Should we disable IPv6 ?

Hi All.

Please can you help with the query below.

We are deploying Windows 2008 Domains on a new network and our network team
have informed us that they have no plans to move to a IPv6 network.

I am now thinking I should diable the IPv6 protocol stack on the Windows
2008 servers.

We ave the following queries on IPv6.

- Does disabling the Windows 2008 IPv6 protocol stack cause any problems for
Windows 2008 server communications.

- Does leaving IPv6 installed cause any problems if our network team have no
plans to move to an IPv6 network.

- We intend to deploy Windows XP desktop and not Windows Vista on the
desktop and we have no plans to add IPv6 to the Windows XP desktop build So
is there any benefit in leaving the Windows 2008 IPv6 protocol stack
installed.

- All the Windows 2008 servers will be placed on the intyernal LAN and not
in the DMZ. Our current understanding is that IPv6 is to help with IP
addressing issues on the internet so is there any benefit on running IPv6 on
servers that are not connected to the internet.

Please can you help as we are very confused on the IPv6 protocol.

Thanks in advance.

Dan.

Hello Desparate,

I disagree with Lanwench, in lots of postings network/application problems
where solved, when not used IPv6 on 2008 where complete disabled. I realized
this myself also.

See here about and how to:
http://blogs.dirteam.com/blogs/paulb...dows-2008.aspx

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Hi All.
>
> Please can you help with the query below.
>
> We are deploying Windows 2008 Domains on a new network and our network
> team have informed us that they have no plans to move to a IPv6
> network.
>
> I am now thinking I should diable the IPv6 protocol stack on the
> Windows 2008 servers.
>
> We ave the following queries on IPv6.
>
> - Does disabling the Windows 2008 IPv6 protocol stack cause any
> problems for Windows 2008 server communications.
>
> - Does leaving IPv6 installed cause any problems if our network team
> have no plans to move to an IPv6 network.
>
> - We intend to deploy Windows XP desktop and not Windows Vista on the
> desktop and we have no plans to add IPv6 to the Windows XP desktop
> build So is there any benefit in leaving the Windows 2008 IPv6
> protocol stack installed.
>
> - All the Windows 2008 servers will be placed on the intyernal LAN and
> not in the DMZ. Our current understanding is that IPv6 is to help
> with IP addressing issues on the internet so is there any benefit on
> running IPv6 on servers that are not connected to the internet.
>
> Please can you help as we are very confused on the IPv6 protocol.
>
> Thanks in advance.
>
> Dan.
>

You can probably get away with disabling IPv6 for now. Going forward we will
all have to learn to live with it. Some features in Server 2008 R2 and
Windows 7 rely on IPv6. This tells us that as Windows is updated over time
more and more things will rely on IPv6. Even though you are using XP there
is a distinct possibility that in the near future you will have to install
IPv6 in XP to access some feature. Exchange 2007 on SBS 2008 requires IPv6
on the server in it's default configuration. You can make it work with IPv6
disabled but every time you run one of the SBS wizards it will be
re-enabled. I haven't tried Exchange 2010 yet but I understand it also
relies somewhat on IPv6. Certainly within the next ten years, if not sooner,
IPv6 may be required for the Internet. If it's not deployed internally how
much of a problem will this be? The answer is not certain. This is all a
long winded way of saying if IPv6 is causing a problem turn it off for now.
Then find out what caused the problem with IPv6 and fix it before you need
to use IPv6 because sooner or later you will need to use it.

--
Kerry Brown
MS-MVP - Windows Desktop Experience: Systems Administration
http://www.vistahelp.ca/phpBB2/




"Desparate Dan" <(E-Mail Removed)> wrote in message
news:F2E28B5D-049B-49A6-B19E-(E-Mail Removed)...
>
> Hi All.
>
> Please can you help with the query below.
>
> We are deploying Windows 2008 Domains on a new network and our network
> team
> have informed us that they have no plans to move to a IPv6 network.
>
> I am now thinking I should diable the IPv6 protocol stack on the Windows
> 2008 servers.
>
> We ave the following queries on IPv6.
>
> - Does disabling the Windows 2008 IPv6 protocol stack cause any problems
> for
> Windows 2008 server communications.
>
> - Does leaving IPv6 installed cause any problems if our network team have
> no
> plans to move to an IPv6 network.
>
> - We intend to deploy Windows XP desktop and not Windows Vista on the
> desktop and we have no plans to add IPv6 to the Windows XP desktop build
> So
> is there any benefit in leaving the Windows 2008 IPv6 protocol stack
> installed.
>
> - All the Windows 2008 servers will be placed on the intyernal LAN and not
> in the DMZ. Our current understanding is that IPv6 is to help with IP
> addressing issues on the internet so is there any benefit on running IPv6
> on
> servers that are not connected to the internet.
>
> Please can you help as we are very confused on the IPv6 protocol.
>
> Thanks in advance.
>
> Dan.
>
>

What you say about its use soon being forced on us is unfortunately very
probable, however I prefer to disable IPv6 on the basis that there is a
longstanding Windows tradition of unwanted and unneeded services providing
backdoor-access to hackers. A key question here is whether IPv6 might provide
a way to circumvent an otherwise-secure but only IPv4-aware firewall. I'm not
sure about the likelihood of this being possible, but I sleep easier knowing
it definitely ain't possible because IPv6 is off.

The other aspect is that IPv6 has been around for an extremely long time
(Windows 95 had it, IIRC) and let's face it, no-one used it then and still
no-one does now. Not even the big hosting companies use it. It seems like the
standards guys just don't want to acknowledge the fact that this protocol is
the Ford Edsel of IT standards. At least Ford had the sense to realise 'There
must be a reason why this model ain't selling' and go back to the
drawing-board.


"Kerry Brown" wrote:

> You can probably get away with disabling IPv6 for now. Going forward we will
> all have to learn to live with it. Some features in Server 2008 R2 and
> Windows 7 rely on IPv6. This tells us that as Windows is updated over time
> more and more things will rely on IPv6. Even though you are using XP there
> is a distinct possibility that in the near future you will have to install
> IPv6 in XP to access some feature. Exchange 2007 on SBS 2008 requires IPv6
> on the server in it's default configuration. You can make it work with IPv6
> disabled but every time you run one of the SBS wizards it will be
> re-enabled. I haven't tried Exchange 2010 yet but I understand it also
> relies somewhat on IPv6. Certainly within the next ten years, if not sooner,
> IPv6 may be required for the Internet. If it's not deployed internally how
> much of a problem will this be? The answer is not certain. This is all a
> long winded way of saying if IPv6 is causing a problem turn it off for now.
> Then find out what caused the problem with IPv6 and fix it before you need
> to use IPv6 because sooner or later you will need to use it.
>
> --
> Kerry Brown
> MS-MVP - Windows Desktop Experience: Systems Administration
> http://www.vistahelp.ca/phpBB2/
>
>
>
>
> "Desparate Dan" <(E-Mail Removed)> wrote in message
> news:F2E28B5D-049B-49A6-B19E-(E-Mail Removed)...
> >
> > Hi All.
> >
> > Please can you help with the query below.
> >
> > We are deploying Windows 2008 Domains on a new network and our network
> > team
> > have informed us that they have no plans to move to a IPv6 network.
> >
> > I am now thinking I should diable the IPv6 protocol stack on the Windows
> > 2008 servers.
> >
> > We ave the following queries on IPv6.
> >
> > - Does disabling the Windows 2008 IPv6 protocol stack cause any problems
> > for
> > Windows 2008 server communications.
> >
> > - Does leaving IPv6 installed cause any problems if our network team have
> > no
> > plans to move to an IPv6 network.
> >
> > - We intend to deploy Windows XP desktop and not Windows Vista on the
> > desktop and we have no plans to add IPv6 to the Windows XP desktop build
> > So
> > is there any benefit in leaving the Windows 2008 IPv6 protocol stack
> > installed.
> >
> > - All the Windows 2008 servers will be placed on the intyernal LAN and not
> > in the DMZ. Our current understanding is that IPv6 is to help with IP
> > addressing issues on the internet so is there any benefit on running IPv6
> > on
> > servers that are not connected to the internet.
> >
> > Please can you help as we are very confused on the IPv6 protocol.
> >
> > Thanks in advance.
> >
> > Dan.
> >
> >
>

In message <983CFDBA-66B6-485F-84F7-(E-Mail Removed)> Anteaus
<(E-Mail Removed)> was claimed to have wrote:

>What you say about its use soon being forced on us is unfortunately very
>probable, however I prefer to disable IPv6 on the basis that there is a
>longstanding Windows tradition of unwanted and unneeded services providing
>backdoor-access to hackers. A key question here is whether IPv6 might provide
>a way to circumvent an otherwise-secure but only IPv4-aware firewall. I'm not
>sure about the likelihood of this being possible, but I sleep easier knowing
>it definitely ain't possible because IPv6 is off.

There definitely are potential ways for IPv6 to be used as a backdoor,
although mainly with otherwise problematic security designs.

For me, the reason to turn off IPv6 was that we're not using it
internally, and as a result it sits in an unconfigured state,
effectively making up a 169.254 type IP for every machine on the LAN.

I don't know about you, but I don't make it a habit to have my gear
answering to randomly determined dynamically assigned IPs, and doing so
adds substantial complexity.

When and if I can actually route IPv6 packets directly over the internet
peer-to-peer like IP was originally designed without using IPv4<-->IPv4
hacks, I'll turn it on without a second thought, but until then, all it
adds is needless complexity to a LAN, and potential backdoors from a
WAN.

"Dave Warren" <dave-(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> In message <983CFDBA-66B6-485F-84F7-(E-Mail Removed)> Anteaus
> <(E-Mail Removed)> was claimed to have wrote:
>
>>What you say about its use soon being forced on us is unfortunately very
>>probable, however I prefer to disable IPv6 on the basis that there is a
>>longstanding Windows tradition of unwanted and unneeded services providing
>>backdoor-access to hackers. A key question here is whether IPv6 might
>>provide
>>a way to circumvent an otherwise-secure but only IPv4-aware firewall. I'm
>>not
>>sure about the likelihood of this being possible, but I sleep easier
>>knowing
>>it definitely ain't possible because IPv6 is off.
>
> There definitely are potential ways for IPv6 to be used as a backdoor,
> although mainly with otherwise problematic security designs.
>
> For me, the reason to turn off IPv6 was that we're not using it
> internally, and as a result it sits in an unconfigured state,
> effectively making up a 169.254 type IP for every machine on the LAN.
>
> I don't know about you, but I don't make it a habit to have my gear
> answering to randomly determined dynamically assigned IPs, and doing so
> adds substantial complexity.
>
> When and if I can actually route IPv6 packets directly over the internet
> peer-to-peer like IP was originally designed without using IPv4<-->IPv4
> hacks, I'll turn it on without a second thought, but until then, all it
> adds is needless complexity to a LAN, and potential backdoors from a
> WAN.

I don't disagree with anything you or Anteaus are saying. You both have
some understanding of IPv6 and should be ready if/when it becomes needed.
Most people don't understand it. My point was that most network admins are
simply disabling it and hoping it will go away. It probably won't. They
should be learning about it, ensuring their network is ready for it, then
making an informed decision about if its currently needed on their network.

--
Kerry Brown
MS-MVP - Windows Desktop Experience: Systems Administration
http://www.vistahelp.ca/phpBB2/

"Kerry Brown" <(E-Mail Removed)*a*m> wrote in message
news:(E-Mail Removed)...
>
> I don't disagree with anything you or Anteaus are saying. You both have
> some understanding of IPv6 and should be ready if/when it becomes needed.
> Most people don't understand it. My point was that most network admins are
> simply disabling it and hoping it will go away. It probably won't. They
> should be learning about it, ensuring their network is ready for it, then
> making an informed decision about if its currently needed on their
> network.
>


Kerry,

FWIW, I agree with you that this is the wave of the future. However, in some
instances, even Microsoft had advised me directly when I was having a
problem with Exchange 07 Outlook Anywhere connectivity where DSAccess
requests were being dropped. I couldn't figure it out after hours of messing
with it and with my knowledge of Ex07 and AD 2008. I finally called PSS, and
after about 45 minutes, they suggested to disable it on both 2008 DCs, and
on the Ex07 box, and voila! everything started working. Go figure..

Here was one of the links the PSS engineer cited:
The installation of the Exchange Server 2007 Hub Transport role is
unsuccessful on a Windows Server 2008-based computer
http://support.microsoft.com/?id=952842


--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Please reply back to the newsgroup/forum to benefit from collaboration among
responding engineers, as well as to help others benefit from your
resolution.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSA Messaging, MCT
Microsoft Certified Trainer
(E-Mail Removed)
http://twitter.com/acefekay

For urgent issues, you may want to contact Microsoft PSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

"Ace Fekay [Microsoft Certified Trainer]" <(E-Mail Removed)>
wrote in message news:(E-Mail Removed)...
> "Kerry Brown" <(E-Mail Removed)*a*m> wrote in message
> news:(E-Mail Removed)...
>>
>> I don't disagree with anything you or Anteaus are saying. You both have
>> some understanding of IPv6 and should be ready if/when it becomes needed.
>> Most people don't understand it. My point was that most network admins
>> are simply disabling it and hoping it will go away. It probably won't.
>> They should be learning about it, ensuring their network is ready for it,
>> then making an informed decision about if its currently needed on their
>> network.
>>
>
>
> Kerry,
>
> FWIW, I agree with you that this is the wave of the future. However, in
> some instances, even Microsoft had advised me directly when I was having a
> problem with Exchange 07 Outlook Anywhere connectivity where DSAccess
> requests were being dropped. I couldn't figure it out after hours of
> messing with it and with my knowledge of Ex07 and AD 2008. I finally
> called PSS, and after about 45 minutes, they suggested to disable it on
> both 2008 DCs, and on the Ex07 box, and voila! everything started working.
> Go figure..
>
> Here was one of the links the PSS engineer cited:
> The installation of the Exchange Server 2007 Hub Transport role is
> unsuccessful on a Windows Server 2008-based computer
> http://support.microsoft.com/?id=952842
>
>
> --
> Ace
>
> This posting is provided "AS-IS" with no warranties or guarantees and
> confers no rights.
>
> Please reply back to the newsgroup/forum to benefit from collaboration
> among responding engineers, as well as to help others benefit from your
> resolution.
>
> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSA Messaging, MCT
> Microsoft Certified Trainer
> (E-Mail Removed)
> http://twitter.com/acefekay
>
> For urgent issues, you may want to contact Microsoft PSS directly. Please
> check http://support.microsoft.com for regional support phone numbers.
>
>
There's definitely occasions where it might need to be turned off. I look at
it like the early stages of using TCP/IP on internal networks. It was often
easier to uninstall TCP/IP and use IPX/SPX or some other protocol. At the
time whenever anyone had a problem uninstalling TCP/IP was always a
suggested remedy. It often cured the symptom but eventually we all had to
learn how to deal with TCP/IP.

--
Kerry Brown
MS-MVP - Windows Desktop Experience: Systems Administration
http://www.vistahelp.ca/phpBB2/

"Kerry Brown" <(E-Mail Removed)*a*m> wrote in message
news:%(E-Mail Removed)...
>
> There's definitely occasions where it might need to be turned off. I look
> at it like the early stages of using TCP/IP on internal networks. It was
> often easier to uninstall TCP/IP and use IPX/SPX or some other protocol.
> At the time whenever anyone had a problem uninstalling TCP/IP was always a
> suggested remedy. It often cured the symptom but eventually we all had to
> learn how to deal with TCP/IP.

Good point. I remember those days. Late 80's, early 90's.

Believe me, if I could have, and gotten through that previous issue without
pulling IPv6, I would have. So this tells me moving forward, unless there's
a hotfix, update, etc, then I have to make sure that the Hub role is on a
separate box not using IPv6, but then again, it would have to communicate
with the mailbox server. Oh well, maybe this will be fixed in Exchange 12.

Cheers!

Ace

> "Kerry Brown" <(E-Mail Removed)*a*m> wrote in message
> news:(E-Mail Removed)...

>> Most people don't understand it. My point was that most network admins
>> are simply disabling it and hoping it will go away. It probably won't.
>> They should be learning about it, ensuring their network is ready for it,
>> then making an informed decision about if its currently needed on their
>> network.

That would be me. I figure I will be at retirement age before it become
common. I also do not see it being needed. With the invention of the RFC
Private Ranges I don't see IPV6 to be needed. But I do see a need to grab
these Universities and other organizations that have massive Ranges of
Public IP#s just to use on their desktops and take them away from them and
make them convert for RFC Private Ranges. I also don't see any need for
some of the "experimental" Classes above A, B, and C. The RFC Private Ranges
could be used for any "experimentation" they want to do. Then I don't see
the need to waste whole Ranges of 16,777,216 Hosts for a LoopBack Address
(127.0.0.1 which eats up the whole 127.x.x.x range) and the same situation
in the multicasting that eats up the whole 224.x.x.x range for
nothing,...those should be reduced to /24 bit ranges. If we fix all the
wasteful "government style" managing of those things the IPV4 will have a
long life.

I don't see any way that my internal private network that has its addresses
isolated from the rest of the world will ever *need* it. I also don't
really see how the LAN can be "ready for it" while at the same time not
actually using it. As far as I am concerned you are either using it and you
remove IPV4,... or you are not and IPV4 is still in use,...I don't see any
middle ground that is worth messing with.

Just me 2 cents worth of nonsense....

--
Phillip Windell

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------