IPv6 in the new TCP / IP Windows stack

Introduction

In this, for the most part, purely technical, article I will tell about the implementation of IPv6 in the new TCP / IP stack of Microsoft. The new stack is included in Windows OS starting with Vista and Server 2003. A short introduction tells about IPv6, and the next three sections are about the differences between the new stack and the old one (especially for IPv6-related differences). I hope you do not scare too strict statement.

1. Introduction: IPv6 briefly

IPv4

The IP Version 4 (IPv4) protocol has not undergone any major changes since RFC 791 published in 1981. Thanks to its successful initial design, IPv4 has withstood the scalability test that it supports the growth of the networks it serves. IPv4 is stable, easy to implement and interoperate.

However, by the beginning of the 90s, the Internet based on TCP / IP began to grow at an enormous pace. The reduction in the number of free IP addresses occurred dangerously quickly, even with the introduction of classless addressing. It became obvious that it was necessary to develop a way to avoid their shortage in the future. In 1992, the IETF published, in the form of an RFC (RFC 1550), a call for the development and publication of prototypes of a protocol called “IP The Next Generation” (IPng).

')

NAT

The invention in the mid-90s of Network Address Translation (NAT) helped to significantly slow down the decrease in the number of available addresses. NAT allows you to translate requests from the internal network to the external (for example, the Internet) using a single external IP address (NAT replaces the addresses directly in the datagram headers). However, NAT has several drawbacks of its own. Address translation violates the original connection model of hosts on the Internet, thereby complicating their interaction and adversely affects performance.

The disadvantages of NAT limit the scope of its application, so NAT did not solve (although it slowed down and allowed to win a lot of time) the problem of reducing the number of free addresses. In addition, IPv4 has a number of drawbacks, the elimination of which is not part of the NAT function. These include, for example, too much routing tables on major Internet routers, as well as the absence of a mandatory standard for the use of IPsec.

IPv6

In 1996, the IETF released a series of RFCs that describe the result of work on IPng - Internet Protocol Version 6 (IPv6). The protocol combines the concepts of many of the IPv4 enhancements that already existed at that time within a single standard. IPv6 is a fairly conservative extension of IPv4, and many transport and software protocols require minimal changes to work over IPv6 (or do not require them at all).

IPv6 includes the following major innovations:

• The new header format, designed to reduce its size to the minimum possible. All optional fields that were previously in the header are moved to the “extended headers” placed after the main one. Due to this, packet headers can now be processed more efficiently on intermediate routers.
• New address format. The 16 bytes allocated for the address field make up 3.8e38 combinations. This will completely eliminate address translation technologies (such as NAT). In addition, the address space allows the formation of several levels of nesting networks and forms an effective hierarchical routing infrastructure.
• Mandatory support for IPsec.
• Stateless address configuration, which allows nodes on a network without a DHCP server to automatically configure IPv6 addresses using the router prefix or completely independently.
• An enhanced priority delivery system that works with new fields in the IPv6 packet header, describing how traffic should be identified and processed. Since the priority information is in the header, even packets encoded with IPsec support this option.
• ICMPv6 is a new protocol for interworking nodes on the same network, replacing ARP and ICMPv4 Router Discovery.

2. Implementing IPv6 on Microsoft operating systems

Microsoft IPv6 implementations

The first implementation of the Microsoft IPv6 stack is the experimental prototype implementation, released in 1998 by Microsoft Research, known as “MSRIPv6 1.0”. Its development and improvement were continued in the future, up to version 1.4.

In early 2000, MS Research joined forces with the Windows Networking group, and in March, the Technology Preview of the IPv6 stack for Windows 2000 SP1 became available on the MSDN website for download. Released in October 2001, Windows XP had built-in support for IPv6 in the form of a Developer Preview stack (which, however, was not installed by default, but could be easily added later). In Windows XP SP1 and Windows Server 2003, the first Microsoft IPv6 stack, fully supported and commercially deployable, was included.

Released in 2007, Windows Vista included a new implementation of IPv6 (and the entire network subsystem in general), “Next Generation TCP / IP stack”. The new stack inherited the MSRIPv6 architecture, but the code was completely rewritten.

As a result, at the moment there are 4 official Microsoft IPv6 implementations suitable for industrial use:

• The Next Generation TCP / IP stack for Windows Vista, Windows Server 2003 and Windows 7;
• IPv6 for the Windows Server 2003 family;
• IPv6 for Windows XP Service Pack 1 and later;
• IPv6 for Windows CE .NET 4.1 and later.

Next Generation TCP / IP stack

The TCP / IP stack of protocols included in Windows XP and Windows Server 2003 was created in the early 1990s and has undergone many changes and improvements over its lifetime. The Next Generation TCP / IP stack is a complete replacement for the old network subsystem, not only for IPv6, but also for IPv4.

The architecture of the new stack is shown in the figure:



As can be seen from the figure, the new stack provides 3 APIs for access of programs, services and system components to the network functionality:

• WSK (Winsock Kernel) - used by WSK clients (for example, network drivers).
• Windows Sockets - Used by programs and services based on Windows Sockets. The Windows Sockets API, in turn, uses the Ancillary Function Driver (AFD) to work with TCP / IP sockets.
• TDI - used by NetBIOS over TCP / IP and other legacy TDI clients. The role of the layer between TDI and the stack is performed by the TDX driver.

The stack interacts with the WFP (Windows Filtering Platform) Callout API, a universal interface for monitoring and modifying packets. With it, the Next Generation TCP / IP stack provides the ability to process packets at the network, channel, and transport layers. A more detailed account of the WFP is in chapter 4.

Frames are received and sent using the NDIS (Network Driver Interface Specification) - developed by Microsoft together with the 3Com API for network adapters.

In general, the following levels can be distinguished in the stack driver architecture (tcpip.sys):

• Transport Layer - contains TCP and UDP implementations, as well as a mechanism for sending “raw” IP packets that do not have a TCP or UDP header.
• Network Layer - contains the implementation of IPv4 and IPv6, combined in the dual IP layer.
• Framing Layer - contains modules for framing IP packets. The layer includes modules for various physical network technologies (such as IEEE 802.3 (Ethernet), IEEE 802.11, PPP and IEEE 1394) and logical interfaces (loopback, IPv4 tunnels and IPv6 tunnels).

3. Technological differences in the implementation of the new and old stacks

Dual IP layer architecture

IPv6 implementations in Windows XP and Windows Server 2003 had a dual stack architecture. The old stack contained separate components for IPv4 and IPv6, each of which had its own implementation of TCP and UDP, as well as the data link layer.

The Next Generation TCP / IP stack is a single component that has a dual-layer IP architecture. IPv4 and IPv6 in it use the general transport and channel levels. Thanks to a single TCP implementation, TCP over IPv6 has all the performance advantages of a new stack. More information about performance improvements will be discussed in Chapter 7.

Winsock kernel

Winsock Kernel (WSK) is a new kernel-level API designed as a replacement for Windows XP and Windows Server 2003 Transport Driver Interface (TDI). WSK has more performance and is easier to program. The new stack supports TDI for backward compatibility, using TDX as an interlayer.

Winsock Kernel uses the same concepts as the Winsock2 user-level interface. WSK supports familiar operations with sockets, such as creating sockets, backing up, connecting, receiving and transferring data. However, it should be noted that WSK is a completely new interface with a number of unique characteristics, such as asynchronous I / O using I / O request packets (IRP) and event callbacks to increase performance.

Windows Filtering Platform

The old security-related interfaces in the old stack, the firewall hook, the filter hook, and the packet filter database were replaced by a new framework called the Windows Filtering Platform (WFP). WFP provides filtering capabilities at all levels of the TCP / IP stack. Compared with the previously used technologies, WFP is more secure, directly integrated into the stack and easier to program.

Technically, WFP is a set of system services and user-level and kernel-level APIs. WFP allows you to develop firewalls and other software for connection management and packet processing. Windows Firewall on Windows Vista, Windows 7, and Windows Server 2008 use WFP.

Receive-Side Scaling

The architecture of NDIS 5.1 and earlier versions limited the processing of requests for a single network adapter to a single processor. Thus, even a multiprocessor computer used only one processor to handle network traffic. Receive-side scaling eliminates this disadvantage by allowing you to balance the network load between multiple processors.

RSS enables parallel execution of several pending procedure calls (DPC) for a single network adapter. In addition, if this option is supported by the network adapter, RSS allows parallel interrupts.

Scalable Infrastructure

Thanks to the extensible infrastructure, the modular components of the new stack can be added or extracted from it dynamically.

4. Differences in standards and technology support

IPsec

Internet Protocol security for IPv6 traffic has been limited in Windows XP and Windows Server 2003. The old TCP / IP stack did not support Internet Key Exchange (IKE) and data encryption. In addition, all IPsec rules and keys were configured by editing text files and activated using the IPsec6.exe command line utility.

The new stack supports IPsec for IPv6 as well as for IPv4. This support includes IKE and data encryption using AES 128/192/256, as well as configuration using graphical utilities.

MLDv2

The Multicast Listener Discovery (MLD) protocol is used by IPv6 switches to detect multicast listeners (nodes that receive multicast packets) on their network and determine which multicast addresses these nodes are interested in. A switch itself can be a multicast listener of one or more multicast addresses. In this case, he must inform other switches on his network that he is receiving multicast packets. MLD is an analogue of IGMP protocol for IPv6.

The new stack has added support for MLDv2. The difference of MLDv2 from the first version is the support of “source filtering”. A node can report that it only accepts multicast packets sent from one of the addresses from a specific set, or all multicast packets except those sent from an address from a specific set. It should be noted that despite the innovations, MLDv2 can interact with MLDv1.

Llmnr

The purpose of the Link-Local Multicast Name Resolution (LLMNR) is to provide the ability to resolve network names in situations where this is not possible using DNS (for example, there is simply no DNS server on the network). In IPv4, NetBIOS over TCP / IP (NetBT) has traditionally been used for such purposes. However, NetBT only works with IPv4 and does not support IPv6. In addition, a network administrator can disable NetBT on a network using a DNS server.

LLMNR supports all existing and future DNS formats, types, and classes. In this case, LLMNR uses its own port and a separate cache from the DNS. LLMNR is not a replacement for DNS, as it is designed to work only on local networks.

IPv6 over PPP

Point-to-Point Protocol (PPP) provides a standard method for encapsulating network layer packets for transmission over point-to-point links. In addition, PPP includes the Link Control Protocol (LCP) used to configure and test the connection, as well as the Network Control Protocol (NCP) network control protocols for various network layer protocols.

The new TCP / IP stack has built-in support for transmitting IPv6 traffic using PPP. The stack includes NCP for IPv6, known as IPv6 Control Protocol (IPV6CP), and supports forwarding IPv6 packets over a PPP connection. For example, it is possible to connect to an IPv6-based ISP using dial-up or PPP over Ethernet.

DHCPv6

The stateless address autoconfiguration, which appeared in IPv6, eliminates the main reason for using DHCP in IPv4 networks, but cannot completely replace it. DHCPv6 can be used to assign hosts to pre-selected addresses if the network administrator wants to have more control over the allocation of addresses. In addition, a DHCPv6 server can propagate information that hosts cannot otherwise obtain — for example, DNS server addresses [NDP!].

The DHCP client service in the new stack supports DHCPv6 and both configuration modes (stateless and stateful). The DHCP server in Windows Server 2008 also has DHCPv6 support.

Random interface identifiers

In order to prevent IPv6 addresses from scanning to search for known identifiers of network adapter manufacturers, the new default stack generates random interface identifiers for automatically configured IPv6 addresses.

Using literal IPv6 addresses as URLs in WinInet

Win32 Internet Extensions (WinInet) is a high-level API for accessing common Internet protocols. Unlike WinSock, it allows the developer to not worry about the details of the implementation of the relevant protocols.

On operating systems with a new WinInet stack, it supports the use of literal IPv6 addresses in a URL. For example, in a WinInet-based browser (such as, for example, Internet Explorer), you can enter “http: // [2001: db8: 100: 2a5f :: 1]” in the address field. End users are unlikely to make frequent use of this innovation, but it will be useful for network application developers and testers and network administrators.



Instead of a conclusion: if such an unformatted article for Habr attracts interest, I am ready to publish a sequel that tells about improvements in stack performance.