The more some things change the more they same the same. That is certainly true for the IPv6 support in Windows 7. Even though Windows 7 is the latest Microsoft desktop operating system, its IPv6 support is very similar to the features inside Vista and Server 2008.
This week I downloaded the Windows 7 Beta and installed it on a test laptop with a P4m, 1.5GB or RAM, and a 60GB hard drive. If you want to test Windows 7 you shouldn’t wait too long because Microsoft will likely limit the time that the download is available. Furthermore, the operating system Beta test will expire on August 1, 2009.
I found Windows 7 extremely easy to install and get up and going. It booted quickly and has a nice user interface. I thought it was a nice subtlety that a brightly colored Betta fish was on the default desktop background. I quickly noticed that Windows 7 uses the same User Account Control (UAC) security mechanism as Vista but with additional control granularity. Windows 7 includes PowerShell 2.0, BranchCache which provides caching and WAN Optimization-like benefits, Internet Explorer 8, and HomeGroup sharing.
One of the new features in Windows 7 is Direct Access. It is a system whereby system administrators can help maintain the remote workforce computers while they are on the go. There has always been challenges around supporting remote workers who may never be able to come to a local office to attach to the corporate network and get their updates or allow their computers to be fully supported. Direct Access will use a VPN to allow remote workers to securely gain access to corporate resources while on the road and allow their computers to be maintained by the IT department domain group policies. The cool think about Direct Access is that is uses IPv6 over IPSec.
One of the controversial IPv6 features in Windows Vista, Windows Server 2008, and Windows 7 is that it uses random interface identifiers when creating its IPv6 addresses. Typically, an IPv6-capable computer performs autoconfiguration with the Neighbor Discovery Protocol (NDP) to determine their network and interface identifier and form the computer’s 128-bit IPv6 address. The IETF’s RFC 2373 “IP Version 6 Addressing Architecture” describes in Appendix A how a computer should go about creating its EUI-64 based interface identifier using its MAC address. The IETF’s RFC 2464 “Transmission of IPv6 Packets over Ethernet Networks” describes in Section 4 how stateless address autoconfiguration should take place using a computer’s MAC address. Because of the privacy concerns about using hardware MAC addresses as interface identifiers the IETF created RFC 4941 “Privacy Extensions for Stateless Address Autoconfiguration in IPv6”. This RFC defines how an interface identifier can be created so that the privacy of the user can be preserved.
Windows 7 doesn’t use the EUI-64 technique by default when forming its interface identifier. Microsoft has blurred the lines between these two address autoconfiguration concepts with their temporary addresses and now their randomly-generated interface identifiers. However, thankfully Microsoft has given us the ability to disable or enable this feature as needed with the following commands.
netsh interface ipv6 set global randomizeidentifiers=disabled
netsh interface ipv6 set global randomizeidentifiers=enabled
There are a few things missing from Windows 7 that I was hopeful would be in this operating system by default. I was hoping to see Mobile IPv6 (MIPv6) support in Windows 7 because MIPv6 is not fully supported in Vista or Server 2008.
Microsoft claims that Windows 7 does have Correspondent Node (CN) capability and can therefore communicate with other devices that are MIPv6 capable. However, Microsoft’s implementation does not have Return Routability (Route Optimization). That means that a Windows 7 computer will communicate with a Mobile Node (MN) through its Home Address (HoA) through the Home Agent (HA). I sure wish there was more robust MIPv6 support but I can see Microsoft’s view also. It is sometimes difficult to create a business case to justify the development time to create a reliable MIPv6 implementation. However, we all know that mobility is the way of the future. That is certainly true for Windows Mobile and any laptop system that helps support our nomadic lifestyles.
Windows 7 also doesn’t have any support for SEcure Neighbor Discovery (SEND) (IETF RFC 3971). Cisco has been working on incorporating SEND functionality into their routers but Microsoft operating systems do not support SEND. SEND is a method for securing the weaknesses in the Neighbor Discovery Protocol. The weaknesses in NDP can be likened to the weaknesses of ARP on an IPv4 subnet. SEND provides a protocol and an addressing technique that helps verify which computers and routers are legitimate on a LAN segment. I hope that more vendors embrace SEND and turn it into an industry-standard mechanism for providing NAC-like functionality at the access-layer.
Windows 7 also has a look and feel similar to Vista. The migration from Vista to Windows 7 would be very easy. For me, the transition from Windows XP to Vista required a bit more time to figure out where things were and to get used to the new interface. I must admit, I don’t know what the big deal is with Vista because I have been using it for 2 year as my daily workstation and I really like it. I don’t know why so many IT folks have discriminated against Vista and haven’t seen the benefits that Vista offers that I have. I haven’t found any programs that won’t work on it and the reliability has been great.
I am looking forward to experimenting more with Windows 7 and hopefully soon it will replace my 2-year old Vista OS as my main desktop operating system.