Solving the shortcomings of Windows 7 support for IPv6

and the "remaining fuel indicator" of the IPv4 address closely related to the Internet are flashing warnings that will be exhausted, only 5% of the IPv4 address is available, and it is expected that next year The fall will be completely exhausted. For Microsoft's latest operating system, Windows 7, is it now perfectly supported to replace IPv4 IPv6? To me, to some extent, it has indeed achieved support.

In fact, Windows 7 has done a good job supporting IPv6. It certainly works better than the previous operating systems on IPv6, but there are still some flaws.

One of the first things I thought of was the random interface identifier used when configuring IPv6 addresses in Windows Server 2008 and Windows 7. Although Windows 7 should be proven to be IPv6, there is still a difference from the intended goal.

The setting of IPv6 address should not be used this way. In fact, an IPv6 device should use NDP (Neighbor Discovery Protocol) to determine its network status and interface identity and automatically configure a 128-bit IPv6 address. The relevant provisions on IPv6 address allocation are detailed in the documents given by the IETF (Internet Engineering Task Force), including IETF RFC 2373 (architecture), IETF RFC 2464 (transport), and RFC 4941 (configuration).

Microsoft seems to be confused about how interface identifiers should be generated, even though Microsoft engineers have helped in the writing of RFC 4941. Of course, you can still force your Windows 7 to use the correct IPv6 address configuration method by running the following command in the DOS interface:

netsh interface ipv6 set global

randomizeidentifiers=disabled

It is recommended that you put these commands in a batch file or login file to automatically run the above commands each time you start Windows 7. Doing so will prevent you from experiencing some IPv6-related issues with other Windows 7 systems or IPv6-capable network devices such as Cisco's Catalyst switches.

If Windows 7 can support the SEND Secure Neighbor Discovery Protocol (RFC 3971), then the situation is very good. SEND is a more secure version of NDP. With SEND, you can verify that the devices on your LAN are safe and effective.

Still unfortunately, although Microsoft has helped in the process of writing the SEND specification, Microsoft software engineers still have not implemented it in the system. Some major network equipment vendors, such as Cisco and Juniper Networks, have implemented support for SEND. I hope that Microsoft can implement SEND support in all of its operating systems in the next release of the service patch package, as well as the implementation of the correct IPv6 address configuration method mentioned earlier. After all, in the face of the crisis on IPv4, it will be better to eliminate the potential implementation problems and security concerns related to IPv6 earlier.