IPv6 and IIS 6.0
Internet Information Services (IIS) 6.0 provides Internet services to clients connecting over the
next generation of Internet Protocol (IP) — known as IP version 6 (IPv6). When you use IPv6
with IIS on a server running the Microsoft? Windows? Server 2003 operating system, your sites
can respond to both IPv6 requests and Internet Protocol version 4 (IPv4) requests. Although
current demand for IPv6 is limited, the adoption of new Internet-connected devices, such as
phones and handheld computers, is expected to quickly exhaust the remaining IPv4 address space
and speed the transition to IPv6.
In This Appendix
Summary of Protocol Changes from IPv4 to IPv6 ........................................................ 1
Comparing IPv4 and IPv6 Addresses ............................................................................ 3
How IIS 6.0 Supports IPv6 ............................................................................................. 8
Securing IPv6 Networks .............................................................................................. 12
Installing or Removing IPv6 ........................................................................................ 14
Additional Resources ................................................................................................... 15
; For more information about IIS 6.0 architecture, including HTTP.sys, see “IIS 6.0
Architecture” in this book.
Summary of Protocol Changes from IPv4 to IPv6
In response to concern about the finite number of IPv4 addresses, the Internet Engineering Task
Force (IETF) developed a suite of protocols and standards known as Internet Protocol version 6
(IPv6). IPv6 was designed to replace IPv4, which is more than 20 years old. Because IPv6 is
expected to become increasingly important as the Internet continues to grow, IPv6 functionality
is included in the Microsoft? Windows? XP and the Microsoft? Windows? Server 2003,
2 Appendix G IPv6 and IIS 6.0
Standard Edition; Windows? Server 2003, Enterprise Edition; Windows? Server 2003,
Datacenter Edition; and Windows? Server 2003, Web Edition operating systems.
The Internet Protocol (IP) is the network-layer protocol used by TCP/IP for addressing and routing packets of data between hosts. The current version of the IP, IPv4, has remained primarily unchanged since RFC 791 was published in 1981. IPv4 is robust, easily implemented, and interoperable, and it scales well. However, continued dramatic growth of the Internet is pushing the limits of IPv4 design. Concerns with IPv4 include the scarcity of public IPv4 addresses for use on the Internet, the size and complexity of its backbone routing tables, and the need for simpler, more automatic configuration.
IPv6, previously named IP Next Generation (IPng), was developed primarily to allow for larger (128-bit) IP addresses. Additional enhancements include the following:
; A more efficient routing infrastructure that allows backbone routers to maintain much
smaller routing tables.
; A new header format that reduces header overhead and provides more efficient processing at
; A simplified host configuration that uses both stateful and stateless address configuration. ; Built-in security provided by Internet Protocol security (IPSec). (In IPv4, IPSec is optional.) ; Better support for Quality of Service (QoS), which is the set of methods or processes that a
service-based organization uses to maintain a specific level of quality.
; A way to efficiently manage the interaction of neighboring nodes by using multicast and
; Extension headers for adding new features to IPv6.
Table G.1 lists pertinent IPv6 RFCs and serves as a useful reference to the source documents. Table G.1 Summary of Useful Source Documents for Migrating from IPv4 to IPv6 Version Date RFC RFC Title
IPv4 September, 1981 RFC 791 “Internet Protocol”
January, 1995 RFC 1752 “The Recommendation for the IP Next Generation
(Standards track for IPv6 General RFCs)
1December, 1995 RFC 1883 “Internet Protocol, Version 6 (IPv6) Specification” IPv6
(Proposed standard — made obsolete by RFC 2460)
December, 1995 RFC 1886 “DNS Extensions to support IP version 6”
(IPv6 applications RFCs)
错误？使用“开始”选项卡将 Heading 1,First Level Topic,h1 应用于要在此处显示的文字。 3
July, 1998 RFC 2373 “IP Version 6 Addressing Architecture”
2RFC 3513 “Internet Protocol Version 6 (IPv6) Addressing
(Standards track for IPv6 addressing RFCs)
December, 1998 RFC 2460 “Internet Protocol, Version 6 (IPv6) Specification”
(Standards track for the Network Layer RFCs and Internet
1 IPv5 was an experimental non-IP real-time stream protocol called ST, which was never widely used. 2 RFC 3513 supercedes RFC 2373; however Windows Server 2003 does not implement its changes with regard to site-local addresses.
In RFC 2460, “Internet Protocol, Version 6 (IPv6) Specification,” IPv6 is described as a
connectionless, unreliable datagram protocol that is used primarily for addressing packets and routing them between hosts. Connectionless means that a session is not established before data
exchange begins. Unreliable means that delivery is not guaranteed. IPv6, like IPv4, always makes a best-effort attempt to deliver a packet, but an IPv6 packet might be lost, delivered out of sequence, duplicated, or delayed. IPv6 itself does not attempt to recover from these types of errors; the acknowledgment of packet delivery and the recovery of lost packets is done by a higher-layer protocol, such as TCP. TCP performs reliably over both IPv4 and IPv6. For more information about the design changes needed by IPv4 to accommodate the increasing demands of network traffic, see “Introduction to IPv6” in Help and Support Center for Windows
Server 2003. For more information about IPv6, see “IPv6 features” in Help and Support Center for Windows Server 2003.
For more information about RFCs, see the Request For Comments (RFC) link on the Web
Resources page at www.microsoft.com/windows/reskits/webresources.
Comparing IPv4 and IPv6 Addresses The size of an IPv6 address is 128 bits, which is four times larger than an IPv4 address. In theory, the 32-bit address space that IPv4 uses provides 4,294,967,296 possible addresses; however, previous and current allocation practices limit the number of public IPv4 addresses to a few 38hundred million. By contrast, the 128-bit address space that IPv6 uses provides 3.4 × 10
The size of the IPv6 address allows for subdividing the address into a hierarchical routing structure that reflects the current topology of the Internet. This structure provides great flexibility for hierarchical addressing and routing, which the IPv4-based Internet lacks.
Comparing Address Formats
IPv4 addresses are represented in a dotted-decimal format, in which the 32-bit address is divided
into four 8-bit sections. Each set of 8 bits is converted into its decimal equivalent and is separated
4 Appendix G IPv6 and IIS 6.0
from adjacent 8-bit decimal equivalents by periods. The following is an example of an IPv4 address:
In IPv6, the 128-bit address is divided into eight 16-bit blocks, each of which is converted to a 4-digit hexadecimal number that is separated from adjacent blocks by colons. The resulting representation is called colon-hexadecimal format.
The following is an IPv6 address in binary form:
First, the 128-bit address is divided into eight 16-bit blocks, as follows:
0010000111011010 0000000011010011 0000000000000000 0010111100111011
0000001010101010 0000000011111111 1111111000101000 1001110001011010
Then, each of the eight 16-bit blocks is converted to hexadecimal and delimited with colons. The result is the following:
An IPv6 address can be further simplified by removing the leading zeros within each 16-bit block. However, each block must have at least a single digit. With leading zero suppression, the address used in this example becomes the following:
Compressing Zeros in IPv6 Addresses to the Double-Colon Format
IPv6 addressing conventions also allow you to simplify an address that contains long sequences of zeros. If an address contains consecutive groups of 16-bit blocks that are set to 0 in the colon-hexadecimal format, you can compress the consecutive blocks to :: (known as double-colon) to simplify the address. To avoid ambiguity, use zero compression only once within any one address. Otherwise, you cannot determine the number of 0 bits represented by each instance of a double-colon (::).
Table G.2 provides two examples of IP addresses and shows how zero compression changes each address.
Table G.2 Effect of Zero Compression on Sample IP Addresses
Address Before Zero Compression Address After Zero Compression
To determine how many 0 bits are represented by the double-colon in a compressed address, count the number of blocks in the address, subtract this number from 8, and then multiply the
错误？使用“开始”选项卡将 Heading 1,First Level Topic,h1 应用于要在此处显示的文字。 5
result by 16. For example, the address FF02::2 contains two blocks (the FF02 block and the 2 block). Therefore, the number of bits expressed by the double-colon is 96 (96 = (8 - 2) × 16).
IPv4 implementations commonly use a dotted-decimal representation of the network prefix length, which is called the subnet mask. IPv6 does not use subnet masks; it supports only prefix length notation.
The prefix is the part of an IP address where the bits have fixed values or are the bits of a route or subnet identifier. Prefixes for IPv6 routes and subnet identifiers are expressed in the same way as classless inter-domain routing (CIDR) notation is expressed for IPv4, that is, address/prefix
length. The prefix length specifies the number of left-most bits that make up the subnet prefix. For example, an IPv6 prefix can be represented as follows:
In this example, the first 64 bits of the global unicast address are the prefix, and the remaining 64 bits (128 - 64 = 64) are the interface ID.
For more information about the architecture of IPv6 addresses, see RFC 2373, “IP Version 6
Comparing Address Types
If you install IPv6 on a computer that is not connected to a network in which an IPv6 router is present, the computer automatically configures a link-local IPv6 address, which is a type of address that allows you to communicate with computers on your subnet. If you connect your computer to a subnet in which an IPv6 router is present, the router assigns your computer an IPv6 global or site-local address. The site-local address allows your computer to communicate within
your intranet. The global address allows your computer to communicate with computers on the
The left-most bits of an IP address are called the format prefix (FP), which indicates the specific
type of IPv6 address. IPv6 accommodates many address types, including the following: ; Unicast addresses. Provide point-to-point, directed communication between two hosts on a
; Multicast addresses. Provide a method for sending a single IP packet to multiple hosts in a
group. A multicast address is used for one-to-many communication.
; Anycast addresses. Provide a method of delivering a packet to the nearest member of a
group. Currently, anycast addresses are used only as destination addresses and are assigned
only to routers. An anycast address is used for one-to-one-of-many communication. Table G.3 compares some basic elements of IPv4 and IPv6 addressing.
Table G.3 Comparison of IPv4 and IPv6 Addressing Elements
Address Space Element IPv4 Address IPv6 Address
6 Appendix G IPv6 and IIS 6.0
Unspecified address 0.0.0.0 0:0:0:0:0:0:0:0: or ::
Loopback address 127.0.0.1 0:0:0:0:0:0:0:1: or ::1
Address types Public IPv4 addresses Global addresses (aggregatable global
Private IPv4 addresses, such Site-local addresses, which always begin
as: with FEC0::/48)
Automatic Private IP Link-local addresses, which always begin
Addressing (APIPA), which uses with FE80::/64
the 169.254.0.0/16 prefix
Text representation Dotted-decimal format Colon-hexadecimal format with
suppression of leading zeros and zero
compression. IPv4-compatible addresses
are expressed in dotted-decimal
Network bits representation Prefix-length notation only Subnet mask in dotted-decimal
format or prefix-length notation
DNS name resolution IPv4 host address (A) resource IPv6 host address (AAAA) resource 12record record
1 An A resource record, which is stored on your DNS servers, enables mapping from a host name to an IPv4 32-bit address.
2 AAAA (quad-A) resource records enable mapping from a host name to an IPv6 128-bit address.
Unicast addresses identify a single interface within the scope of a particular type of unicast
address. The scope of an address is the region of the IPv6 network over which the address is
unique. With the appropriate unicast routing topology, packets addressed to a unicast address are
delivered only to a single interface.
The following are types of unicast IPv6 addresses:
; Aggregatable global unicast addresses. Identified by the format prefix (FP) of 001, these
addresses are equivalent to public IPv4 addresses.
; Local-use unicast addresses. Provide two types of addresses:
; Link-local addresses. Identified by the FP of 1111 1110 10, these addresses are used by
nodes when they are communicating with neighboring nodes on the same link.
; Site-local addresses. Identified by the FP of 1111 1110 11, these addresses are
equivalent to the IPv4 private address space. Use these addresses between nodes that
communicate with other nodes in the same site.
错误？使用“开始”选项卡将 Heading 1,First Level Topic,h1 应用于要在此处显示的文字。 7
; Unspecified address. Used only to indicate the absence of an address; this type of address
cannot be assigned to a node. The IPv6 unspecified address, 0:0:0:0:0:0:0:0 or ::, is
equivalent to the IPv4 unspecified address of 0.0.0.0.
; Loopback address. Used to identify a loopback interface, which enables a node to send
packets to itself. The IPv6 loopback address, 0:0:0:0:0:0:0:1 or ::1, is equivalent to the IPv4
loopback address of 127.0.0.1.
; Transition, or compatibility, addresses. Provided to help you migrate from IPv4 to IPv6;
these addresses allow both types of hosts to coexist on your network.
Types of Transition IPv6 Addresses
To help you transition from IPv4 to IPv6 and to facilitate the coexistence of both types of hosts, IPv6 defines the following transition IPv6 addresses.
IPv4-compatible addresses are used by IPv6/IPv4 nodes that communicate with IPv6 over an
IPv4 infrastructure. IPv6/IPv4 nodes are nodes that run both the IPv4 and IPv6 protocols. The
format for an IPv4-compatible address is 0:0:0:0:0:0:w.x.y.z or ::w.x.y.z (where w.x.y.z is the dotted-decimal representation of a public IPv4 address). The IPv6 protocol for Windows XP and Windows Server 2003 provides support for IPv4-compatible addresses, but support is not enabled by default.
IPv4-mapped addresses are used to represent an IPv4-only node to an IPv6 node. The IPv4-
mapped address is never used as a source or destination address for an IPv6 packet. It is used only for internal representation. The format for an IPv4-mapped address is
0:0:0:0:0:FFFF:w.x.y.z or ::FFFF:w.x.y.z. The IPv6 protocol for Windows XP and Windows Server 2003 does not support IPv4-mapped addresses.
6to4 addresses are used for communicating between two nodes that are running both IPv4 and IPv6 over the Internet. The 6to4 address is formed by combining the prefix 2002::/16 with the 32 bits of the public IPv4 address of the node or the site of the node, thus forming a 48-bit prefix. For example, for the IPv4 address of 188.8.131.52, the 6to4 address prefix is 2002:836B:1::/48 (where 836B:1 is the colon hexadecimal notation for 184.108.40.206). Support for 6to4 addresses is provided by the IPv6 Helper service (known as the 6to4 service) that is included with the IPv6
protocol for Windows XP and Windows Server 2003.
Global addresses, which are identified by an FP of 001, and which are also called aggregatable global unicast addresses, are equivalent to public IPv4 addresses. Global addresses are globally routable and reachable on the IPv6 Internet.
As the name implies, you can aggregate, or summarize, global addresses to produce an efficient routing infrastructure. Unlike the current IPv4-based Internet, which has a mixture of both flat and hierarchical routing, the IPv6-based Internet is designed to support efficient hierarchical addressing and routing. The scope of a global address, which is the region of the IPv6
internetwork over which the address is unique, is the entire IPv6 Internet.
8 Appendix G IPv6 and IIS 6.0
Figure G.1 illustrates the structure of an IPv6 global address.
Figure G.1 Structure of an IPv6 Global Address
Indicates the Top Level Aggregation Identifier (TLA ID) for the address. The size of TLA ID field
this field is 13 bits. The TLA ID identifies the highest level in the routing hierarchy. TLA IDs are administered by the Internet Assigned Numbers Authority (IANA) and allocated to local Internet registries that, in turn, allocate individual TLA IDs to large, global Internet service providers (ISPs). A 13-bit field allows up to 8,192 different TLA IDs. Routers in the highest level of the IPv6 Internet routing hierarchy (called default-free routers) do not have a default route — only
routes with 16-bit prefixes corresponding to the allocated TLA IDs and additional entries for routes based on the TLA ID assigned to the routing region where the router is located.
Reserves space for future expansion of either the TLA ID or the NLA ID field. The Res field
size of this field is 8 bits.
Indicates the Next Level Aggregation Identifier (NLA ID) for the address. The NLA ID field
NLA ID identifies a specific customer site. The size of this field is 24 bits. The NLA ID allows an ISP to create multiple levels of addressing hierarchy to organize addressing and routing and to identify sites. The structure of the ISP's network is not visible to default-free routers.
Indicates the Site Level Aggregation Identifier (SLA ID) for the address. The SLA SLA ID field
ID is used by an individual organization to identify subnets within its site. The size of this field is 16 bits. An organization can use this field to create 65,536 subnets or multiple levels of addressing hierarchy. Being assigned an SLA Id is equivalent to being allocated an IPv4 Class A network ID (assuming that the last octet is used for identifying nodes on subnets). The structure of the customer's network is not visible to the ISP.
Identifies the interface of a node on a specific subnet. The size of this field is Interface ID field
For more information about IPv6 addressing, see RFC 2373, “IP Version 6 Addressing
Architecture.” For more information about IETF, including a repository of RFCs, see the Internet
Engineering Task Force (IETF) link on the Web Resources page at
How IIS 6.0 Supports IPv6
Except for the differences in functionality outlined in this section, IIS 6.0 provides the same Web services to clients that connect by using IPv6 as it does for clients that connect by using IPv4.
错误？使用“开始”选项卡将 Heading 1,First Level Topic,h1 应用于要在此处显示的文字。 9
Differences in IIS Functionality Between IPv4 and IPv6
IIS 6.0 provides the same core functionality for users of IPv6 as it does for users of IPv4. However, only a subset of IIS 6.0 functionality is available for users of IPv6. The following are the most significant differences:
; The IIS Manager user interface does not support IPv6 addresses. IIS Manager does not
display IPv6 addresses as it does IPv4 addresses; that is, the IIS user interface does not
provide a way to work with or manipulate IPv6 addresses. However, manipulating literal
hexadecimal IPv6 addresses is usually not recommended, so lack of this functionality is
unlikely to prevent you from installing and using IPv6.
; The IP Address Restrictions feature is not supported. The IP Address Restrictions feature
in IIS 6.0 does not support IPv6 addresses or IPv6 prefixes.
; Bandwidth throttling is not supported for responses sent over IPv6 addresses. If you
change the MaxBandwidth and MaxGlobalBandwidth metabase properties, you do not
affect IPv6 network traffic. However, connection limits and connection time-outs, which are
related IIS 6.0 features, are supported.
; The ServerBindings and SecureBindings metabase properties do not support IPv6
addresses. Both properties specify strings that IIS 6.0 uses to determine which network
endpoints are used by the server instance. The string format for the ServerBindings property
is IPAddress:Port:HostName. Both the IPAddress and HostName parameters of the string
are optional; however, the IPAddress component of the string is limited to storing an IPv4
address. Any unspecified parameters default to an all-inclusive wildcard.
Because of the limitations in IPv6 functionality for these metabase properties, IIS 6.0
functionality for IPv6 is affected as follows:
; Site routing is limited to host headers only. You cannot configure sites to route on an
IPv6 address or on a combination of an IPv6 address and host header. This limitation
also affects sites that are configured to route based on an IPv4 address. When you install
IPv6, sites that are already specifically configured for IPv4 site-based routing do not
respond to requests that come in over IPv6.
; The number of Secure Sockets Layer (SSL) sites is limited to one. Due to the IP
routing restriction for IPv6, IIS deployments designed for IPv6 addresses are limited to
one SSL site per computer.
; File Transfer Protocol (FTP), Simple Mail Transfer Protocol (SMTP), and Network
News Transfer Protocol (NNTP) services are not supported. IPv6 is supported only for
the WWW service. The FTP, SMTP, and NNTP services do not have IPv6 support in IIS 6.0. ; If you install IPv6 on a computer that is running IIS 6.0, all sites on the computer
respond to IPv6 clients. You cannot configure individual sites or virtual directories to
respond to IPv6 traffic while others on the same server respond to IPv4 traffic. ; Logging tools must support IPv6 address formats in order to function correctly. IIS
writes IPv6 addresses to the log file when IPv6 is enabled and client computers connect to
the server by using IPv6 addresses. Log parsing tools that are to be used with log files for
IPv6 sites must support IPv6 address formats.
10 Appendix G IPv6 and IIS 6.0
; The EnableReverseDnsLookup property is not supported. For IPv4, a value of true for
the EnableReverseDnsLookup metabase property allows reverse DNS lookup to determine
the DNS name of the client computer. For IPv6, however, this functionality is not enabled.
Setting the EnableReverseDnsLookup metabase property to true does not
cause the REMOTE_HOST server variable to return the DNS name of the
client, as it does for IPv4. REMOTE_HOST always contains the IPv6 address,
regardless of the EnableReverseDNSLookup property setting.
Using the IPv6-Aware ISAPI Server Variables
When you install IPv6 on a server running IIS 6.0, Internet Server API (ISAPI) server variables provide support for IPv6. The ISAPI framework provides the appropriate local-host and remote-host server variables for IPv6 network addresses: LOCAL_ADDR and REMOTE_ADDR. When clients connect over IPv6, these variables store the IPv6 address.
It is important to note that IPv6 addresses can be longer than IPv4 addresses, so you need to take steps to prevent buffer overruns when you install IPv6.
Buffer overruns are one of the most common causes of security breaches.
Preventing buffer overruns helps protect your server from being attacked.
To prevent buffer overruns, you must allocate more space to hold the string representation of IPv6 addresses. For example, the longest possible IPv4 string looks something like “220.127.116.11” (16 characters, including the trailing zero required to express the string in some programming languages), whereas the longest IPv6 string looks like
“1111:2222:3333:4444:5555:6666:18.104.22.168%1234567890,” which is 57-characters long,
including the trailing zero. Therefore, when you allocate buffers, use 16 characters for IPv4 addresses and 57 characters for IPv6 addresses.
The "%1234567890" portion of the string indicates the zone ID, which is an
integer that specifies the scope, or zone, of the destination. The zone ID is
needed when you are specifying a link-local destination address or a site-
local destination address (if you are using multiple sites). For link-local
addresses, the zone ID is typically equal to the interface index of the desired
sending interface. For site-local addresses, the zone ID is equal to the site
Both ISAPI server variables (LOCAL_ADDR and REMOTE_ADDR) use the typical IP address format for the applicable IP version (IPv4 or IPv6). For example, for an IPv6 request, both server variables use an IPv6 IP address in the colon-hexadecimal format; for an IPv4 request, both server variables use an IPv4 IP address in the dotted-decimal format. Note that the IPv6 address