Re: Should we disable IPv6 ?
My advice? If it ain't broke, don't fix it. There shouldn't be any problems
leaving it configured on your servers even if you don't have any immediate
plans to use it.
Re: Should we disable IPv6 ?
Hello Desparate,
I disagree with Lanwench, in lots of postings network/application problems
where solved, when not used IPv6 on 2008 where complete disabled. I realized
this myself also.
See here about and how to:
Re: Should we disable IPv6 ?
You can probably get away with disabling IPv6 for now. Going forward we will
all have to learn to live with it. Some features in Server 2008 R2 and
Windows 7 rely on IPv6. This tells us that as Windows is updated over time
more and more things will rely on IPv6. Even though you are using XP there
is a distinct possibility that in the near future you will have to install
IPv6 in XP to access some feature. Exchange 2007 on SBS 2008 requires IPv6
on the server in it's default configuration. You can make it work with IPv6
disabled but every time you run one of the SBS wizards it will be
re-enabled. I haven't tried Exchange 2010 yet but I understand it also
relies somewhat on IPv6. Certainly within the next ten years, if not sooner,
IPv6 may be required for the Internet. If it's not deployed internally how
much of a problem will this be? The answer is not certain. This is all a
long winded way of saying if IPv6 is causing a problem turn it off for now.
Then find out what caused the problem with IPv6 and fix it before you need
to use IPv6 because sooner or later you will need to use it.
Re: Should we disable IPv6 ?
What you say about its use soon being forced on us is unfortunately very
probable, however I prefer to disable IPv6 on the basis that there is a
longstanding Windows tradition of unwanted and unneeded services providing
backdoor-access to hackers. A key question here is whether IPv6 might provide
a way to circumvent an otherwise-secure but only IPv4-aware firewall. I'm not
sure about the likelihood of this being possible, but I sleep easier knowing
it definitely ain't possible because IPv6 is off.
The other aspect is that IPv6 has been around for an extremely long time
(Windows 95 had it, IIRC) and let's face it, no-one used it then and still
no-one does now. Not even the big hosting companies use it. It seems like the
standards guys just don't want to acknowledge the fact that this protocol is
the Ford Edsel of IT standards. At least Ford had the sense to realise 'There
must be a reason why this model ain't selling' and go back to the
drawing-board.
Re: Should we disable IPv6 ?
There definitely are potential ways for IPv6 to be used as a backdoor,
although mainly with otherwise problematic security designs.
For me, the reason to turn off IPv6 was that we're not using it
internally, and as a result it sits in an unconfigured state,
effectively making up a 169.254 type IP for every machine on the LAN.
I don't know about you, but I don't make it a habit to have my gear
answering to randomly determined dynamically assigned IPs, and doing so
adds substantial complexity.
When and if I can actually route IPv6 packets directly over the internet
peer-to-peer like IP was originally designed without using IPv4<-->IPv4
hacks, I'll turn it on without a second thought, but until then, all it
adds is needless complexity to a LAN, and potential backdoors from a
WAN.
Re: Should we disable IPv6 ?
I don't disagree with anything you or Anteaus are saying. You both have
some understanding of IPv6 and should be ready if/when it becomes needed.
Most people don't understand it. My point was that most network admins are
simply disabling it and hoping it will go away. It probably won't. They
should be learning about it, ensuring their network is ready for it, then
making an informed decision about if its currently needed on their network.
Re: Should we disable IPv6 ?
FWIW, I agree with you that this is the wave of the future. However, in some
instances, even Microsoft had advised me directly when I was having a
problem with Exchange 07 Outlook Anywhere connectivity where DSAccess
requests were being dropped. I couldn't figure it out after hours of messing
with it and with my knowledge of Ex07 and AD 2008. I finally called PSS, and
after about 45 minutes, they suggested to disable it on both 2008 DCs, and
on the Ex07 box, and voila! everything started working. Go figure..
Here was one of the links the PSS engineer cited:
The installation of the Exchange Server 2007 Hub Transport role is
unsuccessful on a Windows Server 2008-based computer
http://support.microsoft.com/?id=952842
Re: Should we disable IPv6 ?
There's definitely occasions where it might need to be turned off. I look at
it like the early stages of using TCP/IP on internal networks. It was often
easier to uninstall TCP/IP and use IPX/SPX or some other protocol. At the
time whenever anyone had a problem uninstalling TCP/IP was always a
suggested remedy. It often cured the symptom but eventually we all had to
learn how to deal with TCP/IP.
Re: Should we disable IPv6 ?
Good point. I remember those days. Late 80's, early 90's.
Believe me, if I could have, and gotten through that previous issue without
pulling IPv6, I would have. So this tells me moving forward, unless there's
a hotfix, update, etc, then I have to make sure that the Hub role is on a
separate box not using IPv6, but then again, it would have to communicate
with the mailbox server. Oh well, maybe this will be fixed in Exchange 12.
Re: Should we disable IPv6 ?
That would be me. I figure I will be at retirement age before it become
common. I also do not see it being needed. With the invention of the RFC
Private Ranges I don't see IPV6 to be needed. But I do see a need to grab
these Universities and other organizations that have massive Ranges of
Public IP#s just to use on their desktops and take them away from them and
make them convert for RFC Private Ranges. I also don't see any need for
some of the "experimental" Classes above A, B, and C. The RFC Private Ranges
could be used for any "experimentation" they want to do. Then I don't see
the need to waste whole Ranges of 16,777,216 Hosts for a LoopBack Address
(127.0.0.1 which eats up the whole 127.x.x.x range) and the same situation
in the multicasting that eats up the whole 224.x.x.x range for
nothing,...those should be reduced to /24 bit ranges. If we fix all the
wasteful "government style" managing of those things the IPV4 will have a
long life.
I don't see any way that my internal private network that has its addresses
isolated from the rest of the world will ever *need* it. I also don't
really see how the LAN can be "ready for it" while at the same time not
actually using it. As far as I am concerned you are either using it and you
remove IPV4,... or you are not and IPV4 is still in use,...I don't see any
middle ground that is worth messing with.
Just me 2 cents worth of nonsense...
Re: Should we disable IPv6 ?
Not only did we have to learn how to deal with TCP/IP, but TCP/IP had to
evolve to meet our needs.
Even in today's TCP/IP-preferred world, if you go fire up Windows 95,
you'll probably find yourself not using TCP/IP because it's simply not
there yet.
IPv4->IPv6 should be somewhat less painful since the underlying
protocols are similar and the only major change is the addressing
scheme, but it's still going to require overlapping support for many
moons to come.
Re: Should we disable IPv6 ?
The issue, as I understand it, is that IPv4 addresses will eventually run
out, and when they do, any new webhosts will have to use IPv6 addresses ONLY.
Thus if your client-kit sticks with IPv4 after that date there will be a
gradually-increasing number of websites which will be inaccessible to you.
Whether this actually matters will of course depend on what you need to
access.
As for IPv6 being a logical step forward, I dispute that. On the contrary,
IPv6 is a total departure from a well-proven scheme which works, to one which
is not only unproven but which already has a number of identified
compatibility bugs, for example IPv6 addresses are incompatible with UNC
paths. Extending the existing scheme to five or six octets would be the
simple, sensible choice, unfortunately the "Let's make things complicated"
crew got-in on the act, as they so often do.
Re: Should we disable IPv6 ?
That "belief" was before the invention and wide use of RFC Private Address
Ranges back when everyone used Public IP#s on all their desktops and their
Firewalls did not run NAT or Proxying and only used straight ACLs. If all
the wasted addresses were recovered as I described the amount of available
addresses would be vastly increased.
The Web Site will not be aware of, or ever "care", what IP version I run on
the Private Side of my LAN. The Firewall would just run IPV4 on the Private
Side and IPV6 (if forced by the ISP) on the Public Side.
Yes, extending to 5 Octets would have been all they needed to do. For that
matter they could have used 8 octects to give a 64 bit address and
accomplished the same thing as the 64 bit IPV6 address and not screwed up
all the routing and management principles that IPV4 operated on. People
have been beating the IPV6 "war drums" accompanied by the paniced cry of
"we're runnig out of addresses" for 10 years and it has never took hold
yet,...this whole thing is not a recent or new thing,...it is just that so
many people in IT have not been in it for ten years yet (too young) and no
one remembers history beyond last week.
Now,...someday,...if I am absolutely completely and totally forced to,...I
will used IPV6,...but not two seconds before that happens.