February 27, 2010 at 22:59

IPv6 in the new TCP / IP stack of Windows

    Introduction


    In this mostly technical article, I’ll talk about IPv6 implementation in Microsoft’s new TCP / IP stack. The new stack has been included in Windows since Vista and Server 2003. A short introduction talks about what IPv6 is, and the next three sections talk about the differences between the new stack and the old one (in more detail about the differences associated with IPv6). I hope you are not afraid of too strict presentation.


    1. Introduction: briefly about IPv6


    IPv4

    The IP Version 4 (IPv4) protocol has not undergone any major changes since the RFC 791 published in 1981. Thanks to its successful initial design, IPv4 has passed the scalability test that accompanies the growth of its networks. IPv4 is robust, easy to implement and interoperate.

    However, by the beginning of the 90s, the TCP / IP-based Internet began to grow at an enormous rate. The decrease in the number of free IP addresses was dangerously fast even with the introduction of classless addressing. It became obvious that a way was needed to avoid a shortage in the future. In 1992, the IETF issued an RFC (RFC 1550) call for the development and publication of prototypes of a protocol called “IP The Next Generation” (IPng).


    NAT

    The invention in the mid-90s of Network Address Translation (NAT) helped to significantly slow down the decrease in the number of available addresses. NAT allows you to translate requests from the internal network to the external (for example, the Internet) using a single external IP address (NAT replaces addresses directly in the headers of the datagrams). However, NAT has its own drawbacks. Address translation violates the original model of connecting hosts on the Internet, thereby complicating their interaction and adversely affect performance.

    The disadvantages of NAT limit its scope, so NAT did not solve (although it significantly slowed down and allowed to win a lot of time) the problem of reducing the number of free addresses. In addition, IPv4 has a number of disadvantages, the elimination of which is not part of the NAT functions. These include, for example, too much routing tables on the main Internet routers, as well as the lack of a mandatory standard for the use of IPsec.


    IPv6

    In 1996, the IETF released a series of RFCs describing the result of work on IPng - Internet Protocol Version 6 (IPv6). The protocol combines the concepts of many IPv4 enhancements that already existed at that time within the framework of one standard. IPv6 is a fairly conservative extension of IPv4, and many transport and software layer protocols require minimal changes to work on top of IPv6 (or not at all).

    IPv6 includes the following key innovations:
    • A new header format designed to reduce its size to the minimum possible. All optional fields that were previously in the header are moved to the "extended headers" placed after the main one. Thanks to this, packet headers can now be processed more efficiently on intermediate routers.
    • New address format. The 16 bytes allocated for the address field allow for 3.8e38 combinations. This will completely abandon address translation technologies (such as NAT). In addition, the address space allows the formation of several levels of network nesting and forms an effective hierarchical routing infrastructure.
    • Mandatory IPsec support.
    • Stateless address configuration, which allows hosts on a network without a DHCP server to automatically configure IPv6 addresses using a router prefix or completely independently.
    • An improved priority delivery system, using the new fields in the IPv6 packet header, which describe how traffic should be identified and processed. Since priority information is in the header, even IPsec encoded packets support this option.
    • ICMPv6 is a new protocol for the interaction of hosts on the same network, replacing ARP and ICMPv4 Router Discovery.


    2. IPv6 implementations in Microsoft operating systems


    Microsoft IPv6 Implementations


    The first implementation of the Microsoft IPv6 stack is the pilot prototype implementation, released in 1998 by Microsoft Research, known as MSRIPv6 1.0. Its development and improvement were continued in the future, up to version 1.4.

    At the beginning of 2000, MS Research joined forces with the Windows Networking group, and in March, the IPv6 stack for Windows 2000 SP1 was available for download on the MSDN website for Technology Preview. Released in October 2001, Windows XP had native IPv6 support in the form of a Developer Preview stack (which, however, was not installed by default, but could be easily added later). Windows XP SP1 and Windows Server 2003 included the first fully supported and commercially available IPv6 stack from Microsoft.

    Released in 2007, Windows Vista included a new implementation of IPv6 (and the entire network subsystem in general), “Next Generation TCP / IP stack”. The new stack inherited the MSRIPv6 architecture, but the code was completely rewritten.

    As a result, there are currently 4 official Microsoft IPv6 implementations for industrial use:
    • The Next Generation TCP / IP stack for Windows Vista, Windows Server 2003 and Windows 7;
    • IPv6 protocol for the Windows Server 2003 family;
    • IPv6 for Windows XP Service Pack 1 and later;
    • IPv6 for Windows CE .NET 4.1 and later.

    Next Generation TCP / IP stack

    The TCP / IP protocol stack, included in Windows XP and Windows Server 2003, was created in the early 1990s and has undergone many changes and improvements during its existence. Next Generation TCP / IP stack is a complete replacement for the old network subsystem not only for IPv6, but also for IPv4.

    The architecture of the new stack is shown in the figure:

    Next Generation TCP / IP stack

    As can be seen from the figure, the new stack provides 3 APIs for accessing programs, services and system components to network functionality:
    • WSK (Winsock Kernel) - used by WSK clients (for example, network drivers).
    • Windows Sockets - Used by programs and services based on Windows Sockets. The Windows Sockets API, in turn, uses the Ancillary Function Driver (AFD) to work with TCP / IP sockets.
    • TDI - Used by NetBIOS over TCP / IP and other legacy TDI clients. The role of the layer between the TDI and the stack is played by the TDX driver.

    The stack interacts with the WFP (Windows Filtering Platform) Callout API, a universal interface for monitoring and modifying packages. With its help, Next Generation TCP / IP stack provides the ability to process packets at the network, channel and transport levels. A more detailed discussion of WFP is presented in Chapter 4.

    Frames are received and sent using the NDIS (Network Driver Interface Specification), developed by Microsoft in conjunction with the 3Com API for network adapters.

    Generally, the following levels can be distinguished in the architecture of the stack driver (tcpip.sys):
    • Transport Layer - contains implementations of TCP and UDP, as well as a mechanism for sending "raw" IP packets that do not have a TCP or UDP header.
    • Network Layer - contains IPv4 and IPv6 implementations combined in a dual IP layer.
    • Framing Layer - contains modules for framing IP packets. The layer includes modules for various physical network technologies (such as IEEE 802.3 (Ethernet), IEEE 802.11, PPP and IEEE 1394) and logical interfaces (loopback, IPv4 tunnels and IPv6 tunnels).


    3. Technological differences in the implementation of the new and old stacks


    Dual IP layer architecture

    IPv6 implementations in Windows XP and Windows Server 2003 had a dual-stack architecture. The old stack contained separate components for IPv4 and IPv6, each of which had its own implementation of TCP and UDP, as well as the data link layer.

    Next Generation TCP / IP stack is a single component with a two-layer IP architecture. IPv4 and IPv6 in it use the common transport and link layers. With a single TCP implementation, TCP over IPv6 has all the performance benefits inherent in the new stack. More on performance improvements will be discussed in Chapter 7.


    Winsock kernel

    Winsock Kernel (WSK) is a new kernel-level API designed to replace the Transport Driver Interface (TDI) used in Windows XP and Windows Server 2003. WSK has more performance and is easier to program. The new stack also supports TDI for backward compatibility, using TDX as a layer.

    Winsock Kernel uses the same concepts as the Winsock2 user interface. WSK supports common socket operations, such as creating sockets, redundancy, establishing a connection, receiving and transmitting data. However, it should be noted that WSK is a completely new interface with a number of unique features, such as asynchronous I / O using I / O request packets (IRP) and event callbacks to increase performance.


    Windows Filtering Platform

    The interfaces in the old stack related to security, firewall hook, filter hook and packet filter database have been replaced with a new framework called the Windows Filtering Platform (WFP). WFP provides filtering capabilities at all levels of the TCP / IP stack. Compared to previous technologies, WFP is more secure, directly integrated into the stack, and easier to program.

    Technically, WFP is a set of system services and APIs of user and kernel levels. WFP allows the development of firewalls and other software for connection management and packet processing. Windows Firewall in Windows Vista, Windows 7, and Windows Server 2008 use WFP.


    Receive-Side Scaling

    The architecture of NDIS 5.1 and earlier limited the processing of requests from a single network adapter to a single processor. Thus, even a multiprocessor computer involved only one processor to process network traffic. Receive-side scaling addresses this shortcoming by balancing network load across multiple processors.

    RSS enables the parallel execution of multiple deferred procedure calls (DPCs) for a single network adapter. In addition, if this option is supported by the network adapter, RSS allows parallel interrupts.


    Expandable infrastructure

    Thanks to the expandable infrastructure, the modular components of the new stack can be added or removed dynamically from it.


    4. Differences in standards and technology support


    IPsec

    In Windows XP and Windows Server 2003, Internet Protocol security support for IPv6 traffic was limited. The old TCP / IP stack did not support Internet Key Exchange (IKE) and data encryption. In addition, all IPsec rules and keys were configured by editing text files and activated using the IPsec6.exe command-line utility.

    The new stack supports IPsec for IPv6 as well as for IPv4. This support includes IKE and data encryption using AES 128/192/256, as well as configuration using graphical utilities.


    MLDv2

    The Multicast Listener Discovery (MLD) protocol is used by IPv6 switches to detect multicast listeners (nodes that receive multicast packets) on their network and determine which multicast addresses these nodes are interested in. The switch itself can be a multicast listener for one or more multicast addresses. In this case, he must inform the other switches on his network that he is receiving multicast packets. MLD is an analogue of the IGMP protocol for IPv6.

    New stack has added support for MLDv2. The difference between MLDv2 and the first version is support for "source filtering". The node has the ability to report that it only accepts multicast packets sent from one of the addresses from a specific set, or all multicast packets except those sent from an address from a specific set. It should be noted that despite the innovations, MLDv2 can interact with MLDv1.


    LLMNR

    The purpose of the Link-Local Multicast Name Resolution (LLMNR) is to provide the ability to resolve network names in situations where this is not possible using DNS (for example, when the network simply does not have a DNS server). In IPv4, NetBIOS over TCP / IP (NetBT) has traditionally been used for such purposes. However, NetBT only works with IPv4 and does not support IPv6. In addition, the network administrator can disable NetBT on a network using a DNS server.

    LLMNR supports all existing and future DNS formats, types, and classes. In this case, LLMNR uses its own port and a separate cache from DNS. LLMNR is not a replacement for DNS, as it is designed to work only on local networks.


    IPv6 over PPP

    Point-to-Point Protocol (PPP) provides a standard method for encapsulating network layer packets for point-to-point transmission. In addition, PPP includes the Link Control Protocol (LCP), used to configure and test the connection, as well as the family of Network Control Protocol (NCP) for various network layer protocols.

    The new TCP / IP stack has built-in support for transmitting IPv6 traffic using PPP. The stack includes NCP for IPv6, known as IPv6 Control Protocol (IPV6CP), and supports forwarding IPv6 packets over a PPP connection. For example, it is possible to connect to an ISP using IPv6 using dial-up or PPP over Ethernet.


    DHCPv6

    The “stateless address autoconfiguration” that appeared in IPv6 addresses the main reason for using DHCP on IPv4 networks, but cannot completely replace it. DHCPv6 can be used to assign hosts pre-selected addresses if the network administrator wants more control over the distribution of addresses. In addition, a DHCPv6 server can distribute information that hosts cannot receive in any other way — for example, DNS server addresses [NDP!].

    The DHCP client service in the new stack supports DHCPv6 and both modes of its configuration (stateless and stateful). The DHCP server in Windows Server 2008 also has DHCPv6 support.


    Random Interface Identifiers

    In order to prevent IPv6 address scans from searching for known identifiers of network adapter manufacturers, the new stack by default generates random interface identifiers for automatically configured IPv6 addresses.


    Using IPv6 Literal Addresses as a URL in WinInet

    Win32 Internet Extensions (WinInet) is a high-level API for accessing common Internet protocols. Unlike WinSock, it allows the developer not to worry about the details of the implementation of the corresponding protocols.

    On operating systems with a new stack, WinInet supports the use of literal IPv6 addresses in URLs. For example, in a browser based on WinInet (such as, for example, Internet Explorer), you can enter "http: // [2001: db8: 100: 2a5f :: 1]" in the address field. End users are unlikely to often use this innovation, but it will be useful for developers and testers of network applications and network administrators.



    Instead of the conclusion: if the article is so unformatted for habr, it will cause interest, I am ready to publish a sequel that will talk about improvements in the performance of the stack.
    Tags:

    Also popular now: