IPv6 Source Address Selection on Mac OS X Lion
dwing at cisco.com
Thu Dec 15 18:31:42 CET 2011
> -----Original Message-----
> From: ipv6-ops-bounces+dwing=cisco.com at lists.cluenet.de [mailto:ipv6-
> ops-bounces+dwing=cisco.com at lists.cluenet.de] On Behalf Of Christoph
> Sent: Thursday, December 15, 2011 4:51 AM
> To: ipv6-ops at lists.cluenet.de
> Subject: Re: IPv6 Source Address Selection on Mac OS X Lion
> Dear Janos,
> thanks very much for your input! Happy-Eye-Balls handles more what
> should happen when you are dual-stacked and the IPv6 target is not
> reachable via IPv6. My problem is focused on the problem of selecting
> the correct IPv6 source address for a given target-prefix.
> Its hard to believe, that there might be no way to achieve that on Mac,
> when there are obvious ways for Win and Linux. You mention the command
> "ip6addrctl". This command is not in Lion, but also not in Snow
> I cannot say if it is in Leopard or even Tiger.
> By the way: Dual stacked, with a static IPv4 and IPv6 address and an
> autoconfigured IPv6 address it is quite "funny" which address gets
> selected when surfing the web: When surfing to "whatismyipv6.net" the
> site displays my IPv4 address. When surfing to "six.heise.de", the site
> is reached without a problem. When surfing to "sixxs.net" the site
> displays my autoconfigured IPv6 address - after hitting "reload" a few
> times, my IPv4 address gets displayed and stays there for each
> subsequent reload request.
> To get through the IPv6 firewall and host.allow to our servers where
> only my static /128 address is allowed I have found a workaround on
> use ssh with "ssh -6 -b <mystaticIPv6> <ipv6enabledhost>.
> I hate it when Win XP is capable of doing one thing better than the
It depends on your definition of "better". If your definition is
"prefer IPv6", you are right that OSX Lion's algorithm fails. If
your definition is "connect to whichever is fastest", OSX Lion's
Right now, on effectively every network in the world, there is
no user-noticable advantage to using IPv6 over IPv4. Users don't
care if their connection to Google/Facebook/Yahoo is IPv6 or IPv4,
and nothing different happens to the user -- they don't get
additional cows for their games, they don't get IPv6 coupons for
the pizza place down the road.
I agree that IPv6 should be preferred -- see what Andrew and I
However, I also understand why Apple's algorithm works the
way it does -- because, today, there is no difference in the
application resources accessed over IPv4 or IPv6.
IMO, Apple will keep their existing algorithm until those IPv4
connections provide a worse application-level service than IPv6.
For example, the user cannot get a location-specific feature on
IPv4 but can get a location-specific feature via IPv6. Once
IPv4 address sharing happens at an ISP, IPv6 for those subscribers
will have the opportunity to provide a better application-level
experience than IPv4, due to the additional location resolution
available with IPv6 prefixes compared to the aggregation of
users behind an IPv4 address sharing device. ("IPv4 address
sharing" is any combination of Carrier Grade NAT, 4rd, Dual-
IVI, A+P, and the other proposals to share IPv4 addresses
> Any other comment and suggestion very welcome!
> Kind regards,
> Am 15.12.2011 11:19, schrieb Mohacsi Janos:
> > Dear Chirstoph,
> > You achieved the prefer source address selection with tweaking
> > RFC 3484 (http://tools.ietf.org/html/rfc3484) policy table on Linux
> > and Windows. According to some tests RFC3484 was implemented in some
> > extent on Mac OS X Lion, but maybe more the Happy-Eye-Ball
> > (http://tools.ietf.org/html/draft-ietf-v6ops-happy-eyeballs) . But
> > seems to me that RFC3484 policy table setting utility (ip6addrctl) is
> > missing from Lion. It seems that Lion is using non-temporary
> > autoconfigured addresses as a source for some destination prefixes,
> > and temporary autoconfigured addresses as source for some other
> > destination prefixes. Maybe Lion kernel is deciding on /48 boundary
> > use or not to use temporary address - according to some tests done by
> > me - but it is not documented. Some guess work already done:
> > http://lists.apple.com/archives/Ipv6-dev/2011/Jul/msg00009.html
> > Janos Mohacsi
> > Head of HBONE+ project
> > Network Engineer, Deputy Director of Network Planning and Projects
> > NIIF/HUNGARNET, HUNGARY
> > Key 70EF9882: DEC2 C685 1ED4 C95A 145F 4300 6F64 7B00 70EF 9882
> > On Wed, 14 Dec 2011, Christoph Stahl wrote:
> >> Hi there,
> >> I like to share with you an interesting problem. Maybe someone on
> >> mailinglist has already found a solution to this. I googled for
> >> but did not find anything helpfull.
> >> The setup is a Macbook Pro running Lion with native IPv4 and IPv6
> >> connectivity at our office connected by Gigabitethernet.
> >> The goal is to use a stateless autoconfigured IPv6 Adress to "surf
> >> the internet" and a statically configured IPv6 Adress to reach the
> >> (or dual stacked) hosts that use IPs belonging to our assigned
> >> IPv6-prefix. So that we can configure the static "admin" IPv6
> address in
> >> firewalls or host.allows, but surf the web with all the benefits of
> >> automatic privacy extension.
> >> I figured out how to get a static AND a dynamic IPv6 on my Mac:
> >> In the system preferences I duplicated the ethernet Interface and
> >> the duplicates speaking names. One instance gets a fixed IPv4 and a
> >> fixed IPv6 address. The other instance gets no IPv4 address, but an
> >> "automatic" IPv6 address.
> >> Using "ifconfig en0" I can verify that two IPv6 Adresses have been
> >> assigned to the interface, as planned.
> >> But no matter what, when coonecting to an IPv6 host, the dynamic
> IPv6 is
> >> used.
> >> On Windows XP on a different hardware I can select which address to
> >> for reaching our prefix by
> >> netsh interface ipv6 reset
> >> netsh interface ipv6 add address "LAN-Verbindung"
> >> 2001:db8:0:<staticIPs>:111:: store=persistent
> >> netsh interface ipv6 add prefixpolicy
> >> 2001:db8:0:<staticIPs>:111::/128 69 666
> >> netsh interface ipv6 add prefixpolicy 2001:db8::/32 70 666
> >> netsh interface ipv6 add prefixpolicy 2001:db8:0:<dynamicIPs>::/64
> >> 777
> >> netsh interface ipv6 add prefixpolicy 2000::/3 72 777
> >> netsh interface ipv6 add prefixpolicy ::/0 50 777
> >> On Debian Linux, one can achieve this with
> >> iface eth0 inet6 static
> >> address 2001:db8:0:<staticIPs>:111::
> >> netmask 64
> >> gateway fe80::1
> >> pre-up sysctl net.ipv6.conf.eth0.autoconf=1
> >> pre-up sysctl net.ipv6.conf.eth0.use_tempaddr=2
> >> pre-up sysctl net.ipv6.conf.eth0.accept_ra=1
> >> # Label 1 ist vordefiniert als ::/0
> >> post-up ip addrlabel add prefix 2001:db8:0:<dynamicIPs>::/64 label
> >> 1 || true
> >> post-up ip addrlabel add prefix 2001:db8::/32 label
> >> 666 || true
> >> Sadly, there is no netsh on mac os x (Ok, that is a good thing!).
> >> there is no "ip"-command.
> >> Does anybody know how to achieve this goal on Mac?
> >> I really hope there is a solution. Any hints and help will be
> >> appreciated!
> >> Have a nice day,
> >> Regards,
> >> Christoph
More information about the ipv6-ops