IPv6 Stateless Auto Configuration in Windows 7

One of the really cool features included in IPv6 is the ability for host machines to auto configure their IP address and gateway. Although this was present in IPv4, it was limited to link-local, non-routable addressing (169.254.x.x). IPv6 provides the equivalent of DHCP within it’s design, but with a few twists. Let’s look at how a host would derive an IPv6 address using stateless auto configuration. The key to this is IEEE’s 64-bit Extended Unique Identifier, or EUI-64. In laymen’s terms, the host uses it’s layer 2 MAC address to derive an IPv6 network address. First, we take an example 48-bit MAC address in the standard format: 00-10-18-A1-0E-CF. We then split it down the middle and add 16 bits, always using FFFE (this is a reserved value that isn’t used by manufacturers). So, we wind up with the 0010:18FF:FEA1:0ECF. Next, we single out the first word value* (0010). I like to convert to binary for this, so 0010 (hex) becomes 10000 (binary). Expanding the format (adding zeros to get a full 16 bits), we get 0000 0000 0010 0000. Now we flip the 7th bit from the left and get 0000 0010 0010 0000. Then convert back to hex again so that 1000100000 (binary) becomes 210 (hex). Put it all together and we get a host identifier of 210:18FF:FEA1:ECF. The host machine will obtain it’s network prefix and gateway information through NDP and form it’s final IP address. Assuming we are in a /64 network, we might have a network prefix like 2001:470:1F0F:1149, so the complete IPv6 address would be 2001:470:1F0F:1149:210:18FF:FEA1:ECF.

Non-Windows machines stick to this format, and even XP and prior (with IPv6 installed) will behave like this. However, from Vista onward, Microsoft decided to break with standards (no surprise) and use a randomizing function for IPv6 auto configured addresses. We can disable this behavior with the following command:

[sourcecode language=”plain”]
netsh interface ipv6 set global randomizeidentifiers=disabled

In addition to the auto-configured IPv6 address, a host will also generate a random, temporary IPv6 address. This is used for Internet communication to help mitigate some security concerns. Remember, the interface identifier (in our example 210:18FF:FEA1:ECF) is unique and would not change even if the device were moved to a different topological network. The implication is that if we relied solely upon the interface identifier, devices could be tracked as they move from network to network (think mobile device i.e. cellphone or laptop). So, the temporary identifier is used to help obscure the client device, at least to some extent.

We also have a link-local address, which is derived from the interface identifier. Basically, we take the interface identifier and stick FE80 on the front end. In the above example, we end up with FE80:210:18FF:FEA1:ECF. This is required for NDP (Neighbor Discovery Protocol) to function properly.

What we are missing at this point is DNS. Stateless Auto Configuration only provides addressing and routing. But, it’s a start!

*The jury seems to be out on naming conventions for IPv6 address parts. We call individual parts of an IPv4 address octets, but in IPv6 these are 16 bit values. I tend to use hextet, although it isn’t really correct as a hextet is a six bit value.