IPv6 Troubleshooting Guide

This article explains the ways and tools that you can use to support and help you identify a problem at successive layers of the Transmission Control Protocol/Internet Protocol (TCP/IP) protocol stack that is using an Internet Protocol version 6 (IPv6) Internet layer in Microsoft&reg Windows&reg XP with Service Pack 1 (SP1), Windows XP with Service Pack 2 (SP2), or Windows Server 2003.

• Verify IPv6 connectivity
• Verify Domain Name System (DNS) name resolution for IPv6 addresses
• Verify IPv6-based TCP connections

Verifying IPv6 Connectivity

You can use the following tasks to troubleshoot problems with IPv6 connectivity:

• Verify configuration
• Manage configuration
• Verify reachability
• View and manage the IPv6 routing table
• Verify router reliability

Verify Configuration

To confirm the existing IPv6 settings for the correct address configuration (when manually configured) or an right address configuration (when automatically configured), you can use the following:

1. ipconfig /all The display of the ipconfig /all command includes IPv6 addresses, default routers, and DNS servers for all interfaces. The Ipconfig tool only works on the local computer.
2. netsh interface ipv6 show address This command only displays the IPv6 addresses assigned to each interface. Netsh can also be used to show the configuration of a remote computer by using the r RemoteComputerName command line option. For example, to display the configuration of the remote computer named FILESRV1, use the netsh r filesrv1 interface ipv6 show address command.

Manage Configuration

To manually configure IPv6 addresses, use the netsh interface ipv6 set address command. In most cases, you do not need to manually configure IPv6 addresses because they are automatically assigned for hosts through IPv6 address autoconfiguration.

To make changes to the configuration of IPv6 interfaces, use the netsh interface ipv6 set interface command. To add the IPv6 addresses of DNS servers, use the netsh interface ipv6 add dns command.

Verify Reachability

To verify reachability with a local or remote destination, try the following:

1. Verify and flush the neighbor cache The neighbor cache stores recently resolved link-layer addresses. To display the present contents of the neighbor cache, use the netsh interface ipv6 show neighbors command. To flush the neighbor cache, use the netsh interface ipv6 delete neighbors command.
2. Check and flush the destination cache The destination cache stores next-hop IPv6 addresses for destinations. To display the current contents of the destination cache, use the netsh interface ipv6 show destinationcache command. To flush the destination cache, use the netsh interface ipv6 delete destinationcache command.
3. Ping the default router Use the Ping tool to ping your default router by its IPv6 address. You can obtain the link-local IPv6 address of your default router from the display of the ipconfig, netsh interface ipv6 show routes, route print, or nbtstat -r commands. Pinging the default router tests whether you can reach local nodes and whether you can reach the default router, which forwards IPv6 packets to remote nodes. When you ping the default router, you must specify the zone identifier (ID) for the interface on which you want the ICMPv6 Echo Request messages to be sent. The zone ID is the interface index of the default route (::/0) with the lowest metric, from the display of the netsh interface ipv6 show routes or route print commands.
4. Ping a remote destination by its IPv6 address If you are able to ping your default router, ping a remote destination by its IPv6 address.
5. Trace the route to the remote destination If you are unable to ping a remote destination by its IPv6 address, there might be a routing problem between your node and the destination node. Use the tracert d IPv6Address command to trace the routing path to the remote destination. The d command line option prevents the Tracert tool from performing a DNS reverse query on every near-side router interface in the routing path, which speeds up the display of the routing path.

View and Manage the IPv6 Routing Table

The failure to reach a local or remote destination might be due to erroneous or missing routes in the local IPv6 routing table. To examine the local IPv6 routing table, use the route print, netstat r, or netsh interface ipv6 show routes commands. Verify that you have a route corresponding to your local subnet and, if automatically configured with a default router, a default route. If you have multiple default routes with the same lowest metric, you might need to modify your IPv6 router configurations so that the default route with the lowest metric uses the interface that connects to the network with the largest number of subnets.

To add a route to the IPv6 routing table, use the netsh interface ipv6 add route command. To modify an existing route, use the netsh interface ipv6 set route command. To remove an existing route, use the netsh interface ipv6 delete route command.

Verify Router Reliability

If the problem is the router performance, use the pathping d IPv6Address command to trace the path to a destination and display information on packet losses for every router in the path. The d command line alternative prevents the Pathping tool from performing a DNS reverse query on every near-side router interface in the routing path. This speeds up the display of the routing path.

Verifying DNS Name Resolution for IPv6 Addresses

If reachability using IPv6 addresses works although reachability using host names does not, you might have a problem with host name resolution, which is typically a problem with the DNS configuration of the DNS client or problems with DNS registration.

Following tasks can be applied to troubleshoot problems with DNS name resolution:

• Verify DNS configuration
• Display and flush the DNS client resolver cache
• Test DNS name resolution with the Ping tool
• Use the Nslookup tool to view DNS server responses

Verify DNS Configuration

Verify the following on the node having DNS name resolution problems:

1. Host name
2. The primary DNS suffix
3. DNS suffix search list
4. Connection-specific DNS suffixes
5. DNS servers

You can acquire this information from the display of the ipconfig /all command. To obtain information about which DNS names should be registered in DNS, use the netsh interface ip show dns command.

By default, IPv6 configures the recognized site-local addresses of DNS servers at FEC0:0:0:FFFF::1, FEC0:0:0:FFFF::2, and FEC0:0:0:FFFF::3 on every LAN interface. To include the IPv6 addresses of additional DNS servers, use the netsh interface ipv6 add dns command.

To register the appropriate DNS names as IPv6 address resource records which also known as AAAA resource records with DNS dynamic update, use the ipconfig /registerdns command.

Display and Flush the DNS Client Resolver Cache

TCP/IP checks the DNS client resolver cache before sending DNS name queries. The corresponding IPv6 address is used if an entry exists for a resolved name. If a negative cache entry for the name exists, DNS name queries are not sent.

Use the ipconfig /displaydns command to display the contents of the DNS client resolver cache. Use the ipconfig /flushdns command to flush the contents of the DNS client resolver cache and reload it with the entries in the Hosts file.

Ping Tool to Test DNS Name Resolution

Use the Ping tool and ping a destination by its host name or fully qualified domain name (FQDN) to test DNS name resolution. The Ping tool display shows the FQDN and its corresponding IPv6 address.

View DNS Server Responses by using the Nslookup

Flush the DNS client resolver cache and use the Nslookup tool, if the Ping tool is using the wrong IPv6 address tool to determine the set of addresses returned in the DNS Name Query Response message. At the Nslookup > prompt, use the set d2 command to display the maximum amount of information about the DNS response messages. Then, use Nslookup to look up the desired FQDN. Look for AAAA records in the detailed display of the DNS response messages.

Verifying IPv6-based TCP Connections

Use the following tasks if the reachability and name resolution are working yet you cannot establish a TCP connection with a destination host:

• Check for packet filtering
• Verify TCP connection establishment

Check for Packet Filtering

Use the information in the "Verifying IPv6 Communications" to check for packet filtering or IPsec policies at the source node, transitional routers and firewalls, and the destination node.

Packet filtering is configured to allow specific types of traffic and discard all others or to discard specific types of traffic and accept all others. As an example of the former case, a firewall or Web server might be configured to allow only Hypertext Transfer Protocol (HTTP) traffic and discard all other traffic destined for the Web server. This means that you will be able to view Web pages on the Web server, but to not ping it or access its shared folders and files.

Verify TCP Connection Establishment

The telnet IPv6Address TCPPort command can be used to verify that a TCP connection can be established using the known destination TCP port number of the application of the destination. For example, to verify whether the Web server service on the computer with the IPv6 address of 3FFE:FFFF::21AD:2AA:FF:FE31:AC89 is accepting TCP connections on TCP port 80, use the telnet 3ffe:ffff::21ad:2aa:ff:fe31:ac89 80 command.

Any more tools that you can use to test TCP connection establishment is by Test TCP (Ttcp). With Ttcp, you can configure a computer to listen on a specific TCP or UDP port without having to install the application or service on the computer. With Ttcp, you can both initiate TCP connections and listen for TCP connections. You can likewise use the Ttcp tool for UDP traffic. This allows you to test network connectivity for specific traffic before the services are in place.