IPv6 Source Address Selection on Mac OS X Lion

Christoph Stahl cstahl at netcologne.de
Thu Dec 15 13:51:13 CET 2011 

Dear Janos,

thanks very much for your input! Happy-Eye-Balls handles more what
should happen when you are dual-stacked and the IPv6 target is not
reachable via IPv6. My problem is focused on the problem of selecting
the correct IPv6 source address for a given target-prefix.

Its hard to believe, that there might be no way to achieve that on Mac,
when there are obvious ways for Win and Linux. You mention the command
"ip6addrctl". This command is not in Lion, but also not in Snow Leopard.
I cannot say if it is in Leopard or even Tiger.

By the way: Dual stacked, with a static IPv4 and IPv6 address and an
autoconfigured IPv6 address it is quite "funny" which address gets
selected when surfing the web: When surfing to "whatismyipv6.net" the
site displays my IPv4 address. When surfing to "six.heise.de", the site
is reached without a problem. When surfing to "sixxs.net" the site
displays my autoconfigured IPv6 address - after hitting "reload" a few
times, my IPv4 address gets displayed and stays there for each
subsequent reload request.

To get through the IPv6 firewall and host.allow to our servers where
only my static /128 address is allowed I have found a workaround on Mac:
use ssh with "ssh -6 -b <mystaticIPv6> <ipv6enabledhost>.

I hate it when Win XP is capable of doing one thing better than the Mac;-)

Any other comment and suggestion very welcome!

Kind regards,
Christoph


Am 15.12.2011 11:19, schrieb Mohacsi Janos:
> Dear Chirstoph,
>     You achieved the prefer source address selection with tweaking the
> RFC 3484 (http://tools.ietf.org/html/rfc3484) policy table on Linux
> and Windows. According to some tests RFC3484 was implemented in some
> extent on Mac OS X Lion, but maybe more the Happy-Eye-Ball
> (http://tools.ietf.org/html/draft-ietf-v6ops-happy-eyeballs)  . But
> seems to me that RFC3484 policy table setting utility (ip6addrctl) is
> missing from Lion. It seems that Lion is using non-temporary
> autoconfigured addresses as a source for some destination prefixes,
> and temporary autoconfigured addresses as source for some other
> destination prefixes. Maybe Lion kernel is deciding on /48 boundary if
> use or not to use temporary address - according to some tests done by
> me - but it is not documented. Some guess work already done:
> http://lists.apple.com/archives/Ipv6-dev/2011/Jul/msg00009.html
>
> Janos Mohacsi
> Head of HBONE+ project
> Network Engineer, Deputy Director of Network Planning and Projects
> NIIF/HUNGARNET, HUNGARY
> Key 70EF9882: DEC2 C685 1ED4 C95A 145F  4300 6F64 7B00 70EF 9882
>
> On Wed, 14 Dec 2011, Christoph Stahl wrote:
>
>> Hi there,
>>
>> I like to share with you an interesting problem. Maybe someone on this
>> mailinglist has already found a solution to this. I googled for hours
>> but did not find anything helpfull.
>>
>> The setup is a Macbook Pro running Lion with native IPv4 and IPv6
>> connectivity at our office connected by Gigabitethernet.
>>
>> The goal is to use a stateless autoconfigured IPv6 Adress to "surf the
>> the internet" and a statically configured IPv6 Adress to reach the IPv6
>> (or dual stacked) hosts that use IPs belonging to our assigned
>> IPv6-prefix. So that we can configure the static "admin" IPv6 address in
>> firewalls or host.allows, but surf the web with all the benefits of the
>> automatic privacy extension.
>>
>> I figured out how to get a static AND a dynamic IPv6 on my Mac:
>> In the system preferences I duplicated the ethernet Interface and gave
>> the duplicates speaking names. One instance gets a fixed IPv4 and a
>> fixed IPv6 address. The other instance gets no IPv4 address, but an
>> "automatic" IPv6 address.
>>
>> Using "ifconfig en0" I can verify that two IPv6 Adresses have been
>> assigned to the interface, as planned.
>> But no matter what, when coonecting to an IPv6 host, the dynamic IPv6 is
>> used.
>>
>> On Windows XP on a different hardware I can select which address to use
>> for reaching our prefix by
>>
>> netsh interface ipv6 reset
>> netsh interface ipv6 add address "LAN-Verbindung"
>> 2001:db8:0:<staticIPs>:111:: store=persistent
>> netsh interface ipv6 add prefixpolicy
>> 2001:db8:0:<staticIPs>:111::/128 69 666
>> netsh interface ipv6 add prefixpolicy 2001:db8::/32 70 666
>> netsh interface ipv6 add prefixpolicy 2001:db8:0:<dynamicIPs>::/64 71
>> 777
>> netsh interface ipv6 add prefixpolicy 2000::/3 72 777
>> netsh interface ipv6 add prefixpolicy ::/0 50 777
>>
>>
>> On Debian Linux, one can achieve this with
>>
>> iface eth0 inet6 static
>>   address 2001:db8:0:<staticIPs>:111::
>>   netmask 64
>>   gateway fe80::1
>>
>>   pre-up sysctl net.ipv6.conf.eth0.autoconf=1
>>   pre-up sysctl net.ipv6.conf.eth0.use_tempaddr=2
>>   pre-up sysctl net.ipv6.conf.eth0.accept_ra=1
>>   # Label 1 ist vordefiniert als ::/0
>>   post-up ip addrlabel add prefix 2001:db8:0:<dynamicIPs>::/64 label
>> 1         || true
>>   post-up ip addrlabel add prefix 2001:db8::/32 label
>> 666              || true
>>
>>
>>
>>
>> Sadly, there is no netsh on mac os x (Ok, that is a good thing!). And
>> there is no "ip"-command.
>>
>> Does anybody know how to achieve this goal on Mac?
>>
>> I really hope there is a solution. Any hints and help will be greatly
>> appreciated!
>>
>> Have a nice day,
>>
>> Regards,
>> Christoph
>>

More information about the ipv6-ops mailing list