The upcoming Windows Vista and Longhorn server releases will both use a redesigned TCP/IP stack. The new stack will bring several new features, including routing compartments, a better host model, better support for IP version 6 (IPv6), a new packet-filtering API, and some other changes that don't necessarily affect security (you can read about these changes at the URL at the end of this editorial).
The routing compartments feature is really interesting. It lets each user logon session have its own routing table and will prevent Internet traffic from being routed across a VPN into an intranet. The new host model will help defend against attacks on multihomed systems. So for example, a packet that reaches a network interface must have a destination address that matches the interface's address or the packet will be dropped.
The new packet-filtering API, now known as Windows Filtering Platform (WFP), will help developers more easily filter or change packets before they're processed further along in the OS. This means that tools such as firewalls and antivirus and antispyware products can better control which data enters the system. You can learn more about WFP at the following URL:
http://www.microsoft.com/whdc/device/network/WFP.mspx
Windows XP and Windows Server 2003 both support IPv6; however functionality is somewhat limited because they don't support Internet Key Exchange (IKE) and data encryption. The new TCP/IP stack will fix this problem by introducing a fully functional IPv6 protocol layer, which will be enabled by default.
However, using IPv6 won't be without problems. Microsoft said that an IPv6-enabled system will first request an AAAA record (which is a record for IPv6 addresses). If the query fails, the system will request an A record (a record for IPv4). Some DNS servers won't answer the A record request if the AAAA request fails. If you want to get a head start on building IPv6 functionality, make sure your DNS server will handle the AAAA, A sequence of requests.
Another issue with IPv6 is Network Address Translation (NAT), which might also break connectivity. To get around that problem, Microsoft uses Teredo (also known as Shipworm), which is a method of encapsulating IPv6 inside IPv4 UDP packets. Microsoft first released Teredo support in its Advanced Networking Pack for Windows XP in XP Service Pack 1 (SP1) and later shipped Teredo as part of XP SP2 and Windows 2003 SP1. Teredo will be a standard part of Windows Vista and Longhorn server.
You can read more about the IPv6 enhancements at the first URL below and learn more about other new features of the TCP/IP stack at the second URL below.
http://www.microsoft.com/technet/community/columns/cableguy/cg1005.mspx
http://www.microsoft.com/technet/community/columns/cableguy/cg0905.mspx