IPv6 Source Address Selection on Mac OS X Lion
Mohacsi Janos
mohacsi at niif.hu
Thu Dec 15 16:31:42 CET 2011
Dear Christoph,
On Thu, 15 Dec 2011, Christoph Stahl wrote:
> Dear Janos,
>
> thanks very much for your input! Happy-Eye-Balls handles more what
> should happen when you are dual-stacked and the IPv6 target is not
> reachable via IPv6. My problem is focused on the problem of selecting
> the correct IPv6 source address for a given target-prefix.
RFC 3484 and its later improvements are dealing not only with source
address selection, but also preference of IPv6 or IPv4 via policy table.
Happy-Eye-Ball is a kind of solution for TCP like service to provide
better response time. Happy-Eye-Ball cannot replace RFC-3484(bis). In Mac
OS X Lion there some sort of Happy-Eye-Ball and probably behind the scene
there is some dynamic update of IPv6 and IPv4 preference for a particular
destination host. That is why you see in your test sometimes IPv6 address
sometimes IPv4 addresses. Lion is updating the destination cache based on
the connection setup RTT time.
if ((RTT_via_IPv6 - RTT_via_IPv4) < some_Apple_defined_ms) {
use_IPv6
} else {
use_IPv4
}
>
> Its hard to believe, that there might be no way to achieve that on Mac,
> when there are obvious ways for Win and Linux. You mention the command
> "ip6addrctl". This command is not in Lion, but also not in Snow Leopard.
> I cannot say if it is in Leopard or even Tiger.
Since Max OS X has strong root in *BSD, and all the *BSD is using
"ip6addrctl" to setup policy table, we might expect ip6addrctl on Mac OS
X also. Not there for any Mac OS X until now.
>
> By the way: Dual stacked, with a static IPv4 and IPv6 address and an
> autoconfigured IPv6 address it is quite "funny" which address gets
> selected when surfing the web: When surfing to "whatismyipv6.net" the
> site displays my IPv4 address. When surfing to "six.heise.de", the site
> is reached without a problem. When surfing to "sixxs.net" the site
> displays my autoconfigured IPv6 address - after hitting "reload" a few
> times, my IPv4 address gets displayed and stays there for each
> subsequent reload request.
>
> To get through the IPv6 firewall and host.allow to our servers where
> only my static /128 address is allowed I have found a workaround on Mac:
> use ssh with "ssh -6 -b <mystaticIPv6> <ipv6enabledhost>.
>
> I hate it when Win XP is capable of doing one thing better than the Mac;-)
Agree. Room for improvement for Apple.
Best Regards,
Janos Mohacsi
>
> Any other comment and suggestion very welcome!
>
> Kind regards,
> Christoph
>
>
> Am 15.12.2011 11:19, schrieb Mohacsi Janos:
>> Dear Chirstoph,
>> You achieved the prefer source address selection with tweaking the
>> RFC 3484 (http://tools.ietf.org/html/rfc3484) policy table on Linux
>> and Windows. According to some tests RFC3484 was implemented in some
>> extent on Mac OS X Lion, but maybe more the Happy-Eye-Ball
>> (http://tools.ietf.org/html/draft-ietf-v6ops-happy-eyeballs) . But
>> seems to me that RFC3484 policy table setting utility (ip6addrctl) is
>> missing from Lion. It seems that Lion is using non-temporary
>> autoconfigured addresses as a source for some destination prefixes,
>> and temporary autoconfigured addresses as source for some other
>> destination prefixes. Maybe Lion kernel is deciding on /48 boundary if
>> use or not to use temporary address - according to some tests done by
>> me - but it is not documented. Some guess work already done:
>> http://lists.apple.com/archives/Ipv6-dev/2011/Jul/msg00009.html
>>
>> Janos Mohacsi
>> Head of HBONE+ project
>> Network Engineer, Deputy Director of Network Planning and Projects
>> NIIF/HUNGARNET, HUNGARY
>> Key 70EF9882: DEC2 C685 1ED4 C95A 145F 4300 6F64 7B00 70EF 9882
>>
>> On Wed, 14 Dec 2011, Christoph Stahl wrote:
>>
>>> Hi there,
>>>
>>> I like to share with you an interesting problem. Maybe someone on this
>>> mailinglist has already found a solution to this. I googled for hours
>>> but did not find anything helpfull.
>>>
>>> The setup is a Macbook Pro running Lion with native IPv4 and IPv6
>>> connectivity at our office connected by Gigabitethernet.
>>>
>>> The goal is to use a stateless autoconfigured IPv6 Adress to "surf the
>>> the internet" and a statically configured IPv6 Adress to reach the IPv6
>>> (or dual stacked) hosts that use IPs belonging to our assigned
>>> IPv6-prefix. So that we can configure the static "admin" IPv6 address in
>>> firewalls or host.allows, but surf the web with all the benefits of the
>>> automatic privacy extension.
>>>
>>> I figured out how to get a static AND a dynamic IPv6 on my Mac:
>>> In the system preferences I duplicated the ethernet Interface and gave
>>> the duplicates speaking names. One instance gets a fixed IPv4 and a
>>> fixed IPv6 address. The other instance gets no IPv4 address, but an
>>> "automatic" IPv6 address.
>>>
>>> Using "ifconfig en0" I can verify that two IPv6 Adresses have been
>>> assigned to the interface, as planned.
>>> But no matter what, when coonecting to an IPv6 host, the dynamic IPv6 is
>>> used.
>>>
>>> On Windows XP on a different hardware I can select which address to use
>>> for reaching our prefix by
>>>
>>> netsh interface ipv6 reset
>>> netsh interface ipv6 add address "LAN-Verbindung"
>>> 2001:db8:0:<staticIPs>:111:: store=persistent
>>> netsh interface ipv6 add prefixpolicy
>>> 2001:db8:0:<staticIPs>:111::/128 69 666
>>> netsh interface ipv6 add prefixpolicy 2001:db8::/32 70 666
>>> netsh interface ipv6 add prefixpolicy 2001:db8:0:<dynamicIPs>::/64 71
>>> 777
>>> netsh interface ipv6 add prefixpolicy 2000::/3 72 777
>>> netsh interface ipv6 add prefixpolicy ::/0 50 777
>>>
>>>
>>> On Debian Linux, one can achieve this with
>>>
>>> iface eth0 inet6 static
>>> address 2001:db8:0:<staticIPs>:111::
>>> netmask 64
>>> gateway fe80::1
>>>
>>> pre-up sysctl net.ipv6.conf.eth0.autoconf=1
>>> pre-up sysctl net.ipv6.conf.eth0.use_tempaddr=2
>>> pre-up sysctl net.ipv6.conf.eth0.accept_ra=1
>>> # Label 1 ist vordefiniert als ::/0
>>> post-up ip addrlabel add prefix 2001:db8:0:<dynamicIPs>::/64 label
>>> 1 || true
>>> post-up ip addrlabel add prefix 2001:db8::/32 label
>>> 666 || true
>>>
>>>
>>>
>>>
>>> Sadly, there is no netsh on mac os x (Ok, that is a good thing!). And
>>> there is no "ip"-command.
>>>
>>> Does anybody know how to achieve this goal on Mac?
>>>
>>> I really hope there is a solution. Any hints and help will be greatly
>>> appreciated!
>>>
>>> Have a nice day,
>>>
>>> Regards,
>>> Christoph
>>>
>
>
More information about the ipv6-ops
mailing list