Windows Server 2008 should install IPv4 and IPv6 by
default so that you can configure them on the network interface card
(NIC). If they’re not already installed, you can install them from the
Local Area Connection Properties dialog box. We’ll briefly look at
configuring IPv4 and IPv6 on the Windows Server 2008 NIC before heading
into the DHCP configuration settings, where network IP settings are
managed. Although we’re assuming you’re familiar with IPv4 and IPv6 to
some extent, we’ve included Table 1
to give you a quick review of the differences between IPv4 and IPv6. If
anything in this table is unfamiliar to you, please take some time out
to revisit your IPv4 and IPv6 fundamentals.
Table 1. IPv4 and IPv6 Comparison
Category | IPv4 | IPv6 |
---|
Address length | 32 bits | 128 bits |
Notation style | Four sets of three digits separated by a dot | Eight sets of four digits separated by a colon |
Compression | If all three digits are zero, single zero is used | If all four digits are zero, a double colon is used |
Types of addresses | Public, private, multicast | Global, local-use unicast, anycast |
IPsec support | Optional | Required |
Fragmentation | Done by hosts and routers | Done by hosts only |
Error reporting and diagnostic | ICMP (for IPv4) | ICMPv6 |
Router discovery support | Optional | Required |
Host configuration | DHCP or manual | Automatic, DHCP or manual |
DNS record type for name resolution | A record | AAAA record |
DNS record type and location for reverse name resolution | PTR records in IN-ADDR.ARPA domain | PTR records in IP6.ARPA domain |
IPv4 Quick Review
You
can skip this section if you’re familiar with addressing in the IPv4
format. If not, this section will provide a very brief review. If it’s
not enough information for you, please refer to additional resources
(some of which are mentioned throughout this chapter) to make sure
you’re comfortable with addressing in both schemas.
IPv4
typically uses three classes of network addresses—A, B, and C. A is for
large networks (like the Internet), B is for medium networks, and C is
for small networks. Each has a maximum number of network IDs and host
IDs. In recent years as IP addresses became scarce, network address
translation became popular. This method enables companies to use
private IP addressing internally and then connect through an Internet
Service Provider with a public IP address. This translation allows
multiple companies to use the same internal IP addressing and it’s only
when traffic needs to cross the public network (the Internet) that
addressing becomes important—so it gets translated to a unique public
IP address for its trip to and from the Internet. Many smaller
companies use the Class C 192.168.0.x range of private network
addresses, though there are Class A and Class B private network
addresses as well. Table 2 delineates the Class A, B, and C network ID boundaries along with network and host bits.
Table 2. IP Address Classes for IPv4 Networks
Class | Network Bits | Number of Networks | Host Bits | Maximum Number of Hosts |
---|
A | 8 | 126 | 24 | 16,777,214 |
B | 16 | 16,384 | 16 | 65,534 |
C | 24 | 2,097,152 | 8 | 254 |
The
subnet mask is used to indicate the network portion of an IP address. A
subnet mask of 255.255.255.0 indicates that only the right-most eight
bits (represented by the 0) are the host ID portion of the IP address,
and the other 24 bits (represented by 255.255.255) are the network
portion of the IP address. In this case, you have 1 through 254 as
potential host IP addresses (i.e., 192.168.0.1 through 192.168.0.254).
In many small companies, having 254 IP addresses for computers is more
than enough. Many companies use the private network address space for
addressing internal to their organization. This provides flexibility in
addressing but requires the use of network address translation, so that the private IP addresses are translated into public IP addresses only when they cross your router to the Internet service
provider’s (ISP’s) connection to the Internet. This network could be
notated as 192.168.0.1/24, indicating the subnet mask or number of bits
masked is 24. This style of notation, referred to as
network/bits-masked notation is used in the Classless Inter-Domain
Routing or CIDR. This same style of notation is used in IPv6 as well.
If
you’re not already familiar with IP addressing, you would do well to
study this topic before taking the exam. IPv4 is the familiar IP
addressing format with four octets. You’ve probably all seen
192.168.0.1, for example. IPv4 addresses require the use of a subnet
mask and use four bytes (32 bits). IPv6 was developed because the world
was running out of valid IP addresses under the IPv4 schema. IPv6 uses
a different format than IPv4, but the underlying basics are similar,
though there are significant differences between the two. IPv6 uses 16
bytes or 128 bits. There are a lot of great resources on IP addressing,
but two of my favorites are www.learntosubnet.com and www.tcpipguide.com/free/t_toc.htm
(this one unfortunately has a lot of pop up ads, but the information is
solid). You can also get a quick refresher on the Microsoft Web site at
http://support.microsoft.com/kb/164015.
Of course, there are a lot of great books that discuss IP addressing if
you really want to get in-depth knowledge in this area.
If you want to brush up on IPv6, you can read an overview article from Microsoft at http://technet2.microsoft.com/windowsserver/en/library/892c53fa-cf13-43d7-8086-11ab9ac1f0e81033.mspx or at http://download.microsoft.com/download/e/9/b/e9bd20d3-cc8d-4162-aa60-3aa3abc2b2e9/IPv6.doc. If you’re brand new to IPv6, you might find this basic primer helpful, located on the Microsoft Web site at http://technet.microsoft.com/en-us/library/bb726944.aspx. There are a couple of others you might find helpful at www.windowsnetworking.com/articlestutorials/Crash-Course-IPv6-Part1.html and www.windowsnetworking.com/aritclestutorials/Get-Ready-Run-IPv6.html to help you get up to speed on IPv6.
Keep
in mind that because IPv6 is supported in Windows Server 2008, you can
expect to see a lot of IPv6 types of questions. Even if your
organization is not planning on going to IPv6 any time soon, you’ll
need to be familiar with the in’s and out’s of this protocol in order
to successfully navigate the Windows Server 2008 exams.
|
Configuring Local IPv4 Settings
The Windows Server 2008 computer’s network interface card can be configured with IPv4 and IPv6 addressing (see Exercise 10.1). As you know, you can access the computer’s network settings in any one of several ways. Figure 1 shows the Local Area Connection Properties dialog box. IPv4 and IPv6 are both installed and enabled by default in Windows Server 2008 due to the implementation of Next Generation TCP/IP stack,
which supports a dual IP stack sharing common transport and framing
layers. If for some reason IPv6 is not installed and enabled on your
Windows Server 2008 computer, you can install it by clicking the Install button and following the prompts.
To configure IPv4 settings, click to select Internet Protocol Version 4 (TCP/IPv4), then click Properties. The IPv4 Properties dialog will open, as shown in Figure 2.
For client computers, you’ll typically select “Obtain an IP address
automatically” so the client can utilize the DHCP server for dynamic
addressing. In the case of a server, however, you typically choose a
static IP address. We’ll discuss creating a reservation within the DHCP
server scope later in this chapter. You create a reservation on the
DCHP server to ensure that the static IP address assigned to this
server is not used by any other computer on the network. As you can see
in this example, the server is manually configured to use 192.168.0.91
with a default gateway located at 192.168.0.2. The subnet mask for this
network is 255.255.255.0, the standard subnet mask for a Class C
private network address. You can also see that the primary and
alternate DNS servers are located at 192.168.0.90 and 192.168.0.91,
respectively. Advanced options allow you to configure additional DNS options as well as WINS servers, if needed. Click OK once you’ve configured your IPv4 settings.
|
A
full discussion of the changes to the TCP/IP implementation in Windows
Server 2008 is outside the scope of this book but you might be
interested in reading about this topic, especially if you plan on
implementing IPv6 in your organization anytime soon. Microsoft’s
TechNet has an article located at www.microsoft.com/technet/community/columns/cableguy/cg0905.mspx that discusses the Next Generation TCP/IP Stack in Windows Vista and Windows Server 2008. There’s also an article at www.microsoft.com/technet/community/columns/cableguy/cg1005.mspx
that discusses the changes in TCP/IP in Windows Vista and Windows
Server 2008. There are, of course, many other references on IPv6 but
these are good to start with prior to the Windows Server 2008 exam.
|
Configuring IPv4 Options
In
Windows Server 2008, you can use IPv4, IPv6, or a combination of the
two. This is similar to Windows Server 2003, though in Windows Server
2008, IPv6 is enabled by default whereas in Windows Server 2003, you
can add IPv6 if needed. Briefly, you should understand your network’s
physical and logical configuration if you’re modifying IP address
configurations, such as creating a new subnet. In addition, if you are
implementing a new network altogether, you should take time to map out
the physical and logical structure as well as create your IP addressing
scheme. Planning in advance of implementation is crucial to avoid
time-consuming errors. Each IPv4 host computer needs, at minimum, a
host ID, a subnet mask, and a default gateway. You can also designate
the preferred and alternate DNS server along with the WINS server, if
used. Let’s start with subnetting for IPv4 networks, since this is the
most common IP option used.
Subnetting
IPv4
networks are divided into five types: A, B, C, D, and E though the
commonly used are A, B, and C. This system is now referred to as classful
networking because each range of IP addresses falls into one of these
classes. Later implementations of IPv4 and all implementations of IPv6
are considered classless, to distinguish them from this system. We’ll discuss the classless system, known as CIDR,
later in this chapter. Class A networks originally were intended for
large organizations that had few networks but millions of hosts. Class
C networks, on the other end of the spectrum, were designed for small
companies that have perhaps a few hundred hosts. Class D networks are
for IP multicast addresses and Class E addresses were not supported by
Microsoft as late as Windows Server 2003. In Windows Server 2008, IPv4
and IPv6 are both supported; we’ll discuss IPv6 later in this chapter.
Back
to our discussion of classes. Class A addresses used 8 bits to define
the network address and 24 bits to define host addresses. The left-most
bit must be set to zero, so in practice, you can use only the
right-most 7 bits of the left-most octet. If you’re really good with
binary and octal math, you know that there can be only 126 networks in
the Class A category—total worldwide. A Class A network, however, can
have 16,777,214 hosts in each network. Table 10.2, earlier in the chapter, shows the number of networks and hosts in each class of network.
As
you can see, when you use 7 bits for the network ID in Class A, it
yields only 126 possible network addresses, but millions of host IDs.
When you use 8 bits for the host
ID, it yields only 254 host IDs. If you recall, there are rules about
the use of all ones or all zeros; it explains the discrepancy between
the number of IDs and the number of bits used in the right-most and
left-most segments of the IPv4 address. There are five rules you have
to follow when enumerating IPv4 addresses:
All bits in the host ID cannot be set to 1. That’s reserved for broadcast addresses.
All bits in the host ID cannot be set to 0. That’s reserved for IP network IDs.
Class A network IDs must have 0 as the left-most bit.
Class B network IDs must have 10 as the two left-most bits.
Class C network IDs must have 110 as the three left-most bits.
The
host ID must be unique to the network. It makes sense that you can have
two IP addresses that are the same only if they are on different
networks that never talk to one another. Otherwise, there’d be no way
to differentiate between two hosts.
With
the increasing popularity of computer networking, at some point it
became clear that the world would run out of valid IP addresses. As you
can see from Table 10.2,
there are only 16,384 possible Class B networks worldwide and there are
only 2,097,152 Class C network IDs available. So, there are just over
2.1 million network IDs available and it’s not hard to estimate there
are far more networks than that in the world. As the number of
available IP addresses decreased, private network addressing and
network address translation grew in popularity and use.
Today
many companies are using private IP addresses internally, then using
Network Address Translation (NAT) when communicating across a public
network (the Internet). The benefit of NAT is that you can use an
internal addressing scheme that suits your company and network traffic
cannot be routed outside the network unless it’s translated into a
public address. Internet service provider’s routers will simply discard
packets with private IP addresses. In our examples, we’ll use the
private IP range of 192.168.0.1 through 192.168.0.254 for illustration,
but you can utilize any of the private address ranges, which are:
10.0.0.0 to 10.255.255.255
172.16.0.1 to 172.31.255.255
192.168.0.1 to 192.168.255.255
Private
network addresses still come in Class A, B, and C flavors, but Company
1 can use a Class B private network address and so can Company 2, 3,
4....n.
These addresses are not passed through routers heading out to the
Internet; instead, they are translated into a public IP address,
typically provided by the ISP. This provides a lot of flexibility in
terms of addressing for companies and ISPs. In addition, CIDR was
introduced, which was a step toward the classless system used in IPv6.
More on CIDR later in this chapter.
If
you choose to use private network addressing for your network, you will
also need to have an ISP provide you with a public IP address and
you’ll need to utilize either a Proxy Server or NAT Router so that your
private addressing can be routed out of the network to the Internet.
This
chapter doesn’t cover Active Directory (AD), but it’s important to
understand that subnets are assigned to sites through the AD interface.
A subnet can belong to only one site; a site can contain more than one
subnet. Here’s the quick way to create a subnet in Active Directory.
Remember, though, that this is different than setting up DHCP options,
which we’ll discuss later in this chapter.
In Active Directory Sites and Services, shown in Figure 3, right-click the Subnets icon in the console tree and select New Subnet
from the menu. The New Object Subnet dialog box is displayed. Enter the
address prefix using network prefix notation (address/prefix length).
You can enter either IPv4 or IPv6 subnet notation. The dialog box gives
two examples—one of IPv4 and one of IPv6—along with a text box into
which you can enter the prefix. For example, you might enter
192.168.7.0/24. Select the site with which the subnet should be
associated, then click OK
to apply the change and create a new subnet. When reading an exam
question related to subnets, be sure to understand the context so you
can decide whether you need to look at AD or DHCP for the answer.
|
Tip
Remember
that subnets are assigned to sites via Active Directory Sites and
Services console whereas subnetting options are set up in the DHCP
Server role. Also remember that subnets can easily be moved to
different sites within the AD Sites and Services console simply by
double-clicking the subnet in the Subnets folder and changing the site
association in the Site selection list on the General tab. Changing the
Site may impact other settings, so clearly you should have a plan in
place before modifying these kinds of settings.
Supernetting
Another
IP innovation that was developed prior to the implementation of IPv6 is
supernetting. Supernetting is the combining of several smaller Class C
networks into one larger network in order to accommodate the need for a
network larger than Class C but not as large as a Class B. It is, in
essence, the opposite of subnetting. This is also called Classless Inter-Domain Routing
(CIDR) and is used to express a range of Class C networks at a single
route. A super-netted subnet mask contains fewer network ID bits than a
standard IPv4 subnet mask. CIDR sometimes is thought of as a group or
range of Class C networks, but with the introduction of IPv6, CIDR is
perhaps more fittingly viewed as an address space in which multiple
classful networks are combined into a single, classless network.
If
you consider a supernet as a range of Class C network IDs, you can
easily understand supernetting. In order to create a supernet, you must
have contiguous Class C network IDs (i.e., they must be sequential) and
the number of Class C network IDs must be expressed as a power of 2
(due to the use of weighted binary in IPv4 addressing). Typically, a
subnet mask for a Class C network would be 255.255.255.0 or it could be
notated as the network ID with /24 indicating that 24 bits were used
for the network ID.
Again,
we’re assuming you have a basic understanding of IP addressing
including subnetting and supernetting—we’re providing this information
as a basic review for you. The Windows Server 2008 exam is likely to
focus less on IPv4 than on the coexistence of IPv4 and IPv6 in the
enterprise, so that’s where your focus should be. Understanding the
evolution of IPv4 helps you understand the new features of IPv6.
Alternative Configuration
Automatic
alternate configuration is an enhancement to TCP/IP that allows for a
valid static IP address configuration on DHCP configured machines.
Without an alternate configuration defined, a computer that is unable
to obtain an IP address lease from a DHCP server would automatically
receive an Automatic Private IP Address (APIPA) from the 169.254.0.0/16
pool. If you’re troubleshooting network connectivity (or answering a
question about network connectivity on the exam) and you see that an
address in this range has been assigned, it indicates the host was
unable to obtain a valid IP lease. When answering questions about IP
addressing on the exam, always think through the address provided and
what the implications of that address might be.
Internet Protocol Version 6 (IPv6)
A
discussion of IPv6 could take up an entire chapter and the focus of
this chapter is configuring IPv6, so we’re working on the assumption
you have some familiarity with IPv6. That said, we’ll spend just a bit
of time here reviewing some of the basics to give you a quick
refresher. If you’re fully up to speed on IPv6, feel free to skip this
section. If there are any concepts you’re not familiar with, you should
do additional research to fill in any gaps. Earlier in the chapter, we
provided several links to resources you might want to look at it
improve your IPv6 skills if you’re not already conversant with the IPv6
addressing requirements.
IPv6 Address Format
As
you know, IPv6 provides an alternative to the shortage of IPv4
addresses. As such, it uses 128 bits instead of the 32 bits used in
IPv4. This enables 75 trillion trillion (yes, two trillions follow the number 75) potential unique IP addresses (or 296).
Much of the newer hardware and software now supports IPv6 addressing
(IPv6 has been around a while) but you can’t simply plug in IPv6
equipment and expect everything to work. There are numerous transition
technologies available, a full discussion of which is outside the scope
of this chapter.
Typically,
the IPv6 address is divided in half—64 bits for the network component
and 64 bits for the host component. However, the IPv6 addressing format
also used the CIDR notation, so that an address might look like this:
2424:DC8:4138::/48 indicating that the network is identified using 48
bits.
Each
section of an IPv6 address is four digits, which are in hexadecimal
format. That means that numbers can range from zero to F (0–F) in each
place. F in hexadecimal is 15 and numbers 0 through F produces 16
numbers (hence the term hexadecimal). There
are eight groups of numbers and hypothetically, each can range from
0000 to FFFF (as with IPv4 addressing, there are rules about zeros and
ones that we won’t go into at the moment). Thus, an example of an IPv6
address is 4F5C:0000:0000:0000: BA59:093C:D102:4612. You can omit
leading zeros and consecutive groups of zeros. When you omit groups of
zeros, you use a double colon (::) notation. To determine how many
groups of zeroes were omitted, you simply count the number of groups
and subtract from eight. Thus, the address
4F5C:0000:0000:0000:BA59:093C:D102:4612 can be represented as
4F5C::BA59:93C:D102:4612.
IPv6 Address Types
Briefly,
there are several types of IPv6 addresses. If you’re not familiar with
these, you’ll need to do a bit of independent reading to fill in the
gaps.
Local-link addresses. Addresses that are accessible only on the local network segment.
Unique local IPv6 unicast addresses. Routable on your network but not accessible from the Internet.
Global unicast addresses. Addresses that can be routed on the IPv6 Internet (a portion of the Internet that uses IPv6).
Multicast addresses. Single host can communicate with multiple recipients.
Anycast addresses. Addresses that can be assigned to multiple interfaces, such as assigning a single IPv6 address to a multihomed computer.
Special addresses. Includes special purpose addresses like loopback and others.
A local link address
is used like a private address in IPv4. As such, it is not routable
because the network prefix is always the same. In IPv6, the first
left-most 10 digits are always 1111 1110 10. The next 54 bits are
always 0. This comprises the 64-bit unroutable network ID. The
right-most 64 bits are the host portion of the address. Thus, the
local-link address is written as FE80::/64. If you run the ipconfig /all command from the command line on a Windows Server 2008 computer, you’ll see the local link address listed.
Global addresses
are like IPv4 public addresses and are routable across the Internet.
The first three bits of a global address are 001, the next 45 bits are
used for the global routing prefix, followed by 16 bits for the subnet
ID. The remaining 64 bits identify the host segment of the address.
This creates an address prefix notated in this way: 2000::/3.
A few of the special addresses include the following:
::1/128 (or just ::1). Local loopback address, refers to the local computer.
::FFFF:0:0/96. Prefix used for IPv4 mapped addresses.
2002::/16. Used for 6to4 addressing (discussed later in this section).
FE80::/64. A local-link address. Seeing this address assigned to an interface indicates there was no DHCPv6 server available.
Note
that almost all hosts can self-configure IPv6 local-link addresses
themselves without contacting a DHCP server (or other infrastructure
component), but additional configuration information is required for
unique local addresses, global addresses, and other address types and
that information typically does come from the DHCP server or other
infrastructure component. IPv4 clients will look for a local DHCP
server when they start up. By contrast, IPv6 clients will try to get
address information from a router and perform a DHCP query only if
instructed by the router to perform a stateful configuration.
IPv6 Autoconfiguration Options
Depending
on how your IPv6 routers are set up, autoconfiguration of an IPv6
client can happen in three ways: stateless, stateful, and both. In stateless mode, an IPv6 client configures its own IPv6 address by using IPv6 Router Advertisements. In stateful
mode, an IPv6 client will get its addressing information from a DHCPv6
server when it receives Router Advertisement messages with no prefix
options (and when certain other conditions are met). This also occurs
if no IPv6 routers are available. The both
option uses stateful and stateless together. The most common example of
this is an IPv6 client using stateless autoconfiguration to obtain an
IPv6 address and using stateful autoconfiguration to get DNS and other
IP configuration information from a DHCPv6 server.
In
addition, addresses can be nontemporary (the equivalent of static IP
addresses in IPv4) or temporary. Routers, gateways, and other devices
may need these types of addresses and, just as with IPv4, you can allow
a host to autoconfigure or you can manually set up the IPv6 addressing.
IPv6 Transition Technologies
Since
the transition to IPv6 won’t happen overnight (or even anytime soon),
there are numerous ways companies can transition to IPv6. For more
information, you can visit the Microsoft Web site and query the title “IPv6 Transition Technologies” for more information.
Dual IP Layer architecture. Allows computers to communicate using both IPv6 and IPv4. This is required for ISATAP and Teredo hosts and for 6to4 routers.
IPv6 over IPv4 tunneling.
Places IPv6 packet data inside of an IPv4 header with an IP Protocol
value of 41. This tunneling technique is used with ISATAP or 6to4.
Intra-Site Automatic Tunnel Addressing Protocol (ISATAP). Allows IPv6 hosts to use IPv6 over IPv4 tunneling to communicate on intranets.
6to4. Allows IPv6 hosts to communicate with the IPv6 Internet. A 6to4 router with a public IPv4 address is required.
Teredo. Allows IPv4/IPv6 hosts to communicate with the IPv6 Internet even if they are behind a network address translator (NAT).
As
you can imagine, it’s a major job to roll out IPv6 in an organization.
Windows Server 2008 and Windows Vista natively understand IPv6, but
older operating systems, software programs, and hardware devices may
not. Before you decide to run with IPv6, set up a test lab, configure
it to use IPv6 and test your hardware, software, routers, and other
network infrastructure in a closed environment. If you roll it out into
a live environment, you are all but guaranteed that something will not
work as expected. There are numerous tools available via the Microsoft
Web site (and others) that will help you plan, assess, and manage your
transition.
|
Configuring IPv6 Settings
When
you access the local area connection properties of the Windows Server
2008 computer, you also have the option of configuring IPv6 settings if
IPv6 is installed (it is installed by default in Windows Server 2008,
so it should be there). You should be able to access IPv6 settings from
the Local Area Connection PropertiesInstall button and follow the on-screen prompts to install IPv6. Then, access the Local Area Connection Properties to configure the settings. dialog box. If IPv6 is not shown, the protocol is not installed. Click the
In the Local Area Connection Properties dialog box, shown in Figure 1 you can configure IPv6 addressing options by selecting Internet Protocol Version 6 (IPv6) and clicking Properties. The IPv6 Properties dialog box will open, as shown in Figure 4.
As
with IPv4, you would typically allow host computers to obtain an IPv6
address automatically from the DHCP server. However, since this
computer is a server, you may want to assign a nontemporary
IP address to it (recall that nontemporary is the IPv6 equivalent of a
static IP address in IPv4). If you choose to use a nontemporary
address, you could click the radio button next to “Use the following
IPv6 address:” and
enter the specifics. Also remember that if you set a nontemporary IP
address here, you should create a reservation for this address in the
DHCP server so that this address does not get assigned to another
computer on the network. Best practices typically include creating your
DHCP server scope and reservations before activating the DHCP server,
then activating the DHCP server and assigning nontemporary (and static)
IP addresses. This helps avoid potential problems with IP address
assignments.
Let’s
look at how to configure IPv4 and IPv6 options in DHCP in Windows
Server 2008. We’re assuming you’ve enabled the DHCP Server role from
within the Windows Server 2008 management console. If not, do so now
but keep in mind that you want to do this on a test network or in a lab
setting. As you know, activating more than one DHCP server on a network
can cause the whole thing to crash, so be sure you’re not connected in
a way that will cause real-world problems.