How to successfully access a dual-stacked Internet
By Silvia Hagen
IPv6 Ready Logo
In the near future the Internet will become fragmented. The moment IPv4 addresses run out—which is likely to occur in the first quarter of 2011—there will be Internet users who can only surf over IPv6, and there will eventually be websites that can only be reached over IPv6.
Going forward, if you want to participate in the full breadth of the Internet then the solution is to surf dual-stacked—meaning your operating systems and browsers need to be configured for both IPv4 and IPv6. Below I outline how dual-stacking works from a technical perspective.
How dual-stacking is supposed to work
Let’s assume you have IPv6 access to the Internet. You probably still have your IPv4 Internet connection, but in addition to this, you now also have IPv6 access to the Internet. Either you have an IPv6-ready ISP (or you even decided to switch in order to get native IPv6 access) or you may have created an IPv6 tunnel using one of the public tunnel brokers or some other tunnel mechanism to cross your ISPs IPv4 backbone.
So far so good. But how do you know which websites are IPv6-enabled, and how do you get there?
First, you should not need to worry about this. This is the website administrator’s job. If a dual-stacked website is offered, there should be two entries in DNS for the hostname. So for instance, my website www.sunny.ch is dual-stacked (the provider Cyberlink has offered my website dual-stacked for nearly 10 years). There is an A-record entry for the host containing the IPv4 address of my website and an AAAA-record entry containing the IPv6 address of my website.
Let’s say you have a dual-stacked client. As soon as the IPv6 stack on an interface is enabled and you enter a hostname in your browser, there are two DNS queries going out for the hostname. A query for an A-record and a query for a AAAA record. Figure 1 shows a screenshot of the DNS queries.
Figure 1. DNS queries from a dual-stacked client
In the screenshot above DNS has returned two addresses. In packet 100 (the second packet) you see DNS returning an IPv4 address and in packet 102 you see an IPv6 address for the same hostname. In this case the operating system should treat IPv6 preferentially and connect to the IPv6 address of the host. This is what you see in this screenshot. In packet 103 to 105 there is a TCP handshake over IPv6, which builds the connection to the website. In packet 106 you see the first GET request (HTTP) and the reply to it in packet 107. Now all further communication with this website will run over IPv6.
You may open another browser window and enter another hostname. The same DNS queries will go out just like in the above example. But maybe you enter the hostname of a website that is not available over IPv6. In this case, DNS only returns an IPv4 address and you will connect to this website over IPv4.
In theory, theory and practice are the same, but in practice they are not, so let’s look at some troubleshooting options in case the above example does not work as expected.
Troubleshooting dual-stacked Internet connectivity
In some cases you may find that your client does not prefer IPv6 over IPv4. This can come from the operating system or the browser. Different browsers may have different preferences, configurations and options. Some browsers, such as older versions of Opera and browsers on Mac OS X prefer 6to4 connections over IPv4, which also creates issues in accessing dual-stack websites.
Firefox has “hidden” configuration options which you can access by entering “about:config” in the URL entry field. When you do this you get the following warning screen:
warning message
So if you heed the warning you can configure many different options. Among these are options to configure IPv6 connectivity preferences such as the following two options:
network.dns.disableIPv6 = false (default)
network.dns.IPv4OnlyDomains (string, by default empty list)
With these default settings Firefox will use IPv6 if possible. If you have websites where you want to choose IPv4 over IPv6, you can enter them in the ‘IPv4 Only’ domain list.
When would you use the network.dns.disableIPv6 parameter? If your client is dual-stacked, it will always send out two DNS queries. But it may be that you are currently in a network with poor IPv6 connectivity. Just because you get an IPv6 address for my website, your browser will still try to connect over IPv6 even though your current connection is a bad one. In the case of Firefox you can use the config option ‘network.dns.disableIPv6 = true’ as long as you have poor IPv6 connectivity.
The best tool you can use to troubleshoot this type of problem is Wireshark (used in the screenshot above). Wireshark shows you every packet going out and coming into your interface. You can see what queries go out, what DNS answers, and what protocol is eventually used for the connection.
For Firefox there is an add-on tool available called ShowIP. If you install ShowIP, your current IP address is displayed in the status bar. Additionally, some dual-stack or IPv6-only websites have registered for the WWW IPv6 Ready logo and typically display the logo on their website. The list of registered websites can be found at the IPv6 Forum.
In summary, dual stack networks are rapidly becoming the defacto standard for integrating existing networks with IPv6. Solutions like BlueCat Networks’ Proteus provide parallel management for IPv4 networks which allows simultaneous management of dual stack devices that support both IPv4 and IPv6; this includes mapping IPv4 devices to their IPv6 address(es) and vice versa.
“The moment IPv4 addresses run out—which is likely to occur in the first quarter of 2011—there will be Internet users who can only surf over IPv6″
I agree with the rest of the article but the opening paragraph is just plain wrong. When the IANA pool runs out regional registries will not be able to get additional IPv4 resources using current methods. When they run out of addresses (probably an additional 12 months) then ISPs will not be able to get additional IPv4 addresses using existing methods. When ISPs run out then end users will have to connect using IPv6 only.
IPv6 only end-users are still a couple of years away. Claiming it will happen in the next couple of months is just FUD.
IPv4 can go on!!
Is IPv4 exhausted?
The current model of address allocation is over, of course, but the IPv4 can go on into another simple schema which can be applied on IPv4 addressing model!
The Figure 1 shows a schema with a unique Main Network address space and multiple independent areas each having an independent address space.
Each independent area can have another topology of network.
The transmission of data between different areas will be made only through
the Main Network. Inside any independent area the transmission is between an IPv4, as a source address, and another IPv4, as a destination address.
The Figure 2 shows a detailed link between two terminal points (end-users)
in a transmission in three steps.
ISPi is a unique point of access for (1).
ISPj is a unique point of access for (2).
IPv4i and IPv4j must be different into the Main Network address space.
IPv4_1 and IPv4_2 CAN BE EQUALS!
In any ISP (Internet Service Provider) space the destination address becomes source address for the next transmission.
This schema appears as a natural extension from 32 bits to 2 * 32 = 64 bits!
In fact, the schema works with LINES OF COMMUNICATIONS, instead of independent IP addresses! In this kind we can deliver practically the same address space as IPv6! (in my opinion, the MAC number into IPv6 is not a great idea).
Some stories:
1. Two class mate: “I’m John”. “I’m Dave”.
2. Two Englishmen: “I’m Dave from London”. “I’m Dave from Kent”.
In the computer terms:
3. Inside the same area: “I’m IPv4_1”. “I’m IPv4_8”
4. Different areas: “I’m IPv4_8 from ISPi”. “I’m IPv4_8 from ISPj”.
Note: These considerations are part of my current working:
the Universal Software Model, based on a unique informational entity called the Informational Individual (having an independent IPv4!).
Still not very clear from the wireshark output. The Figure shows A record queried first and waits for response before sending quad A request, if A record is not available then what is the timeout period before the Quad A request is sent? if the preference of the client is IPv6 then why does it not send out Quad A request first and use it and not send or wait for A record response. I guess this sequence will change in the client coding as more IPv6 or IPv4v6 hosts are available.
To summarize does the client wait for A resposne before sending the Quad A request?
IPv4 can go on into another simple schema which can be applied on IPv4 addressing model! This schema appears as a natural extension from 32 bits to 2*32 = 64 bits!! In fact, the schema works with LINES OF COMMUNICATIONS instead of independent IP addresses. In this kind we can deliver practically the same address space as IPv6!!!
More attention to these stories:
1. Two class mate: “I’m John”. “I’m Dave”
2. Two Englishmen: “I’m Dave from London”. “I’m Dave from Kent”.
In computer terms:
3. Inside the same Net: “I’m IPv4_1”. “I’m IPv4_8”.
4. Different Nets: “I’m IPv4_8 from ISP5”. “I’m IPv4_8 from ISP239”