IPv6 Source Address Selection on Mac OS X Lion

Mohacsi Janos mohacsi at niif.hu
Thu Dec 15 22:57:33 CET 2011



On Thu, 15 Dec 2011, Dan Wing wrote:

>> -----Original Message-----
>> From: ipv6-ops-bounces+dwing=cisco.com at lists.cluenet.de [mailto:ipv6-
>> ops-bounces+dwing=cisco.com at lists.cluenet.de] On Behalf Of Christoph
>> Stahl
>> Sent: Thursday, December 15, 2011 4:51 AM
>> To: ipv6-ops at lists.cluenet.de
>> Subject: Re: IPv6 Source Address Selection on Mac OS X Lion
>>
>> Dear Janos,
>>
>> thanks very much for your input! Happy-Eye-Balls handles more what
>> should happen when you are dual-stacked and the IPv6 target is not
>> reachable via IPv6. My problem is focused on the problem of selecting
>> the correct IPv6 source address for a given target-prefix.
>>
>> Its hard to believe, that there might be no way to achieve that on Mac,
>> when there are obvious ways for Win and Linux. You mention the command
>> "ip6addrctl". This command is not in Lion, but also not in Snow
>> Leopard.
>> I cannot say if it is in Leopard or even Tiger.
>>
>> By the way: Dual stacked, with a static IPv4 and IPv6 address and an
>> autoconfigured IPv6 address it is quite "funny" which address gets
>> selected when surfing the web: When surfing to "whatismyipv6.net" the
>> site displays my IPv4 address. When surfing to "six.heise.de", the site
>> is reached without a problem. When surfing to "sixxs.net" the site
>> displays my autoconfigured IPv6 address - after hitting "reload" a few
>> times, my IPv4 address gets displayed and stays there for each
>> subsequent reload request.
>>
>> To get through the IPv6 firewall and host.allow to our servers where
>> only my static /128 address is allowed I have found a workaround on
>> Mac:
>> use ssh with "ssh -6 -b <mystaticIPv6> <ipv6enabledhost>.
>>
>> I hate it when Win XP is capable of doing one thing better than the
>> Mac;-)
>
> It depends on your definition of "better".  If your definition is
> "prefer IPv6", you are right that OSX Lion's algorithm fails.  If
> your definition is "connect to whichever is fastest", OSX Lion's
> algorithm wins.
>
> Right now, on effectively every network in the world, there is
> no user-noticable advantage to using IPv6 over IPv4.  Users don't
> care if their connection to Google/Facebook/Yahoo is IPv6 or IPv4,
> and nothing different happens to the user -- they don't get
> additional cows for their games, they don't get IPv6 coupons for
> the pizza place down the road.
>
> I agree that IPv6 should be preferred -- see what Andrew and I
> wrote at
> http://tools.ietf.org/html/draft-ietf-v6ops-happy-eyeballs-06#section-4.1
>
> However, I also understand why Apple's algorithm works the
> way it does -- because, today, there is no difference in the
> application resources accessed over IPv4 or IPv6.
>
> IMO, Apple will keep their existing algorithm until those IPv4
> connections provide a worse application-level service than IPv6.
> For example, the user cannot get a location-specific feature on
> IPv4 but can get a location-specific feature via IPv6.  Once
> IPv4 address sharing happens at an ISP, IPv6 for those subscribers
> will have the opportunity to provide a better application-level
> experience than IPv4, due to the additional location resolution
> available with IPv6 prefixes compared to the aggregation of
> users behind an IPv4 address sharing device.  ("IPv4 address
> sharing" is any combination of Carrier Grade NAT, 4rd, Dual-
> IVI, A+P, and the other proposals to share IPv4 addresses
> between subscribers.)

I agree with Christoph: WinXP you can setup source address selection rules 
for using temporary addresses for certain destiantion prefixes. In Mac OS 
X you cannot control that. Therefore WinXP can follow BETTER the 
local administrative policy of address usage.

Happy-Eye-Ball can be good for end user point of view, but a kind of 
nightmare for user support point of view. There is no consistent way to 
determine which IP transport in use - which one to debug. Except if there 
is some knobs in every applications to prefer IPv6 transport or IPv4 
transport....

Best Regards,
 		Janos Mohacsi

>
> -d
>
>> Any other comment and suggestion very welcome!
>>
>> Kind regards,
>> Christoph
>>
>>
>> Am 15.12.2011 11:19, schrieb Mohacsi Janos:
>>> Dear Chirstoph,
>>>     You achieved the prefer source address selection with tweaking
>> the
>>> RFC 3484 (http://tools.ietf.org/html/rfc3484) policy table on Linux
>>> and Windows. According to some tests RFC3484 was implemented in some
>>> extent on Mac OS X Lion, but maybe more the Happy-Eye-Ball
>>> (http://tools.ietf.org/html/draft-ietf-v6ops-happy-eyeballs)  . But
>>> seems to me that RFC3484 policy table setting utility (ip6addrctl) is
>>> missing from Lion. It seems that Lion is using non-temporary
>>> autoconfigured addresses as a source for some destination prefixes,
>>> and temporary autoconfigured addresses as source for some other
>>> destination prefixes. Maybe Lion kernel is deciding on /48 boundary
>> if
>>> use or not to use temporary address - according to some tests done by
>>> me - but it is not documented. Some guess work already done:
>>> http://lists.apple.com/archives/Ipv6-dev/2011/Jul/msg00009.html
>>>
>>> Janos Mohacsi
>>> Head of HBONE+ project
>>> Network Engineer, Deputy Director of Network Planning and Projects
>>> NIIF/HUNGARNET, HUNGARY
>>> Key 70EF9882: DEC2 C685 1ED4 C95A 145F  4300 6F64 7B00 70EF 9882
>>>
>>> On Wed, 14 Dec 2011, Christoph Stahl wrote:
>>>
>>>> Hi there,
>>>>
>>>> I like to share with you an interesting problem. Maybe someone on
>> this
>>>> mailinglist has already found a solution to this. I googled for
>> hours
>>>> but did not find anything helpfull.
>>>>
>>>> The setup is a Macbook Pro running Lion with native IPv4 and IPv6
>>>> connectivity at our office connected by Gigabitethernet.
>>>>
>>>> The goal is to use a stateless autoconfigured IPv6 Adress to "surf
>> the
>>>> the internet" and a statically configured IPv6 Adress to reach the
>> IPv6
>>>> (or dual stacked) hosts that use IPs belonging to our assigned
>>>> IPv6-prefix. So that we can configure the static "admin" IPv6
>> address in
>>>> firewalls or host.allows, but surf the web with all the benefits of
>> the
>>>> automatic privacy extension.
>>>>
>>>> I figured out how to get a static AND a dynamic IPv6 on my Mac:
>>>> In the system preferences I duplicated the ethernet Interface and
>> gave
>>>> the duplicates speaking names. One instance gets a fixed IPv4 and a
>>>> fixed IPv6 address. The other instance gets no IPv4 address, but an
>>>> "automatic" IPv6 address.
>>>>
>>>> Using "ifconfig en0" I can verify that two IPv6 Adresses have been
>>>> assigned to the interface, as planned.
>>>> But no matter what, when coonecting to an IPv6 host, the dynamic
>> IPv6 is
>>>> used.
>>>>
>>>> On Windows XP on a different hardware I can select which address to
>> use
>>>> for reaching our prefix by
>>>>
>>>> netsh interface ipv6 reset
>>>> netsh interface ipv6 add address "LAN-Verbindung"
>>>> 2001:db8:0:<staticIPs>:111:: store=persistent
>>>> netsh interface ipv6 add prefixpolicy
>>>> 2001:db8:0:<staticIPs>:111::/128 69 666
>>>> netsh interface ipv6 add prefixpolicy 2001:db8::/32 70 666
>>>> netsh interface ipv6 add prefixpolicy 2001:db8:0:<dynamicIPs>::/64
>> 71
>>>> 777
>>>> netsh interface ipv6 add prefixpolicy 2000::/3 72 777
>>>> netsh interface ipv6 add prefixpolicy ::/0 50 777
>>>>
>>>>
>>>> On Debian Linux, one can achieve this with
>>>>
>>>> iface eth0 inet6 static
>>>>   address 2001:db8:0:<staticIPs>:111::
>>>>   netmask 64
>>>>   gateway fe80::1
>>>>
>>>>   pre-up sysctl net.ipv6.conf.eth0.autoconf=1
>>>>   pre-up sysctl net.ipv6.conf.eth0.use_tempaddr=2
>>>>   pre-up sysctl net.ipv6.conf.eth0.accept_ra=1
>>>>   # Label 1 ist vordefiniert als ::/0
>>>>   post-up ip addrlabel add prefix 2001:db8:0:<dynamicIPs>::/64 label
>>>> 1         || true
>>>>   post-up ip addrlabel add prefix 2001:db8::/32 label
>>>> 666              || true
>>>>
>>>>
>>>>
>>>>
>>>> Sadly, there is no netsh on mac os x (Ok, that is a good thing!).
>> And
>>>> there is no "ip"-command.
>>>>
>>>> Does anybody know how to achieve this goal on Mac?
>>>>
>>>> I really hope there is a solution. Any hints and help will be
>> greatly
>>>> appreciated!
>>>>
>>>> Have a nice day,
>>>>
>>>> Regards,
>>>> Christoph
>>>>
>
>



More information about the ipv6-ops mailing list