Collected Mac OS X IPv6 Wisdom

about | archive


[ 2004-July-13 16:38 ]

As my research is currently in networks, I have taken it upon myself to learn about IPv6. Luckily, my computer is running the right operating system to do that. Mac OS X has really good support for IPv6. If your network is configured for IPv6, it will automatically work. However, that is probably about two networks in the world. But there is an alternative: If your computer has a real IPv4 address, you can have IPv6 connectivity via 6to4, a transition technology that packages up IPv6 data and sends it over the IPv4 Internet. This article will tell you how to enable this on your Mac. [Note: This only works if you have a real IPv4 address, which means no gateways or NAT. If you are behind a gateway, you need a technology called Teredo, which is supported on Mac OS X by Miredo.]

Amazingly, Mac OS X 10.3 includes a UI for enabling 6to4: How to configure 6to4 in MacOS X. Once you have this turned on, you should be connected. See this list of IPv6 enabled sites for some stuff to visit to see if it works.

Test Your Connectivity

Run ping6 www.kame.net:

eitnaa221:~ vulturex$ ping6 www.kame.net
PING6(56=40+8+8 bytes) 2002:8161:78dd:1::1 --> 2001:200::8002:203:47ff:fea5:3085
16 bytes from 2001:200::8002:203:47ff:fea5:3085, icmp_seq=0 hlim=60 time=278.998 ms
16 bytes from 2001:200::8002:203:47ff:fea5:3085, icmp_seq=1 hlim=60 time=278.914 ms
16 bytes from 2001:200::8002:203:47ff:fea5:3085, icmp_seq=2 hlim=60 time=278.683 ms
^C
--- orange.kame.net ping6 statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 278.683/278.865/278.998 ms

Find out how your packets are getting there by running traceroute6 www.kame.net:

eitnaa221:/Users/vulturex root# traceroute6 www.kame.net
traceroute6 to orange.kame.net (2001:200::8002:203:47ff:fea5:3085) from 2002:8161:78dd:1::1, 30 hops max, 12 byte packets
 1  2002:c058:6301::c058:6301  105.518 ms  104.686 ms  104.623 ms
 2  swizh2-g2-6.switch.ch  104.755 ms  104.936 ms  104.839 ms
 3  swice3-10ge-1-1.switch.ch  108.791 ms  108.848 ms  108.531 ms
 4  swice2-v211.switch.ch  108.741 ms  108.727 ms  108.7 ms
 5  switch.ch1.ch.geant.net  109.572 ms  109.171 ms  108.928 ms
 6  ch.fr1.fr.geant.net  117.016 ms  118.283 ms  125.403 ms
 7  fr.uk1.uk.geant.net  124.035 ms  124.418 ms  126.861 ms
 8  uk.ny1.ny.geant.net  193.145 ms  193.295 ms  192.767 ms
 9  2001:468:ff:15c3::1  129.557 ms  139.696 ms  129.673 ms
10  2001:468:ff:f15::1  119.009 ms  119.267 ms  119.269 ms
11  2001:468:ff:f12::2  134.192 ms  127.58 ms  118.997 ms
12  kscyng-iplsng.abilene.ucaid.edu  129.018 ms  127.92 ms  128.888 ms
13  dnvrng-kscyng.abilene.ucaid.edu  141.652 ms  138.968 ms  139.539 ms
14  snvang-dnvrng.abilene.ucaid.edu  163.479 ms  164.459 ms  164.316 ms
15  losang-snvang.abilene.ucaid.edu  173.325 ms  173.397 ms  173.232 ms
16  3ffe:8140:101:1::2  277.119 ms  277.191 ms  277.021 ms
17  hitachi1.otemachi.wide.ad.jp  277.408 ms  277.41 ms  277.516 ms
18  pc3.yagami.wide.ad.jp  277.86 ms  277.813 ms  277.86 ms
19  gr2000.k2c.wide.ad.jp  279.598 ms  279.156 ms  281.679 ms
20  orange.kame.net  313.25 ms  278.978 ms  278.787 ms

Due to the magic of 6to4, there are a bunch of hops missing here. Between my computer and the first hop, the packets are carried over the IPv4 Internet. To find out how the data is getting to that first hop, run traceroute 192.88.99.1. Unfortunately, my current connection blocks traceroute packets, so I can't show you what happens here. But by looking at the domain names, I can tell you that my packets are travelling from my computer in Waterloo, Ontario, Canada, through Switzerland (switch.ch), through France, the UK, then back to North America via New York, over the Abilene Internet2 network, and finally to Japan. You can see that this extra round trip to Europe is far from optimal. And for me, somewhere in between my computer and my server, I get duplicate packets.

Improving 6to4 Connectivity

Ideally, in the future, ISPs will provide 6to4 routers for their customers. Unfortunately, today, there are only a few worldwide. You might be able to improve your connectivity by directing your traffic to a specific router, instead of letting the network carry your traffic to a public router. To do that, find a public 6to4 router, then use the Network control panel to change the router. I'm using Microsoft's router, and it seems to work a bit better than letting my data go to Europe and back.

Using IPv6 in Safari

Unfortunately, the current version of Safari prefers IPv4 addresses, since IPv6 sites are frequently broken. However, you can force Safari to prefer IPv6 addresses for testing.

Problems

So far, I only have one complaint: That is that Mac OS X doesn't use any intelligent selection of which addresses to use. For example, my server has both a "real" IPv6 address via Hurricane Electric's Tunnel Broker, and a 6to4 address. This allows it to respond to requests from other 6to4 hosts without having to go through a yucky, suboptimal 6to4 router. Unfortunately, Mac OS X just blindly selects the "real" IPv6 address, since it is listed first in DNS. It should realize that my default route to the IPv6 Internet is via 6to4, and it should prefer 6to4 addresses. I think I read this in an IETF Internet Draft somewhere, so it is the "correct" way to do things.