Page 1 of 2 12 LastLast
Results 1 to 15 of 18

Thread: Should we disable IPv6 ?

  1. #1
    Desparate Dan Guest

    Should we disable IPv6 ?

    Hi All.

    Please can you help with the query below.

    We are deploying Windows 2008 Domains on a new network and our network team
    have informed us that they have no plans to move to a IPv6 network.

    I am now thinking I should diable the IPv6 protocol stack on the Windows
    2008 servers.

    We ave the following queries on IPv6.

    - Does disabling the Windows 2008 IPv6 protocol stack cause any problems for
    Windows 2008 server communications.

    - Does leaving IPv6 installed cause any problems if our network team have no
    plans to move to an IPv6 network.

    - We intend to deploy Windows XP desktop and not Windows Vista on the
    desktop and we have no plans to add IPv6 to the Windows XP desktop build So
    is there any benefit in leaving the Windows 2008 IPv6 protocol stack
    installed.

    - All the Windows 2008 servers will be placed on the intyernal LAN and not
    in the DMZ. Our current understanding is that IPv6 is to help with IP
    addressing issues on the internet so is there any benefit on running IPv6 on
    servers that are not connected to the internet.

    Please can you help as we are very confused on the IPv6 protocol.

    Thanks in advance

  2. #2
    Lanwench [MVP - Exchange] Guest

    Re: Should we disable IPv6 ?

    My advice? If it ain't broke, don't fix it. There shouldn't be any problems
    leaving it configured on your servers even if you don't have any immediate
    plans to use it.

  3. #3
    Meinolf Weber [MVP-DS] Guest

    Re: Should we disable IPv6 ?

    Hello Desparate,

    I disagree with Lanwench, in lots of postings network/application problems
    where solved, when not used IPv6 on 2008 where complete disabled. I realized
    this myself also.

    See here about and how to:

  4. #4
    Kerry Brown Guest

    Re: Should we disable IPv6 ?

    You can probably get away with disabling IPv6 for now. Going forward we will
    all have to learn to live with it. Some features in Server 2008 R2 and
    Windows 7 rely on IPv6. This tells us that as Windows is updated over time
    more and more things will rely on IPv6. Even though you are using XP there
    is a distinct possibility that in the near future you will have to install
    IPv6 in XP to access some feature. Exchange 2007 on SBS 2008 requires IPv6
    on the server in it's default configuration. You can make it work with IPv6
    disabled but every time you run one of the SBS wizards it will be
    re-enabled. I haven't tried Exchange 2010 yet but I understand it also
    relies somewhat on IPv6. Certainly within the next ten years, if not sooner,
    IPv6 may be required for the Internet. If it's not deployed internally how
    much of a problem will this be? The answer is not certain. This is all a
    long winded way of saying if IPv6 is causing a problem turn it off for now.
    Then find out what caused the problem with IPv6 and fix it before you need
    to use IPv6 because sooner or later you will need to use it.

  5. #5
    Anteaus Guest

    Re: Should we disable IPv6 ?

    What you say about its use soon being forced on us is unfortunately very
    probable, however I prefer to disable IPv6 on the basis that there is a
    longstanding Windows tradition of unwanted and unneeded services providing
    backdoor-access to hackers. A key question here is whether IPv6 might provide
    a way to circumvent an otherwise-secure but only IPv4-aware firewall. I'm not
    sure about the likelihood of this being possible, but I sleep easier knowing
    it definitely ain't possible because IPv6 is off.

    The other aspect is that IPv6 has been around for an extremely long time
    (Windows 95 had it, IIRC) and let's face it, no-one used it then and still
    no-one does now. Not even the big hosting companies use it. It seems like the
    standards guys just don't want to acknowledge the fact that this protocol is
    the Ford Edsel of IT standards. At least Ford had the sense to realise 'There
    must be a reason why this model ain't selling' and go back to the
    drawing-board.

  6. #6
    Dave Warren Guest

    Re: Should we disable IPv6 ?

    There definitely are potential ways for IPv6 to be used as a backdoor,
    although mainly with otherwise problematic security designs.

    For me, the reason to turn off IPv6 was that we're not using it
    internally, and as a result it sits in an unconfigured state,
    effectively making up a 169.254 type IP for every machine on the LAN.

    I don't know about you, but I don't make it a habit to have my gear
    answering to randomly determined dynamically assigned IPs, and doing so
    adds substantial complexity.

    When and if I can actually route IPv6 packets directly over the internet
    peer-to-peer like IP was originally designed without using IPv4<-->IPv4
    hacks, I'll turn it on without a second thought, but until then, all it
    adds is needless complexity to a LAN, and potential backdoors from a
    WAN.

  7. #7
    Kerry Brown Guest

    Re: Should we disable IPv6 ?

    I don't disagree with anything you or Anteaus are saying. You both have
    some understanding of IPv6 and should be ready if/when it becomes needed.
    Most people don't understand it. My point was that most network admins are
    simply disabling it and hoping it will go away. It probably won't. They
    should be learning about it, ensuring their network is ready for it, then
    making an informed decision about if its currently needed on their network.

  8. #8
    Ace Fekay [Microsoft Certified Trainer] Guest

    Re: Should we disable IPv6 ?

    FWIW, I agree with you that this is the wave of the future. However, in some
    instances, even Microsoft had advised me directly when I was having a
    problem with Exchange 07 Outlook Anywhere connectivity where DSAccess
    requests were being dropped. I couldn't figure it out after hours of messing
    with it and with my knowledge of Ex07 and AD 2008. I finally called PSS, and
    after about 45 minutes, they suggested to disable it on both 2008 DCs, and
    on the Ex07 box, and voila! everything started working. Go figure..

    Here was one of the links the PSS engineer cited:
    The installation of the Exchange Server 2007 Hub Transport role is
    unsuccessful on a Windows Server 2008-based computer
    http://support.microsoft.com/?id=952842

  9. #9
    Kerry Brown Guest

    Re: Should we disable IPv6 ?

    There's definitely occasions where it might need to be turned off. I look at
    it like the early stages of using TCP/IP on internal networks. It was often
    easier to uninstall TCP/IP and use IPX/SPX or some other protocol. At the
    time whenever anyone had a problem uninstalling TCP/IP was always a
    suggested remedy. It often cured the symptom but eventually we all had to
    learn how to deal with TCP/IP.

  10. #10
    Ace Fekay [Microsoft Certified Trainer] Guest

    Re: Should we disable IPv6 ?

    Good point. I remember those days. Late 80's, early 90's.

    Believe me, if I could have, and gotten through that previous issue without
    pulling IPv6, I would have. So this tells me moving forward, unless there's
    a hotfix, update, etc, then I have to make sure that the Hub role is on a
    separate box not using IPv6, but then again, it would have to communicate
    with the mailbox server. Oh well, maybe this will be fixed in Exchange 12.

  11. #11
    Phillip Windell Guest

    Re: Should we disable IPv6 ?

    That would be me. I figure I will be at retirement age before it become
    common. I also do not see it being needed. With the invention of the RFC
    Private Ranges I don't see IPV6 to be needed. But I do see a need to grab
    these Universities and other organizations that have massive Ranges of
    Public IP#s just to use on their desktops and take them away from them and
    make them convert for RFC Private Ranges. I also don't see any need for
    some of the "experimental" Classes above A, B, and C. The RFC Private Ranges
    could be used for any "experimentation" they want to do. Then I don't see
    the need to waste whole Ranges of 16,777,216 Hosts for a LoopBack Address
    (127.0.0.1 which eats up the whole 127.x.x.x range) and the same situation
    in the multicasting that eats up the whole 224.x.x.x range for
    nothing,...those should be reduced to /24 bit ranges. If we fix all the
    wasteful "government style" managing of those things the IPV4 will have a
    long life.

    I don't see any way that my internal private network that has its addresses
    isolated from the rest of the world will ever *need* it. I also don't
    really see how the LAN can be "ready for it" while at the same time not
    actually using it. As far as I am concerned you are either using it and you
    remove IPV4,... or you are not and IPV4 is still in use,...I don't see any
    middle ground that is worth messing with.

    Just me 2 cents worth of nonsense...

  12. #12
    Dave Warren Guest

    Re: Should we disable IPv6 ?

    Not only did we have to learn how to deal with TCP/IP, but TCP/IP had to
    evolve to meet our needs.

    Even in today's TCP/IP-preferred world, if you go fire up Windows 95,
    you'll probably find yourself not using TCP/IP because it's simply not
    there yet.

    IPv4->IPv6 should be somewhat less painful since the underlying
    protocols are similar and the only major change is the addressing
    scheme, but it's still going to require overlapping support for many
    moons to come.

  13. #13
    Anteaus Guest

    Re: Should we disable IPv6 ?

    The issue, as I understand it, is that IPv4 addresses will eventually run
    out, and when they do, any new webhosts will have to use IPv6 addresses ONLY.
    Thus if your client-kit sticks with IPv4 after that date there will be a
    gradually-increasing number of websites which will be inaccessible to you.
    Whether this actually matters will of course depend on what you need to
    access.

    As for IPv6 being a logical step forward, I dispute that. On the contrary,
    IPv6 is a total departure from a well-proven scheme which works, to one which
    is not only unproven but which already has a number of identified
    compatibility bugs, for example IPv6 addresses are incompatible with UNC
    paths. Extending the existing scheme to five or six octets would be the
    simple, sensible choice, unfortunately the "Let's make things complicated"
    crew got-in on the act, as they so often do.

  14. #14
    Phillip Windell Guest

    Re: Should we disable IPv6 ?

    That "belief" was before the invention and wide use of RFC Private Address
    Ranges back when everyone used Public IP#s on all their desktops and their
    Firewalls did not run NAT or Proxying and only used straight ACLs. If all
    the wasted addresses were recovered as I described the amount of available
    addresses would be vastly increased.

    The Web Site will not be aware of, or ever "care", what IP version I run on
    the Private Side of my LAN. The Firewall would just run IPV4 on the Private
    Side and IPV6 (if forced by the ISP) on the Public Side.

    Yes, extending to 5 Octets would have been all they needed to do. For that
    matter they could have used 8 octects to give a 64 bit address and
    accomplished the same thing as the 64 bit IPV6 address and not screwed up
    all the routing and management principles that IPV4 operated on. People
    have been beating the IPV6 "war drums" accompanied by the paniced cry of
    "we're runnig out of addresses" for 10 years and it has never took hold
    yet,...this whole thing is not a recent or new thing,...it is just that so
    many people in IT have not been in it for ten years yet (too young) and no
    one remembers history beyond last week.

    Now,...someday,...if I am absolutely completely and totally forced to,...I
    will used IPV6,...but not two seconds before that happens.

  15. #15
    Ace Fekay [Microsoft Certified Trainer] Guest
    Last week? I remember watching a movie that says goldfish can't remember past 30 seconds... just kidding!

    Anyway, I also do see in the future that IPv6 will be widely used, but honestly I don't see it's value yet in private networks. I can see the value on the edge routers, at least for now. Who knows, maybe in the Star Trek days, we'll be using a 2048 bit IP addressing scheme, or greater. Imaging migrating to that!

    With my cats I think it is about 30 minutes or less :-)

    That's pretty much what I think it will be. IPv6 on the Public Side, IPv4
    on the private LAN. But I'm not expecting to see it very soon.

Page 1 of 2 12 LastLast

Similar Threads

  1. How to disable SSH and ipv6?
    By Kannad in forum Networking & Security
    Replies: 4
    Last Post: 10-01-2011, 07:03 PM
  2. Do you recommend to disable IPv6
    By dogaman in forum Networking & Security
    Replies: 5
    Last Post: 30-12-2010, 09:56 PM
  3. How to disable IPv6 in Windows 7?
    By Level8 in forum Operating Systems
    Replies: 8
    Last Post: 15-03-2010, 01:29 PM
  4. How to disable IPv6 in Ubuntu
    By Candace in forum Operating Systems
    Replies: 5
    Last Post: 23-01-2010, 05:15 AM
  5. Disable IPv6 on Windows vista
    By raj_cool in forum Networking & Security
    Replies: 4
    Last Post: 12-06-2009, 03:12 PM

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Page generated in 1,711,634,377.17319 seconds with 17 queries