Michael Surkan: Introduction to IPV6

Posted By: Charles | Nov 15th, 2006 @ 6:50 AM | 45,580 Views | 39 Comments
Ever wonder what the advent of IPV6 really means? Why does it matter, really? What about Toredo Server? What does it do and why? Well, wonder no more.

Meet Michael Surkan, Program Manager in the Networking group. From security to performance, Mike explains how IPV6 represents the future of the Internet even though it's been around for a while. Did you know that Windows Vista has native support for IPV6? Tune in and learn a lot more about this important networking construct.
Tag: IPv6
Media Downloads:
Rating:
0
0
#Nov 15th, 2006 @ 8:55 AM
JohnF
JohnF
No stout about it!
This is good, it would be great if channel9 done a series about deploying some of the new technologys, spotlights on these kind of technologys.
#Nov 15th, 2006 @ 9:20 AM
daSmirnov
daSmirnov
Awesome stuff.

But Chess Titans, and all the Windows games now have no support for playing over a network.  Gotta be on the local machine.
#Nov 15th, 2006 @ 9:45 AM
Charles
Charles
Welcome Change
daSmirnov wrote:
Awesome stuff.

But Chess Titans, and all the Windows games now have no support for playing over a network.  Gotta be on the local machine.


You are correct. I wonder how long that will be the case? Wink
#Nov 15th, 2006 @ 9:49 AM
Charles
Charles
Welcome Change
JohnF wrote:
This is good, it would be great if channel9 done a series about deploying some of the new technologys, spotlights on these kind of technologys.


We will be covering more IPV6 soon. For example, today I am interviewing a dev and PM on the networking team for a Going Deep on how to develop protocol agnostic code for Winsock and .NET.

For most technologies we cover on C9, we seldom only visit them once...
C
#Nov 15th, 2006 @ 11:01 AM
Bernard_Marx
Bernard_Marx
So, will IPv4 eventually be deprecated on a future version of Windows?  Not that I would expect that anytime soon, but it seems at some point there will be a benefit of not trying to work with both versions.
#Nov 15th, 2006 @ 11:09 AM
Michael Surkan
Michael Surkan
Bernard_Marx wrote:
So, will IPv4 eventually be deprecated on a future version of Windows?


There are no plans to deprecate IPv4 in Windows right now. I expect that IPv4 will be needed by most people for at least the next 10 years. We may well see the majority of traffic taking place over IPv6 5 years from now. However, there will still be hosts and systems people wish to reach that only have IPv4.
#Nov 15th, 2006 @ 11:09 AM
bitJunkie
bitJunkie

It's a very cool step forward..but in user land there needs to be a much better understanding of how all this works.

Right now you can run under IPV4 behind a NAT pretty much without firewall and antivirus software and survive to tell the tale.  Even if you have all sorts of random services running on the local machine.

My (limited?) understanding of IPV6 is that if you have these random services running and you set the network traversal flag in the windows firewall by accident or otherwise, the world and his dog can get access.  It will be like living in a network DMZ today.

In other words, while NATs have a serious effect on limiting connectivity we have all become comfortable with them providing an inherent degree of protection at a hardware level. 

In Vista (and once NATs become IPV6 compliant) the level of protection provided is purely through that network traversal flag...a software switch...nothing more.

It's all good, but there are going to be people who trip up on this...no wonder Michael was a bit twitchy about network shares over IPV6 Wink

#Nov 15th, 2006 @ 11:21 AM
Michael Surkan
Michael Surkan
bitJunkie wrote:
My (limited?) understanding of IPV6 is that if you have these random services running and you set the network traversal flag in the windows firewall by accident or otherwise, the world and his dog can get access.  It will be like living in a network DMZ today.


Keep in mind that this Edge Traversal flag must be set for EACH application or service that wants to recieve traffic over Teredo. Just having the flag set for one service won't mean that other services become accessible over the Internet via Teredo.

Still, it is true that Vista now gives users (and developers) the ability to easily have direct access to the Internet by doing nothing more than setting the Edge Traversal flag. This is a lot of power by enabling scenarios that were impossible before, but can certainly lead to grief if users (and applications) just start setting the Edge Traversal flag on every firewall exception as a matter of course.

You should only use Edge Traversal when you KNOW you want that particular appliation or service to be directly hosted on the Internet.

I suppose everyone would be safer if cars were banned and everyone had to ride the bus. Yes, giving people the ability to do new things opens the possibility for abuse, and problems. But that doesn't mean we should just never empower people (and developers) in the first place.

Also, let's keep this in perspective. Existing peer-to-peer applications make themselves directly reachable on the Internet today as it is (i.e. by sending keep-alive packets locking open holes in NATs). An application that uses the Edge Traversal flag in Vista is no more insecure than if that application had implemented it's own NAT traversal keep-alive architecture.
#Nov 15th, 2006 @ 11:32 AM
bitJunkie
bitJunkie
Thanks for the clarification there.  I don't mean to flame the work you've done at all - it's all sterling stuff.

I just intended to say that some people can live in a state of ignorant bliss with IPV4 NATs...not needing to be aware of how exposed the machine they are working on is.

You have to admit that NATs are a double edged sword at the moment..they do provide a large degree of protection - the burden of which is going to be passed on to the Windows firewall on the local machine once IPV6 becomes the de facto protocol.

I'm guessing at some point there's going to be a nice wizard that presents your internet footprint and vulnerabilities (built in to routers?) and accessible through Windows™ once you can make your white goods, your automatic curtain control and probably your toilet visible on the net via an IPV6 addresses.

Microsoft Communities