Fixing Windows 7 IPv6 Headaches

Summary:Windows 7 does a decent, but not perfect job, of supporting IPv6. Here's how to get it to do better.

The Internet's IPv4 dashboard gas gauge is blinking empty at only 5% left in the tank, isn't it nice that Windows 7 supports IPv6? Well, sort of, supports it.

Actually, Windows 7 does a decent job of supporting IPv6. It certainly does much better than the ones that came before, but it still has some quirks.

The one that springs to my mind first is that Windows Server 2008 and Windows 7 both still use random interface identifiers when creating its IPv6 addresses. While Windows 7 is now certified as being IPv6 Ready, it's not quite on target by default.

That's not how IPv6 addressing should work. Instead, an IPv6 device should auto-configure its address with the Neighbor Discovery Protocol (NDP) to determine its network and interface identifier and to form the computer's 128-bit IPv6 address. IPv6 addresses assignments are spelled out in these Internet Engineering Task Force (IETF) documents:

Microsoft mixed up how the interface identifier should be created even though Microsoft engineers helped write RFC 4941. Oh well. Still, you can force Windows 7 to use the correct method by issuing the following command from a DOS prompt:

netsh interface ipv6 set global randomizeidentifiers=disabled

I recommend that you put this in batch or login file to run this as an automated command on all your new Windows 7 installations. Doing so avoids any possible IPv6 network problems with other Windows 7 systems and with IPv6 address-compliant networking equipment such as Cisco Catalyst Switches.

It would also be nice if Windows 7 supported SEcure Neighbor Discovery (SEND) (RFC 3971 http://www.faqs.org/rfcs/rfc3971.html). SEND is the more secure version of NDP. You can use it to verify that the devices on are valid on your LAN.

Unfortunately, while again Microsoft helped write this specification, its software engineers haven't implemented it. Some major network vendors, such as Cisco and Juniper, already support it. I hope that Microsoft will add it into Windows, along with the correct addressing scheme, in the next Service Patch (SP) for all its operating systems. After all, the sooner we iron out any potential implementation problems and security worries with IPv6 the better.

Topics: Software, Microsoft, Networking, Operating Systems, Telcos, Windows

About

Steven J. Vaughan-Nichols, aka sjvn, has been writing about technology and the business of technology since CP/M-80 was the cutting edge, PC operating system; 300bps was a fast Internet connection; WordStar was the state of the art word processor; and we liked it.His work has been published in everything from highly technical publications... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.