How Vista Will Handle IPv6
Subject:   Corrections
Date:   2007-05-30 08:10:06
From:   mitchtulloch
Here are a few important corrections to my article, courtesy of the IPv6 Program Manager at Microsoft:

Starting in the section titled “IPv6 After Vista”:

1. “…though it is possible to disable IPv6 support at the physical layer in Vista if you're in an all-IPv4 networking environment.” In Windows Vista, IPv6 is disabled through a registry key or the GUI, and the stack itself is shutoff. Thus IPv6 is disabled at Layer 3, not “at the physical layer.” Additionally, Just about everyone is currently in an all IPv4-environment, so this statement doesn’t make a whole lot of sense. Careful Security Development Lifecycle reviews have shown us that leaving IPv6 enabled by default does not reduce the stability or security of a Windows Vista machine, so leaving IPv6 enabled makes sense unless there is a regulatory or security control the specifically forbids it (and hopefully those are being updated, and quickly) I know you cover this a bit in the next sentence, but we are trying to make this crystal clear as there has been a lot of misinformation published.

2. “…and possibly whole countries like China, Japan, and South Korea migrate their legacy IPv4 networks to IPv6” This is a myth. China is doing a lot of work on their *private* network (CNGI) and Japan has a good deal of infrastructure, for instance, but overall countries moving towards IPv6 are zero at this point.

3. “Teredo... is enabled by default on Vista computers that are members of a domain.” This is incorrect, and hurts our overall messaging. PLEASE correct this. Teredo is DISABLED by default of domain joined machines. We are aware of a bug that prevents this from happening in 100% of the cases, and this will be corrected in Vista SP1. The implication that we intentionally enabled it on domain joins, though. Is excruciatingly painful. Teredo is designed for the home user, plain and simple. Teredo should not be used in the enterprise. We have been trying to get this message out, but a loud roar of other companies and media reports have been attacking Teredo making it *sound* like we are positioning this as the next great thing in Enterprise IPv6 deployment. We are not. Please read for more details.

4. There is a question at the bottom of the post about what the effects of disabling IPv6 are. Just FYI, the entire Peer-to-Peer framework requires IPv6, as does failover clustering in Windows Server 2008. What this means is that if you disable IPv6, anything written to the P2P Framework will break. The only app we include out of the box that uses the P2P APIs is Windows Meeting Space. This, disabling IPv6 breaks Windows Meeting Space, plus any other apps that happen to use P2P APIs, plus Windows Failover clustering.