Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3573
Views
0
Helpful
4
Replies

Windows 7 Clients Talking 6to4 to 2008 Servers

rhornberger
Level 1
Level 1

‎07-01-2011 09:57 AM - edited ‎03-01-2019 05:28 PM

Hi All,

I have a question (and maybe this is the designed behavior).  We have quite a few new Windows 7 clients that we didn't have in the past.  They are experiencing "slowness" issues communicating with 2008 Servers.  I've been doing some digging and it appears that all the Windows 7 PC's are attempting to talk to 2008 Servers via 6to4 rather than through the IPv4 addressing.  It seems many times they can't actually communicate via the DNS resolved 6to4 addressing and eventually fail back to using IPv4.  (At least I think this is what's happening but, it's taking upwards of 30 seconds for that to happen).  Obviously this is causing issues.  If I disable the 6to4 tunnel on the 2008 boxes, and then delete the nasty DNS entries that contain the 6to4 IPv6 2002:: addressing, the clients are happy and they talk IPv4 no delay.  Thoughts?

Labels:
0 Helpful
4 Replies 4

rhornberger
Level 1
Level 1

‎07-01-2011 10:00 AM

Here is an example also, no difference between the two clients short of the two destinations being on different VLAN's (since it's using the 6to4 I'm assuming it should be getting converted back to IPv4 and vice versa at the end-points)  I'm really wondering why the 6to4 address is ending up in DNS as the chosen addressing...

P:\>ping test-example

Pinging test-example [2002:95d0:2c90::95d0:2c90] wit
h 32 bytes of data:

Reply from 2002:95d0:2c90::95d0:2c90: time<1ms
Reply from 2002:95d0:2c90::95d0:2c90: time<1ms
Reply from 2002:95d0:2c90::95d0:2c90: time<1ms

Ping statistics for 2002:95d0:2c90::95d0:2c90:
    Packets: Sent = 3, Received = 3, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

P:\>ping test-example2

Pinging test-example2 [2002:95d0:338f::95d0:338f] wi
th 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 2002:95d0:338f::95d0:338f:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

0 Helpful

Glenn Matthys
Level 1
Level 1
In response to rhornberger

‎07-10-2011 02:20 AM

Hi

This isn't really an MS support forum but I'll have a stab at it. Windows >= Vista prefers IPv6 over IPv4 and will try to use it as much as it can. Even in a basic Windows domain setup, the client and the server will communicate using the link-local IPv6 addresses and the netlogon service will register whatever IPv6 addresses the server has in DNS.

Did you enable 6to4 on the server? The easiest fix will probably be to disable any 6to4 adaptors in Device Manager and restart the netlogon service.

Glenn

0 Helpful

Gerald Vogt
Level 3
Level 3

‎07-10-2011 02:45 AM

If your Windows 7 clients get public IP addresses they can and will use 6to4 if possible. This is mostly due to the fact how the clients are configured. The server has no control what protocol your clients may use if they have the option of using either IPv6 or IPv4.

Thus, disable IPv6 on your Windows 7 clients. That will get rid of this problem altogether.

Otherwise, if you don't want to use 6to4 (which isn't a good idea anyway unless you trust whoever is operating the anycast address 192.88.99.1) disable it on the clients. They shouldn't use the 6to4 unless you trust the 6to4 relay.

Same thing may apply to the teredo tunnel.

Otherwise, register for a public IPv6 address space and set it up in your LAN. Then all your clients will get normal IPv6 addresses and again, this should fix your problems. This should be the way to go eventually. Sooner or later you'll need IPv6 support in your network, thus why not start now?

You could of course use netsh on your clients to configure protocol preferences. If you don't like clients to register their IPv6 6to4 address in your DNS server, disable the DDNS update in the network properties.

0 Helpful

Phillip Remaker
Cisco Employee
Cisco Employee

‎07-10-2011 12:13 PM

Windows Vista, 2008 and Windows 7 are all pushing hard to enable IPv6 use by default where possible.  There are bumps in the transition process, as you have noticed.

The best answer is to enable IPv6 on your network infrastructure, but failing that you can disable elements of IPv6 per the Microsoft Knowledge Base article at http://support.microsoft.com/kb/929852.  Otherwise, you can alter the prefix policy to reflect what you'd like to see happen.

There has been a lot of writing about what the "prefix policy" should be and whether 6to4 is preferred over IPv4.

See

http://social.technet.microsoft.com/Forums/en-US/w7itpronetworking/thread/b4d504c8-2ae9-41f3-bf21-e2e5d7d9704 for a sample of such discussion.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents