Should we disable IPv6 ?

Discussion in 'Server Networking' started by Desparate Dan, Jun 18, 2009.

  1. Hi All.

    Please can you help with the query below.

    We are deploying Windows 2008 Domains on a new network and our network team
    have informed us that they have no plans to move to a IPv6 network.

    I am now thinking I should diable the IPv6 protocol stack on the Windows
    2008 servers.

    We ave the following queries on IPv6.

    - Does disabling the Windows 2008 IPv6 protocol stack cause any problems for
    Windows 2008 server communications.

    - Does leaving IPv6 installed cause any problems if our network team have no
    plans to move to an IPv6 network.

    - We intend to deploy Windows XP desktop and not Windows Vista on the
    desktop and we have no plans to add IPv6 to the Windows XP desktop build So
    is there any benefit in leaving the Windows 2008 IPv6 protocol stack
    installed.

    - All the Windows 2008 servers will be placed on the intyernal LAN and not
    in the DMZ. Our current understanding is that IPv6 is to help with IP
    addressing issues on the internet so is there any benefit on running IPv6 on
    servers that are not connected to the internet.

    Please can you help as we are very confused on the IPv6 protocol.

    Thanks in advance.

    Dan.
     
    Desparate Dan, Jun 18, 2009
    #1
    1. Advertisements

  2. Meinolf Weber [MVP-DS], Jun 18, 2009
    #2
    1. Advertisements

  3. Desparate Dan

    Kerry Brown Guest

    You can probably get away with disabling IPv6 for now. Going forward we will
    all have to learn to live with it. Some features in Server 2008 R2 and
    Windows 7 rely on IPv6. This tells us that as Windows is updated over time
    more and more things will rely on IPv6. Even though you are using XP there
    is a distinct possibility that in the near future you will have to install
    IPv6 in XP to access some feature. Exchange 2007 on SBS 2008 requires IPv6
    on the server in it's default configuration. You can make it work with IPv6
    disabled but every time you run one of the SBS wizards it will be
    re-enabled. I haven't tried Exchange 2010 yet but I understand it also
    relies somewhat on IPv6. Certainly within the next ten years, if not sooner,
    IPv6 may be required for the Internet. If it's not deployed internally how
    much of a problem will this be? The answer is not certain. This is all a
    long winded way of saying if IPv6 is causing a problem turn it off for now.
    Then find out what caused the problem with IPv6 and fix it before you need
    to use IPv6 because sooner or later you will need to use it.
     
    Kerry Brown, Jun 18, 2009
    #3
  4. Desparate Dan

    Anteaus Guest

    What you say about its use soon being forced on us is unfortunately very
    probable, however I prefer to disable IPv6 on the basis that there is a
    longstanding Windows tradition of unwanted and unneeded services providing
    backdoor-access to hackers. A key question here is whether IPv6 might provide
    a way to circumvent an otherwise-secure but only IPv4-aware firewall. I'm not
    sure about the likelihood of this being possible, but I sleep easier knowing
    it definitely ain't possible because IPv6 is off.

    The other aspect is that IPv6 has been around for an extremely long time
    (Windows 95 had it, IIRC) and let's face it, no-one used it then and still
    no-one does now. Not even the big hosting companies use it. It seems like the
    standards guys just don't want to acknowledge the fact that this protocol is
    the Ford Edsel of IT standards. At least Ford had the sense to realise 'There
    must be a reason why this model ain't selling' and go back to the
    drawing-board.
     
    Anteaus, Jun 22, 2009
    #4
  5. Desparate Dan

    Dave Warren Guest

    In message <> Anteaus
    There definitely are potential ways for IPv6 to be used as a backdoor,
    although mainly with otherwise problematic security designs.

    For me, the reason to turn off IPv6 was that we're not using it
    internally, and as a result it sits in an unconfigured state,
    effectively making up a 169.254 type IP for every machine on the LAN.

    I don't know about you, but I don't make it a habit to have my gear
    answering to randomly determined dynamically assigned IPs, and doing so
    adds substantial complexity.

    When and if I can actually route IPv6 packets directly over the internet
    peer-to-peer like IP was originally designed without using IPv4<-->IPv4
    hacks, I'll turn it on without a second thought, but until then, all it
    adds is needless complexity to a LAN, and potential backdoors from a
    WAN.
     
    Dave Warren, Jun 23, 2009
    #5
  6. Desparate Dan

    Kerry Brown Guest

    I don't disagree with anything you or Anteaus are saying. You both have
    some understanding of IPv6 and should be ready if/when it becomes needed.
    Most people don't understand it. My point was that most network admins are
    simply disabling it and hoping it will go away. It probably won't. They
    should be learning about it, ensuring their network is ready for it, then
    making an informed decision about if its currently needed on their network.
     
    Kerry Brown, Jun 23, 2009
    #6

  7. Kerry,

    FWIW, I agree with you that this is the wave of the future. However, in some
    instances, even Microsoft had advised me directly when I was having a
    problem with Exchange 07 Outlook Anywhere connectivity where DSAccess
    requests were being dropped. I couldn't figure it out after hours of messing
    with it and with my knowledge of Ex07 and AD 2008. I finally called PSS, and
    after about 45 minutes, they suggested to disable it on both 2008 DCs, and
    on the Ex07 box, and voila! everything started working. Go figure..

    Here was one of the links the PSS engineer cited:
    The installation of the Exchange Server 2007 Hub Transport role is
    unsuccessful on a Windows Server 2008-based computer
    http://support.microsoft.com/?id=952842


    --
    Ace

    This posting is provided "AS-IS" with no warranties or guarantees and
    confers no rights.

    Please reply back to the newsgroup/forum to benefit from collaboration among
    responding engineers, as well as to help others benefit from your
    resolution.

    Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSA Messaging, MCT
    Microsoft Certified Trainer

    http://twitter.com/acefekay

    For urgent issues, you may want to contact Microsoft PSS directly. Please
    check http://support.microsoft.com for regional support phone numbers.
     
    Ace Fekay [Microsoft Certified Trainer], Jun 23, 2009
    #7
  8. Desparate Dan

    Kerry Brown Guest

    There's definitely occasions where it might need to be turned off. I look at
    it like the early stages of using TCP/IP on internal networks. It was often
    easier to uninstall TCP/IP and use IPX/SPX or some other protocol. At the
    time whenever anyone had a problem uninstalling TCP/IP was always a
    suggested remedy. It often cured the symptom but eventually we all had to
    learn how to deal with TCP/IP.
     
    Kerry Brown, Jun 23, 2009
    #8
  9. Good point. I remember those days. Late 80's, early 90's.

    Believe me, if I could have, and gotten through that previous issue without
    pulling IPv6, I would have. So this tells me moving forward, unless there's
    a hotfix, update, etc, then I have to make sure that the Hub role is on a
    separate box not using IPv6, but then again, it would have to communicate
    with the mailbox server. Oh well, maybe this will be fixed in Exchange 12.

    Cheers!

    Ace
     
    Ace Fekay [Microsoft Certified Trainer], Jun 23, 2009
    #9
  10. That would be me. I figure I will be at retirement age before it become
    common. I also do not see it being needed. With the invention of the RFC
    Private Ranges I don't see IPV6 to be needed. But I do see a need to grab
    these Universities and other organizations that have massive Ranges of
    Public IP#s just to use on their desktops and take them away from them and
    make them convert for RFC Private Ranges. I also don't see any need for
    some of the "experimental" Classes above A, B, and C. The RFC Private Ranges
    could be used for any "experimentation" they want to do. Then I don't see
    the need to waste whole Ranges of 16,777,216 Hosts for a LoopBack Address
    (127.0.0.1 which eats up the whole 127.x.x.x range) and the same situation
    in the multicasting that eats up the whole 224.x.x.x range for
    nothing,...those should be reduced to /24 bit ranges. If we fix all the
    wasteful "government style" managing of those things the IPV4 will have a
    long life.

    I don't see any way that my internal private network that has its addresses
    isolated from the rest of the world will ever *need* it. I also don't
    really see how the LAN can be "ready for it" while at the same time not
    actually using it. As far as I am concerned you are either using it and you
    remove IPV4,... or you are not and IPV4 is still in use,...I don't see any
    middle ground that is worth messing with.

    Just me 2 cents worth of nonsense....

    --
    Phillip Windell

    The views expressed, are my own and not those of my employer, or Microsoft,
    or anyone else associated with me, including my cats.
    -----------------------------------------------------
     
    Phillip Windell, Jun 24, 2009
    #10
  11. Desparate Dan

    Dave Warren Guest

    In message <#> "Kerry Brown"
    Not only did we have to learn how to deal with TCP/IP, but TCP/IP had to
    evolve to meet our needs.

    Even in today's TCP/IP-preferred world, if you go fire up Windows 95,
    you'll probably find yourself not using TCP/IP because it's simply not
    there yet.

    IPv4->IPv6 should be somewhat less painful since the underlying
    protocols are similar and the only major change is the addressing
    scheme, but it's still going to require overlapping support for many
    moons to come.
     
    Dave Warren, Jun 25, 2009
    #11
  12. Desparate Dan

    Anteaus Guest

    The issue, as I understand it, is that IPv4 addresses will eventually run
    out, and when they do, any new webhosts will have to use IPv6 addresses ONLY.
    Thus if your client-kit sticks with IPv4 after that date there will be a
    gradually-increasing number of websites which will be inaccessible to you.
    Whether this actually matters will of course depend on what you need to
    access.

    As for IPv6 being a logical step forward, I dispute that. On the contrary,
    IPv6 is a total departure from a well-proven scheme which works, to one which
    is not only unproven but which already has a number of identified
    compatibility bugs, for example IPv6 addresses are incompatible with UNC
    paths. Extending the existing scheme to five or six octets would be the
    simple, sensible choice, unfortunately the "Let's make things complicated"
    crew got-in on the act, as they so often do.
     
    Anteaus, Jun 27, 2009
    #12
  13. That "belief" was before the invention and wide use of RFC Private Address
    Ranges back when everyone used Public IP#s on all their desktops and their
    Firewalls did not run NAT or Proxying and only used straight ACLs. If all
    the wasted addresses were recovered as I described the amount of available
    addresses would be vastly increased.
    The Web Site will not be aware of, or ever "care", what IP version I run on
    the Private Side of my LAN. The Firewall would just run IPV4 on the Private
    Side and IPV6 (if forced by the ISP) on the Public Side.

    Yes, extending to 5 Octets would have been all they needed to do. For that
    matter they could have used 8 octects to give a 64 bit address and
    accomplished the same thing as the 64 bit IPV6 address and not screwed up
    all the routing and management principles that IPV4 operated on. People
    have been beating the IPV6 "war drums" accompanied by the paniced cry of
    "we're runnig out of addresses" for 10 years and it has never took hold
    yet,...this whole thing is not a recent or new thing,...it is just that so
    many people in IT have not been in it for ten years yet (too young) and no
    one remembers history beyond last week.

    Now,...someday,...if I am absolutely completely and totally forced to,...I
    will used IPV6,...but not two seconds before that happens.

    --
    Phillip Windell

    The views expressed, are my own and not those of my employer, or Microsoft,
    or anyone else associated with me, including my cats.
    -----------------------------------------------------
     
    Phillip Windell, Jun 29, 2009
    #13
  14. In

    Last week? I remember watching a movie that says goldfish can't remember past 30 seconds... just kidding!

    Anyway, I also do see in the future that IPv6 will be widely used, but honestly I don't see it's value yet in private networks. I can see the value on the edge routers, at least for now. Who knows, maybe in the Star Trek days, we'll be using a 2048 bit IP addressing scheme, or greater. Imaging migrating to that!

    Ace
     
    Ace Fekay [Microsoft Certified Trainer], Jun 29, 2009
    #14
  15. "Ace Fekay [Microsoft Certified Trainer]" <>
    wrote in message In
    With my cats I think it is about 30 minutes or less :)
    That's pretty much what I think it will be. IPv6 on the Public Side, IPv4
    on the private LAN. But I'm not expecting to see it very soon.

    --
    Phillip Windell

    The views expressed, are my own and not those of my employer, or Microsoft,
    or anyone else associated with me, including my cats.
    -----------------------------------------------------
     
    Phillip Windell, Jun 29, 2009
    #15
  16. Desparate Dan

    Kerry Brown Guest

    Kerry Brown, Jun 30, 2009
    #16
  17. You make an excellent point, and I can see that happening, so my reference for a future 2048 bit IP scheme may be too conservative that far in the (Star Trek based) future and would probably be more realistic 20 - 30 years from now. Who knows what it will be 200 years from now?

    But for now, IMHO, I think it will be quite awhile before it is fully adopted, but more so, understood by many. I can imagine the tech support calls to Cisco's Linksys division by home users within the next few years if it gets implemented as the default scheme on their home routers to support the then new devices (such as what you listed and more) taking advantage of the built-in routing functions, not to mention the influx of course requests for IPv6. The course requests alone will be an advantage for me as a trainer, but we'll cross that road when we get there!

    Cheers!

    Ace
     
    Ace Fekay [Microsoft Certified Trainer], Jun 30, 2009
    #17
  18. Well,..then,..I think we need to start a rebellion! It's us -vs- the
    Carpet-Dwellers and their protable devices and toasters! I knew I always
    hated breakfast for a reason! <hehe>

    --
    Phillip Windell

    The views expressed, are my own and not those of my employer, or Microsoft,
    or anyone else associated with me, including my cats.
    -----------------------------------------------------
     
    Phillip Windell, Jun 30, 2009
    #18
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.