Occasionally, something unusual and interesting pops up on Windows Update. Recently, it was the 817778 Recommended Update, or in more human-parseable terms, the Advanced Networking Pack (ANP) for Windows XP.

The ANP contains a new stack for the Internet Protocol version 6 (IPv6), which is part of the Next Generation Internet, said to succeed IPv4 that’s been around since the 1970s. A full discussion of all the features of IPv6 is beyond the scope of this article, but if you are interested, take a look at www.microsoft.com/windowsserver2003/technologies/ipv6/default.mspx.

Although not many users have discovered it, Windows XP has had IPv6 support for a while, but really only in a fairly ‘raw’ form. It had to be enabled and managed via the command line, and other operating system networking components like the Internet Connection Firewall (ICF) were not aware of it.

Once you install the ANP, check the Properties page for your network connections (i.e., from the Control Panel or via My Network Places-View All Network Connections), where you’ll see a Microsoft TCP/IP version 6 entry.

Although Microsoft refers to the new IPv6 as “production quality”, the GUI management and monitoring tools for it are still not ready. Instead, you have to fire up a CMD box, and use the netsh command-line utility — most of the IPv6 options and commands are under the netsh interface ipv6 context. For example, if you want to see the IPv6 address of your computer, type:

C:\<netsh interface ipv6 show address
Querying active state...
Interface 5: Teredo Tunneling Pseudo-Interface
Addr Type  DAD State  Valid Life   Pref. Life   Address
---------  ---------- ------------ ------------ --------------------------
Link      Preferred      infinite     infinite fe80::5445:5245:444f
Interface 4: Local Area Connection
Addr Type  DAD State  Valid Life   Pref. Life   Address
---------  ---------- ------------ ------------ --------------------------
Link     Preferred    infinite    infinite fe80::2d0:b7ff:fecd:1cfe
Interface 2: Automatic Tunneling Pseudo-Interface
Addr Type  DAD State  Valid Life   Pref. Life   Address
---------  ---------- ------------ ------------ --------------------------
Link      Preferred     infinite    infinite fe80::5efe:192.168.1.20
Interface 1: Loopback Pseudo-Interface
Addr Type  DAD State  Valid Life   Pref. Life   Address
---------  ---------- ------------ ------------ --------------------------
Loopback   Preferred      infinite     infinite ::1
Link       Preferred      infinite     infinite fe80::1

With the ANP installed, you get an IPv6-cognisant ICF; it is enabled automatically when the new IPv6 stack is installed. If it is disabled and you want to start it up again, go to Control Panel-Add/Remove Programs and start up the Add/Remove Windows Components wizard; then, select Networking Services, and click the Details button. In the dialogue box, tick the IPv6 Connection Firewall box, and click OK to close the open dialogues.

The IPv6 ICF is also managed through the netsh command, but this time in the firewall context. This command shows the port settings for P2P grouping and peer name resolution protocol:

C:\>netsh firewall show globalport
Description       OpenPort          Protocol
--------------------------------------------
P2P (Grouping)    3587              TCP
P2P (PNRP)        3540              UDP

MS P2P

Also included in the ANP is the Microsoft Peer-to-Peer (P2P) Networking component, which lets you build distributed computing networks with PCs acting as both clients and servers for a variety of applications. Yes, it’s similar to the old-style server-less networking, but with robust security and, better yet, it runs over IP and not just a local, Thin Ethernet LAN.

It’s easy to enable the MS P2P client: you’ll find it in the same place as the IPv6 Internet Connection Firewall, under Add/Remove Windows Components. Note that by enabling P2P, you’ll open up two IPv4 ports — TCP 3587 and UDP 3540 — for P2P grouping and name resolution. While P2P uses IPv6 as its network layer, the architects behind the Next Generation Internet are pragmatic enough to realise that IPv4 will remain deployed for a very long time. Therefore, coexistence between the two protocols is necessary, and the MS P2P client is able to traverse IPv4 network address translation (NAT). For example, many LANs use Private Class A, B or C RFC 1918 addresses which are not routable over the Internet, but NATs to a public interface with an Internet-routable IPv4 address. This saves precious and costly IPv4 address allocations, but creates problems for tunnelling IPv6 in IPv4 packets (also known as 6to4).

To solve this, MS has implemented Teredo or NAT-T for the P2P client, to make 6to4 tunnelling work in real-life network situations. In fact, Windows XP is now able to act as a 6to4 router, with Internet Connection Sharing enabled, for the rest of your network.

Warning

You must have Administrator privileges to install operating system software updates and to enable networking features that affect all users of the computer. Furthermore, unless you have a specific interest or requirement in IPv6, you don’t need to install the update. In fact, from a security point of view, it’s advisable not to install or enable anything about whose functioning you are not certain.