39

Background: I have a windows 2008 machine and I want to make it a Domain Controller in a test domain made of two virtual machines. dcpromo pops up a warning if IP addresses for the machine are not statically configured. Disabling IPv6 is not an option since it's required by Exchange, which in turn is a prerequisite for the software I must test.

The question: How should I configure the IPv6 properties of the network adapter to use a static ipv6 address? what is the "ipv6 equivalent" of a static 192.168.x.x ipv4 address?

masegaloeh
  • 18,498
Paolo Tedesco
  • 1,386

8 Answers8

28

Since IPv6 will become the main growth protocol on the Internet around 2011, it is a good idea to keep IPv6 enabled and to learn how to do these things right.

The address that you mentioned, 192.168.x.x is an RFC1918 private address in IPv4. It is intended for traffic which is private to one network (or organization) and does not normally cross the organization's network boundaries. RFC 1918 cause people a lot of grief when companies are aquired because people often discover that two or more networks are using the same addresses. In some large companies, they have run out of RFC 1918 address space and have had to supplement it with registered addresses.

In IPv6, the equivalent type of address is called ULA. However, the block set aside for this usage is almost inconcievably vast. There is no way that anyone could ever use it up, and to avoid the possibility of collisions as much as possible, the IETF has asked people to pick their ULA block randomly. The easiest way to do this is to use the generator tool at SixXS. Type in a MAC address from your network card, click generate, and you have a ULA block. You can then use this block to assign IPv6 static addresses and subnets to all devices at your site. You can use any MAC address, it is just there to seed the random number generator.

If you want to, you can also register your use of that ULA prefix at the SixXS page, but you don't have to do this.

Note that the /48 gives you 16 bits of space to break out /64 subnets, so if you are just setting up one server on one network, then pick one /64 subnet and use one address. People often reserve low addresses for various things such as ::1 for a router.

Assuming that you choose the ULA fdec:c0bb:c329::/48, then you could pick fdec:c0bb:c329:0001::7 for your lucky new mail server on fdec:c0bb:c329:0001::/64

Michael Dillon
  • 1,839
16

I used this page: https://simpledns.plus/private-ipv6. it explained what the others are saying about it not really being required, but helped me "make something up".

The IPv6 address space is so huge (2128) that everyone should be able to get a public IP address for every device they will ever own. So theoretically it shouldn't be necessary to have private IPv6 addresses like the 192.168.x.x and 10.x.x.x addresses in IPv4.

However until you can actually get an IPv6 address range from your ISP, you may want to use "private" addresses for internal networks and testing etc. In IPv6 there is a special "Unique Unicast" IP range of fc00::/7 which should be used for this as per RFC4193. The official definition looks like this:

| 7 bits |1|  40 bits   |  16 bits  |          64 bits           |
+--------+-+------------+-----------+----------------------------+
| Prefix |L| Global ID  | Subnet ID |        Interface ID        |
+--------+-+------------+-----------+----------------------------+

In practice such address will always start with "fd" because the 8th (L) bit must be one. The "Global ID" and "Subnet ID" must be random to ensure uniqueness (which is what this page does). You are free to assign addresses from the rest (Interface ID).

Please note:
A former standard proposed the use of so-called "site-local" addresses in the fec0::/10 range. This has been deprecated (see RFC3879) and should no longer be used.

I needed to supply a static IPv6 address to my IPv6-enabled DHCP server in Windows Server 2008 R2.

ParkerM
  • 103
Christopher
  • 1,391
8

The replacement for private IP addresses in IPv6 is the Unique Local Address.

Charles
  • 1,244
5

It's only a warning. You can ignore it. It won't affect the promotion or operation of the DC if you're not using IPv6 addresses.

joeqwerty
  • 111,849
1

If you disable IPv6 on an Exchange Server, your server will run, but it will throw multiple errors and it will take 3 times longer to fully reboot the system. I thought I have a major hardware failure when my server almost refused to fully reboot, umtil I found it was caused by disabling IPv6.

Mitchell Earl
  • 11
1

To clarify, if your Windows server has a 6to4 adapter (Device Manager>Network Adapters) it will generate and bind an IPv6 Address. Unchecking the protocol in the Ethernet properties box will not change that. If there is an IPv6 address, it will be included in the email header from your exchange server. Today, organizations such as GMAIL do reverse lookups on an IPV6 address if it is included, and will reject the message if there is not a reverse DNS entry for your IPv6 address. Many organizations have static IPv4 addresses with mx records and reverse DNS lookup but do not have or maybe don't know the static IPv6 addresses from their internet provider. In order to get mail to be accepted by gmail, they just disable the 6to4 Adapter. That works but is not a permanent fix, If IPv6 is not disabled in the registry, on restart, the server can create a new 6to4 Adapter to replace the disabled one. Not sure if the best approach is to disable IPv6, to contact your provider to see if they can provide static IPv6 addresses for you, or to create a reverse DNS entry for the ULA address your computer generated on it's own

Bob
  • 11
  • 1
1

You shouldn't configure a static. IPv6 should come up with just the link-local address automatically.

Brian Knoblauch
  • 2,196
0

I just made the following LAN-local v6 subnet and reverse DNS zone generator for my own use; I hope it may be generally helpful. It also handles multiple sizes of subnets:

http://v6.ponderworthy.com

Jonathan E. Brickman
  • 9