How to successfully access a dual-stacked Internet
By Silvia Hagen
In the near future the Internet will become fragmented. The moment IPv4 addresses run out—which is likely to occur in the first quarter of 2011—there will be Internet users who can only surf over IPv6, and there will eventually be websites that can only be reached over IPv6.
Going forward, if you want to participate in the full breadth of the Internet then the solution is to surf dual-stacked—meaning your operating systems and browsers need to be configured for both IPv4 and IPv6. Below I outline how dual-stacking works from a technical perspective.
How dual-stacking is supposed to work
Let’s assume you have IPv6 access to the Internet. You probably still have your IPv4 Internet connection, but in addition to this, you now also have IPv6 access to the Internet. Either you have an IPv6-ready ISP (or you even decided to switch in order to get native IPv6 access) or you may have created an IPv6 tunnel using one of the public tunnel brokers or some other tunnel mechanism to cross your ISPs IPv4 backbone.
So far so good. But how do you know which websites are IPv6-enabled, and how do you get there?
First, you should not need to worry about this. This is the website administrator’s job. If a dual-stacked website is offered, there should be two entries in DNS for the hostname. So for instance, my website www.sunny.ch is dual-stacked (the provider Cyberlink has offered my website dual-stacked for nearly 10 years). There is an A-record entry for the host containing the IPv4 address of my website and an AAAA-record entry containing the IPv6 address of my website.
Let’s say you have a dual-stacked client. As soon as the IPv6 stack on an interface is enabled and you enter a hostname in your browser, there are two DNS queries going out for the hostname. A query for an A-record and a query for a AAAA record. Figure 1 shows a screenshot of the DNS queries.
In the screenshot above DNS has returned two addresses. In packet 100 (the second packet) you see DNS returning an IPv4 address and in packet 102 you see an IPv6 address for the same hostname. In this case the operating system should treat IPv6 preferentially and connect to the IPv6 address of the host. This is what you see in this screenshot. In packet 103 to 105 there is a TCP handshake over IPv6, which builds the connection to the website. In packet 106 you see the first GET request (HTTP) and the reply to it in packet 107. Now all further communication with this website will run over IPv6.
You may open another browser window and enter another hostname. The same DNS queries will go out just like in the above example. But maybe you enter the hostname of a website that is not available over IPv6. In this case, DNS only returns an IPv4 address and you will connect to this website over IPv4.
In theory, theory and practice are the same, but in practice they are not, so let’s look at some troubleshooting options in case the above example does not work as expected.
Troubleshooting dual-stacked Internet connectivity
In some cases you may find that your client does not prefer IPv6 over IPv4. This can come from the operating system or the browser. Different browsers may have different preferences, configurations and options. Some browsers, such as older versions of Opera and browsers on Mac OS X prefer 6to4 connections over IPv4, which also creates issues in accessing dual-stack websites.
Firefox has “hidden” configuration options which you can access by entering “about:config” in the URL entry field. When you do this you get the following warning screen:
So if you heed the warning you can configure many different options. Among these are options to configure IPv6 connectivity preferences such as the following two options:
network.dns.disableIPv6 = false (default)
network.dns.IPv4OnlyDomains (string, by default empty list)
With these default settings Firefox will use IPv6 if possible. If you have websites where you want to choose IPv4 over IPv6, you can enter them in the ‘IPv4 Only’ domain list.
When would you use the network.dns.disableIPv6 parameter? If your client is dual-stacked, it will always send out two DNS queries. But it may be that you are currently in a network with poor IPv6 connectivity. Just because you get an IPv6 address for my website, your browser will still try to connect over IPv6 even though your current connection is a bad one. In the case of Firefox you can use the config option ‘network.dns.disableIPv6 = true’ as long as you have poor IPv6 connectivity.
The best tool you can use to troubleshoot this type of problem is Wireshark (used in the screenshot above). Wireshark shows you every packet going out and coming into your interface. You can see what queries go out, what DNS answers, and what protocol is eventually used for the connection.
For Firefox there is an add-on tool available called ShowIP. If you install ShowIP, your current IP address is displayed in the status bar. Additionally, some dual-stack or IPv6-only websites have registered for the WWW IPv6 Ready logo and typically display the logo on their website. The list of registered websites can be found at the IPv6 Forum.
In summary, dual stack networks are rapidly becoming the defacto standard for integrating existing networks with IPv6. Solutions like BlueCat Networks’ Proteus provide parallel management for IPv4 networks which allows simultaneous management of dual stack devices that support both IPv4 and IPv6; this includes mapping IPv4 devices to their IPv6 address(es) and vice versa.