you'll find NAT is no longer needed as every device can have its own IPv6 address, which could change how you think about your network's logical topology and routing. If you haven't explored IPv6 yet, now is definitely the time.
Remember: Some organizations have already been through a similar transition. The Network Control Protocol (NCP) was the first Internet protocol, and it IPv4 ran concurrently with IPv4 until Jan. 1, 1983. Sure, that transition occurred on a much smaller scale -- the movie "War Games" wouldn't be released until June 1983, and the number of network devices in those early days of the PC was a tiny fraction of what it is today -- but the handoff ran fairly smoothly.
World IPv6 Day, scheduled for June 8, 2011, and sponsored by the Internet Society, will help you test and prepare, as Facebook, Google, Yahoo, and others will enable IPv6 so that people can test their IPv6 readiness in the real world. Check it out.