Mailing List Archive: nsp: ipv6

IPv6 Source Address Selection on Mac OS X Lion

Index | Next | Previous | View Threaded

cstahl at netcologne

Dec 14, 2011, 6:00 AM

Post #1 of 17 (2600 views)
Permalink

IPv6 Source Address Selection on Mac OS X Lion

Hi there,

I like to share with you an interesting problem. Maybe someone on this
mailinglist has already found a solution to this. I googled for hours
but did not find anything helpfull.

The setup is a Macbook Pro running Lion with native IPv4 and IPv6
connectivity at our office connected by Gigabitethernet.

The goal is to use a stateless autoconfigured IPv6 Adress to "surf the
the internet" and a statically configured IPv6 Adress to reach the IPv6
(or dual stacked) hosts that use IPs belonging to our assigned
IPv6-prefix. So that we can configure the static "admin" IPv6 address in
firewalls or host.allows, but surf the web with all the benefits of the
automatic privacy extension.

I figured out how to get a static AND a dynamic IPv6 on my Mac:
In the system preferences I duplicated the ethernet Interface and gave
the duplicates speaking names. One instance gets a fixed IPv4 and a
fixed IPv6 address. The other instance gets no IPv4 address, but an
"automatic" IPv6 address.

Using "ifconfig en0" I can verify that two IPv6 Adresses have been
assigned to the interface, as planned.
But no matter what, when coonecting to an IPv6 host, the dynamic IPv6 is
used.

On Windows XP on a different hardware I can select which address to use
for reaching our prefix by

netsh interface ipv6 reset
netsh interface ipv6 add address "LAN-Verbindung" 2001:db8:0:<staticIPs>:111:: store=persistent
netsh interface ipv6 add prefixpolicy 2001:db8:0:<staticIPs>:111::/128 69 666
netsh interface ipv6 add prefixpolicy 2001:db8::/32 70 666
netsh interface ipv6 add prefixpolicy 2001:db8:0:<dynamicIPs>::/64 71 777
netsh interface ipv6 add prefixpolicy 2000::/3 72 777
netsh interface ipv6 add prefixpolicy ::/0 50 777

On Debian Linux, one can achieve this with

iface eth0 inet6 static
address 2001:db8:0:<staticIPs>:111::
netmask 64
gateway fe80::1

pre-up sysctl net.ipv6.conf.eth0.autoconf=1
pre-up sysctl net.ipv6.conf.eth0.use_tempaddr=2
pre-up sysctl net.ipv6.conf.eth0.accept_ra=1
# Label 1 ist vordefiniert als ::/0
post-up ip addrlabel add prefix 2001:db8:0:<dynamicIPs>::/64 label 1 || true
post-up ip addrlabel add prefix 2001:db8::/32 label 666 || true

Sadly, there is no netsh on mac os x (Ok, that is a good thing!). And
there is no "ip"-command.

Does anybody know how to achieve this goal on Mac?

I really hope there is a solution. Any hints and help will be greatly
appreciated!

Have a nice day,

Regards,
Christoph

mohacsi at niif

Dec 15, 2011, 2:19 AM

Post #2 of 17 (2517 views)
Permalink

Re: IPv6 Source Address Selection on Mac OS X Lion [In reply to]

Dear Chirstoph,
You achieved the prefer source address selection with tweaking the
RFC 3484 (http://tools.ietf.org/html/rfc3484) policy table on Linux and
Windows. According to some tests RFC3484 was implemented in some extent on
Mac OS X Lion, but maybe more the Happy-Eye-Ball
(http://tools.ietf.org/html/draft-ietf-v6ops-happy-eyeballs) . But seems
to me that RFC3484 policy table setting utility (ip6addrctl) is missing
from Lion. It seems that Lion is using non-temporary autoconfigured
addresses as a source for some destination prefixes, and temporary
autoconfigured addresses as source for some other destination prefixes.
Maybe Lion kernel is deciding on /48 boundary if use or not to use
temporary address - according to some tests done by me - but it is not
documented. Some guess work already done:
http://lists.apple.com/archives/Ipv6-dev/2011/Jul/msg00009.html

Janos Mohacsi
Head of HBONE+ project
Network Engineer, Deputy Director of Network Planning and Projects
NIIF/HUNGARNET, HUNGARY
Key 70EF9882: DEC2 C685 1ED4 C95A 145F 4300 6F64 7B00 70EF 9882

On Wed, 14 Dec 2011, Christoph Stahl wrote:

> Hi there,
>
> I like to share with you an interesting problem. Maybe someone on this
> mailinglist has already found a solution to this. I googled for hours
> but did not find anything helpfull.
>
> The setup is a Macbook Pro running Lion with native IPv4 and IPv6
> connectivity at our office connected by Gigabitethernet.
>
> The goal is to use a stateless autoconfigured IPv6 Adress to "surf the
> the internet" and a statically configured IPv6 Adress to reach the IPv6
> (or dual stacked) hosts that use IPs belonging to our assigned
> IPv6-prefix. So that we can configure the static "admin" IPv6 address in
> firewalls or host.allows, but surf the web with all the benefits of the
> automatic privacy extension.
>
> I figured out how to get a static AND a dynamic IPv6 on my Mac:
> In the system preferences I duplicated the ethernet Interface and gave
> the duplicates speaking names. One instance gets a fixed IPv4 and a
> fixed IPv6 address. The other instance gets no IPv4 address, but an
> "automatic" IPv6 address.
>
> Using "ifconfig en0" I can verify that two IPv6 Adresses have been
> assigned to the interface, as planned.
> But no matter what, when coonecting to an IPv6 host, the dynamic IPv6 is
> used.
>
> On Windows XP on a different hardware I can select which address to use
> for reaching our prefix by
>
> netsh interface ipv6 reset
> netsh interface ipv6 add address "LAN-Verbindung" 2001:db8:0:<staticIPs>:111:: store=persistent
> netsh interface ipv6 add prefixpolicy 2001:db8:0:<staticIPs>:111::/128 69 666
> netsh interface ipv6 add prefixpolicy 2001:db8::/32 70 666
> netsh interface ipv6 add prefixpolicy 2001:db8:0:<dynamicIPs>::/64 71 777
> netsh interface ipv6 add prefixpolicy 2000::/3 72 777
> netsh interface ipv6 add prefixpolicy ::/0 50 777
>
>
> On Debian Linux, one can achieve this with
>
> iface eth0 inet6 static
> address 2001:db8:0:<staticIPs>:111::
> netmask 64
> gateway fe80::1
>
> pre-up sysctl net.ipv6.conf.eth0.autoconf=1
> pre-up sysctl net.ipv6.conf.eth0.use_tempaddr=2
> pre-up sysctl net.ipv6.conf.eth0.accept_ra=1
> # Label 1 ist vordefiniert als ::/0
> post-up ip addrlabel add prefix 2001:db8:0:<dynamicIPs>::/64 label 1 || true
> post-up ip addrlabel add prefix 2001:db8::/32 label 666 || true
>
>
>
>
> Sadly, there is no netsh on mac os x (Ok, that is a good thing!). And
> there is no "ip"-command.
>
> Does anybody know how to achieve this goal on Mac?
>
> I really hope there is a solution. Any hints and help will be greatly
> appreciated!
>
> Have a nice day,
>
> Regards,
> Christoph
>

cstahl at netcologne

Dec 15, 2011, 4:51 AM

Post #3 of 17 (2515 views)
Permalink

Re: IPv6 Source Address Selection on Mac OS X Lion [In reply to]

Dear Janos,

thanks very much for your input! Happy-Eye-Balls handles more what
should happen when you are dual-stacked and the IPv6 target is not
reachable via IPv6. My problem is focused on the problem of selecting
the correct IPv6 source address for a given target-prefix.

Its hard to believe, that there might be no way to achieve that on Mac,
when there are obvious ways for Win and Linux. You mention the command
"ip6addrctl". This command is not in Lion, but also not in Snow Leopard.
I cannot say if it is in Leopard or even Tiger.

By the way: Dual stacked, with a static IPv4 and IPv6 address and an
autoconfigured IPv6 address it is quite "funny" which address gets
selected when surfing the web: When surfing to "whatismyipv6.net" the
site displays my IPv4 address. When surfing to "six.heise.de", the site
is reached without a problem. When surfing to "sixxs.net" the site
displays my autoconfigured IPv6 address - after hitting "reload" a few
times, my IPv4 address gets displayed and stays there for each
subsequent reload request.

To get through the IPv6 firewall and host.allow to our servers where
only my static /128 address is allowed I have found a workaround on Mac:
use ssh with "ssh -6 -b <mystaticIPv6> <ipv6enabledhost>.

I hate it when Win XP is capable of doing one thing better than the Mac;-)

Any other comment and suggestion very welcome!

Kind regards,
Christoph

Am 15.12.2011 11:19, schrieb Mohacsi Janos:
> Dear Chirstoph,
> You achieved the prefer source address selection with tweaking the
> RFC 3484 (http://tools.ietf.org/html/rfc3484) policy table on Linux
> and Windows. According to some tests RFC3484 was implemented in some
> extent on Mac OS X Lion, but maybe more the Happy-Eye-Ball
> (http://tools.ietf.org/html/draft-ietf-v6ops-happy-eyeballs) . But
> seems to me that RFC3484 policy table setting utility (ip6addrctl) is
> missing from Lion. It seems that Lion is using non-temporary
> autoconfigured addresses as a source for some destination prefixes,
> and temporary autoconfigured addresses as source for some other
> destination prefixes. Maybe Lion kernel is deciding on /48 boundary if
> use or not to use temporary address - according to some tests done by
> me - but it is not documented. Some guess work already done:
> http://lists.apple.com/archives/Ipv6-dev/2011/Jul/msg00009.html
>
> Janos Mohacsi
> Head of HBONE+ project
> Network Engineer, Deputy Director of Network Planning and Projects
> NIIF/HUNGARNET, HUNGARY
> Key 70EF9882: DEC2 C685 1ED4 C95A 145F 4300 6F64 7B00 70EF 9882
>
> On Wed, 14 Dec 2011, Christoph Stahl wrote:
>
>> Hi there,
>>
>> I like to share with you an interesting problem. Maybe someone on this
>> mailinglist has already found a solution to this. I googled for hours
>> but did not find anything helpfull.
>>
>> The setup is a Macbook Pro running Lion with native IPv4 and IPv6
>> connectivity at our office connected by Gigabitethernet.
>>
>> The goal is to use a stateless autoconfigured IPv6 Adress to "surf the
>> the internet" and a statically configured IPv6 Adress to reach the IPv6
>> (or dual stacked) hosts that use IPs belonging to our assigned
>> IPv6-prefix. So that we can configure the static "admin" IPv6 address in
>> firewalls or host.allows, but surf the web with all the benefits of the
>> automatic privacy extension.
>>
>> I figured out how to get a static AND a dynamic IPv6 on my Mac:
>> In the system preferences I duplicated the ethernet Interface and gave
>> the duplicates speaking names. One instance gets a fixed IPv4 and a
>> fixed IPv6 address. The other instance gets no IPv4 address, but an
>> "automatic" IPv6 address.
>>
>> Using "ifconfig en0" I can verify that two IPv6 Adresses have been
>> assigned to the interface, as planned.
>> But no matter what, when coonecting to an IPv6 host, the dynamic IPv6 is
>> used.
>>
>> On Windows XP on a different hardware I can select which address to use
>> for reaching our prefix by
>>
>> netsh interface ipv6 reset
>> netsh interface ipv6 add address "LAN-Verbindung"
>> 2001:db8:0:<staticIPs>:111:: store=persistent
>> netsh interface ipv6 add prefixpolicy
>> 2001:db8:0:<staticIPs>:111::/128 69 666
>> netsh interface ipv6 add prefixpolicy 2001:db8::/32 70 666
>> netsh interface ipv6 add prefixpolicy 2001:db8:0:<dynamicIPs>::/64 71
>> 777
>> netsh interface ipv6 add prefixpolicy 2000::/3 72 777
>> netsh interface ipv6 add prefixpolicy ::/0 50 777
>>
>>
>> On Debian Linux, one can achieve this with
>>
>> iface eth0 inet6 static
>> address 2001:db8:0:<staticIPs>:111::
>> netmask 64
>> gateway fe80::1
>>
>> pre-up sysctl net.ipv6.conf.eth0.autoconf=1
>> pre-up sysctl net.ipv6.conf.eth0.use_tempaddr=2
>> pre-up sysctl net.ipv6.conf.eth0.accept_ra=1
>> # Label 1 ist vordefiniert als ::/0
>> post-up ip addrlabel add prefix 2001:db8:0:<dynamicIPs>::/64 label
>> 1 || true
>> post-up ip addrlabel add prefix 2001:db8::/32 label
>> 666 || true
>>
>>
>>
>>
>> Sadly, there is no netsh on mac os x (Ok, that is a good thing!). And
>> there is no "ip"-command.
>>
>> Does anybody know how to achieve this goal on Mac?
>>
>> I really hope there is a solution. Any hints and help will be greatly
>> appreciated!
>>
>> Have a nice day,
>>
>> Regards,
>> Christoph
>>

mohacsi at niif

Dec 15, 2011, 7:31 AM

Post #4 of 17 (2544 views)
Permalink

Re: IPv6 Source Address Selection on Mac OS X Lion [In reply to]

Dear Christoph,

On Thu, 15 Dec 2011, Christoph Stahl wrote:

> Dear Janos,
>
> thanks very much for your input! Happy-Eye-Balls handles more what
> should happen when you are dual-stacked and the IPv6 target is not
> reachable via IPv6. My problem is focused on the problem of selecting
> the correct IPv6 source address for a given target-prefix.

RFC 3484 and its later improvements are dealing not only with source
address selection, but also preference of IPv6 or IPv4 via policy table.
Happy-Eye-Ball is a kind of solution for TCP like service to provide
better response time. Happy-Eye-Ball cannot replace RFC-3484(bis). In Mac
OS X Lion there some sort of Happy-Eye-Ball and probably behind the scene
there is some dynamic update of IPv6 and IPv4 preference for a particular
destination host. That is why you see in your test sometimes IPv6 address
sometimes IPv4 addresses. Lion is updating the destination cache based on
the connection setup RTT time.

if ((RTT_via_IPv6 - RTT_via_IPv4) < some_Apple_defined_ms) {
use_IPv6
} else {
use_IPv4
}

>
> Its hard to believe, that there might be no way to achieve that on Mac,
> when there are obvious ways for Win and Linux. You mention the command
> "ip6addrctl". This command is not in Lion, but also not in Snow Leopard.
> I cannot say if it is in Leopard or even Tiger.

Since Max OS X has strong root in *BSD, and all the *BSD is using
"ip6addrctl" to setup policy table, we might expect ip6addrctl on Mac OS
X also. Not there for any Mac OS X until now.

>
> By the way: Dual stacked, with a static IPv4 and IPv6 address and an
> autoconfigured IPv6 address it is quite "funny" which address gets
> selected when surfing the web: When surfing to "whatismyipv6.net" the
> site displays my IPv4 address. When surfing to "six.heise.de", the site
> is reached without a problem. When surfing to "sixxs.net" the site
> displays my autoconfigured IPv6 address - after hitting "reload" a few
> times, my IPv4 address gets displayed and stays there for each
> subsequent reload request.
>
> To get through the IPv6 firewall and host.allow to our servers where
> only my static /128 address is allowed I have found a workaround on Mac:
> use ssh with "ssh -6 -b <mystaticIPv6> <ipv6enabledhost>.
>
> I hate it when Win XP is capable of doing one thing better than the Mac;-)

Agree. Room for improvement for Apple.
Best Regards,
Janos Mohacsi

>
> Any other comment and suggestion very welcome!
>
> Kind regards,
> Christoph
>
>
> Am 15.12.2011 11:19, schrieb Mohacsi Janos:
>> Dear Chirstoph,
>> You achieved the prefer source address selection with tweaking the
>> RFC 3484 (http://tools.ietf.org/html/rfc3484) policy table on Linux
>> and Windows. According to some tests RFC3484 was implemented in some
>> extent on Mac OS X Lion, but maybe more the Happy-Eye-Ball
>> (http://tools.ietf.org/html/draft-ietf-v6ops-happy-eyeballs) . But
>> seems to me that RFC3484 policy table setting utility (ip6addrctl) is
>> missing from Lion. It seems that Lion is using non-temporary
>> autoconfigured addresses as a source for some destination prefixes,
>> and temporary autoconfigured addresses as source for some other
>> destination prefixes. Maybe Lion kernel is deciding on /48 boundary if
>> use or not to use temporary address - according to some tests done by
>> me - but it is not documented. Some guess work already done:
>> http://lists.apple.com/archives/Ipv6-dev/2011/Jul/msg00009.html
>>
>> Janos Mohacsi
>> Head of HBONE+ project
>> Network Engineer, Deputy Director of Network Planning and Projects
>> NIIF/HUNGARNET, HUNGARY
>> Key 70EF9882: DEC2 C685 1ED4 C95A 145F 4300 6F64 7B00 70EF 9882
>>
>> On Wed, 14 Dec 2011, Christoph Stahl wrote:
>>
>>> Hi there,
>>>
>>> I like to share with you an interesting problem. Maybe someone on this
>>> mailinglist has already found a solution to this. I googled for hours
>>> but did not find anything helpfull.
>>>
>>> The setup is a Macbook Pro running Lion with native IPv4 and IPv6
>>> connectivity at our office connected by Gigabitethernet.
>>>
>>> The goal is to use a stateless autoconfigured IPv6 Adress to "surf the
>>> the internet" and a statically configured IPv6 Adress to reach the IPv6
>>> (or dual stacked) hosts that use IPs belonging to our assigned
>>> IPv6-prefix. So that we can configure the static "admin" IPv6 address in
>>> firewalls or host.allows, but surf the web with all the benefits of the
>>> automatic privacy extension.
>>>
>>> I figured out how to get a static AND a dynamic IPv6 on my Mac:
>>> In the system preferences I duplicated the ethernet Interface and gave
>>> the duplicates speaking names. One instance gets a fixed IPv4 and a
>>> fixed IPv6 address. The other instance gets no IPv4 address, but an
>>> "automatic" IPv6 address.
>>>
>>> Using "ifconfig en0" I can verify that two IPv6 Adresses have been
>>> assigned to the interface, as planned.
>>> But no matter what, when coonecting to an IPv6 host, the dynamic IPv6 is
>>> used.
>>>
>>> On Windows XP on a different hardware I can select which address to use
>>> for reaching our prefix by
>>>
>>> netsh interface ipv6 reset
>>> netsh interface ipv6 add address "LAN-Verbindung"
>>> 2001:db8:0:<staticIPs>:111:: store=persistent
>>> netsh interface ipv6 add prefixpolicy
>>> 2001:db8:0:<staticIPs>:111::/128 69 666
>>> netsh interface ipv6 add prefixpolicy 2001:db8::/32 70 666
>>> netsh interface ipv6 add prefixpolicy 2001:db8:0:<dynamicIPs>::/64 71
>>> 777
>>> netsh interface ipv6 add prefixpolicy 2000::/3 72 777
>>> netsh interface ipv6 add prefixpolicy ::/0 50 777
>>>
>>>
>>> On Debian Linux, one can achieve this with
>>>
>>> iface eth0 inet6 static
>>> address 2001:db8:0:<staticIPs>:111::
>>> netmask 64
>>> gateway fe80::1
>>>
>>> pre-up sysctl net.ipv6.conf.eth0.autoconf=1
>>> pre-up sysctl net.ipv6.conf.eth0.use_tempaddr=2
>>> pre-up sysctl net.ipv6.conf.eth0.accept_ra=1
>>> # Label 1 ist vordefiniert als ::/0
>>> post-up ip addrlabel add prefix 2001:db8:0:<dynamicIPs>::/64 label
>>> 1 || true
>>> post-up ip addrlabel add prefix 2001:db8::/32 label
>>> 666 || true
>>>
>>>
>>>
>>>
>>> Sadly, there is no netsh on mac os x (Ok, that is a good thing!). And
>>> there is no "ip"-command.
>>>
>>> Does anybody know how to achieve this goal on Mac?
>>>
>>> I really hope there is a solution. Any hints and help will be greatly
>>> appreciated!
>>>
>>> Have a nice day,
>>>
>>> Regards,
>>> Christoph
>>>
>
>

dwing at cisco

Dec 15, 2011, 9:31 AM

Post #5 of 17 (2514 views)
Permalink

RE: IPv6 Source Address Selection on Mac OS X Lion [In reply to]

> -----Original Message-----
> From: ipv6-ops-bounces+dwing=cisco.com [at] lists [mailto:ipv6-
> ops-bounces+dwing=cisco.com [at] lists] On Behalf Of Christoph
> Stahl
> Sent: Thursday, December 15, 2011 4:51 AM
> To: ipv6-ops [at] lists
> Subject: Re: IPv6 Source Address Selection on Mac OS X Lion
>
> Dear Janos,
>
> thanks very much for your input! Happy-Eye-Balls handles more what
> should happen when you are dual-stacked and the IPv6 target is not
> reachable via IPv6. My problem is focused on the problem of selecting
> the correct IPv6 source address for a given target-prefix.
>
> Its hard to believe, that there might be no way to achieve that on Mac,
> when there are obvious ways for Win and Linux. You mention the command
> "ip6addrctl". This command is not in Lion, but also not in Snow
> Leopard.
> I cannot say if it is in Leopard or even Tiger.
>
> By the way: Dual stacked, with a static IPv4 and IPv6 address and an
> autoconfigured IPv6 address it is quite "funny" which address gets
> selected when surfing the web: When surfing to "whatismyipv6.net" the
> site displays my IPv4 address. When surfing to "six.heise.de", the site
> is reached without a problem. When surfing to "sixxs.net" the site
> displays my autoconfigured IPv6 address - after hitting "reload" a few
> times, my IPv4 address gets displayed and stays there for each
> subsequent reload request.
>
> To get through the IPv6 firewall and host.allow to our servers where
> only my static /128 address is allowed I have found a workaround on
> Mac:
> use ssh with "ssh -6 -b <mystaticIPv6> <ipv6enabledhost>.
>
> I hate it when Win XP is capable of doing one thing better than the
> Mac;-)

It depends on your definition of "better". If your definition is
"prefer IPv6", you are right that OSX Lion's algorithm fails. If
your definition is "connect to whichever is fastest", OSX Lion's
algorithm wins.

Right now, on effectively every network in the world, there is
no user-noticable advantage to using IPv6 over IPv4. Users don't
care if their connection to Google/Facebook/Yahoo is IPv6 or IPv4,
and nothing different happens to the user -- they don't get
additional cows for their games, they don't get IPv6 coupons for
the pizza place down the road.

I agree that IPv6 should be preferred -- see what Andrew and I
wrote at
http://tools.ietf.org/html/draft-ietf-v6ops-happy-eyeballs-06#section-4.1

However, I also understand why Apple's algorithm works the
way it does -- because, today, there is no difference in the
application resources accessed over IPv4 or IPv6.

IMO, Apple will keep their existing algorithm until those IPv4
connections provide a worse application-level service than IPv6.
For example, the user cannot get a location-specific feature on
IPv4 but can get a location-specific feature via IPv6. Once
IPv4 address sharing happens at an ISP, IPv6 for those subscribers
will have the opportunity to provide a better application-level
experience than IPv4, due to the additional location resolution
available with IPv6 prefixes compared to the aggregation of
users behind an IPv4 address sharing device. ("IPv4 address
sharing" is any combination of Carrier Grade NAT, 4rd, Dual-
IVI, A+P, and the other proposals to share IPv4 addresses
between subscribers.)

-d

> Any other comment and suggestion very welcome!
>
> Kind regards,
> Christoph
>
>
> Am 15.12.2011 11:19, schrieb Mohacsi Janos:
> > Dear Chirstoph,
> > You achieved the prefer source address selection with tweaking
> the
> > RFC 3484 (http://tools.ietf.org/html/rfc3484) policy table on Linux
> > and Windows. According to some tests RFC3484 was implemented in some
> > extent on Mac OS X Lion, but maybe more the Happy-Eye-Ball
> > (http://tools.ietf.org/html/draft-ietf-v6ops-happy-eyeballs) . But
> > seems to me that RFC3484 policy table setting utility (ip6addrctl) is
> > missing from Lion. It seems that Lion is using non-temporary
> > autoconfigured addresses as a source for some destination prefixes,
> > and temporary autoconfigured addresses as source for some other
> > destination prefixes. Maybe Lion kernel is deciding on /48 boundary
> if
> > use or not to use temporary address - according to some tests done by
> > me - but it is not documented. Some guess work already done:
> > http://lists.apple.com/archives/Ipv6-dev/2011/Jul/msg00009.html
> >
> > Janos Mohacsi
> > Head of HBONE+ project
> > Network Engineer, Deputy Director of Network Planning and Projects
> > NIIF/HUNGARNET, HUNGARY
> > Key 70EF9882: DEC2 C685 1ED4 C95A 145F 4300 6F64 7B00 70EF 9882
> >
> > On Wed, 14 Dec 2011, Christoph Stahl wrote:
> >
> >> Hi there,
> >>
> >> I like to share with you an interesting problem. Maybe someone on
> this
> >> mailinglist has already found a solution to this. I googled for
> hours
> >> but did not find anything helpfull.
> >>
> >> The setup is a Macbook Pro running Lion with native IPv4 and IPv6
> >> connectivity at our office connected by Gigabitethernet.
> >>
> >> The goal is to use a stateless autoconfigured IPv6 Adress to "surf
> the
> >> the internet" and a statically configured IPv6 Adress to reach the
> IPv6
> >> (or dual stacked) hosts that use IPs belonging to our assigned
> >> IPv6-prefix. So that we can configure the static "admin" IPv6
> address in
> >> firewalls or host.allows, but surf the web with all the benefits of
> the
> >> automatic privacy extension.
> >>
> >> I figured out how to get a static AND a dynamic IPv6 on my Mac:
> >> In the system preferences I duplicated the ethernet Interface and
> gave
> >> the duplicates speaking names. One instance gets a fixed IPv4 and a
> >> fixed IPv6 address. The other instance gets no IPv4 address, but an
> >> "automatic" IPv6 address.
> >>
> >> Using "ifconfig en0" I can verify that two IPv6 Adresses have been
> >> assigned to the interface, as planned.
> >> But no matter what, when coonecting to an IPv6 host, the dynamic
> IPv6 is
> >> used.
> >>
> >> On Windows XP on a different hardware I can select which address to
> use
> >> for reaching our prefix by
> >>
> >> netsh interface ipv6 reset
> >> netsh interface ipv6 add address "LAN-Verbindung"
> >> 2001:db8:0:<staticIPs>:111:: store=persistent
> >> netsh interface ipv6 add prefixpolicy
> >> 2001:db8:0:<staticIPs>:111::/128 69 666
> >> netsh interface ipv6 add prefixpolicy 2001:db8::/32 70 666
> >> netsh interface ipv6 add prefixpolicy 2001:db8:0:<dynamicIPs>::/64
> 71
> >> 777
> >> netsh interface ipv6 add prefixpolicy 2000::/3 72 777
> >> netsh interface ipv6 add prefixpolicy ::/0 50 777
> >>
> >>
> >> On Debian Linux, one can achieve this with
> >>
> >> iface eth0 inet6 static
> >> address 2001:db8:0:<staticIPs>:111::
> >> netmask 64
> >> gateway fe80::1
> >>
> >> pre-up sysctl net.ipv6.conf.eth0.autoconf=1
> >> pre-up sysctl net.ipv6.conf.eth0.use_tempaddr=2
> >> pre-up sysctl net.ipv6.conf.eth0.accept_ra=1
> >> # Label 1 ist vordefiniert als ::/0
> >> post-up ip addrlabel add prefix 2001:db8:0:<dynamicIPs>::/64 label
> >> 1 || true
> >> post-up ip addrlabel add prefix 2001:db8::/32 label
> >> 666 || true
> >>
> >>
> >>
> >>
> >> Sadly, there is no netsh on mac os x (Ok, that is a good thing!).
> And
> >> there is no "ip"-command.
> >>
> >> Does anybody know how to achieve this goal on Mac?
> >>
> >> I really hope there is a solution. Any hints and help will be
> greatly
> >> appreciated!
> >>
> >> Have a nice day,
> >>
> >> Regards,
> >> Christoph
> >>

eric at cirr

Dec 15, 2011, 10:45 AM

Post #6 of 17 (2508 views)
Permalink

Re: IPv6 Source Address Selection on Mac OS X Lion [In reply to]

Mohacsi Janos writes:
- On Thu, 15 Dec 2011, Christoph Stahl wrote:
- > Its hard to believe, that there might be no way to achieve that on Mac,
- > when there are obvious ways for Win and Linux. You mention the command
- > "ip6addrctl". This command is not in Lion, but also not in Snow Leopard.
- > I cannot say if it is in Leopard or even Tiger.
-
- Since Max OS X has strong root in *BSD, and all the *BSD is using
- "ip6addrctl" to setup policy table, we might expect ip6addrctl on Mac OS
- X also. Not there for any Mac OS X until now.

You're stretching in saying "all the *BSD is using".

As far as I am aware, only FreeBSD is using ip6addrctl, and that
occurred at some point after MacOS X was created from the FreeBSD
userland. (much of the original MacOS X PPC kernel land came from
NetBSD, merged into NextOS's MACH kernel)

--
Eric Schnoebelen eric [at] cirr http://www.cirr.com
"Women and cats will do as they please; men and dogs should
relax and get used to it." -- Robert Heinlein

mohacsi at niif

Dec 15, 2011, 1:57 PM

Post #7 of 17 (2517 views)
Permalink

RE: IPv6 Source Address Selection on Mac OS X Lion [In reply to]

On Thu, 15 Dec 2011, Dan Wing wrote:

>> -----Original Message-----
>> From: ipv6-ops-bounces+dwing=cisco.com [at] lists [mailto:ipv6-
>> ops-bounces+dwing=cisco.com [at] lists] On Behalf Of Christoph
>> Stahl
>> Sent: Thursday, December 15, 2011 4:51 AM
>> To: ipv6-ops [at] lists
>> Subject: Re: IPv6 Source Address Selection on Mac OS X Lion
>>
>> Dear Janos,
>>
>> thanks very much for your input! Happy-Eye-Balls handles more what
>> should happen when you are dual-stacked and the IPv6 target is not
>> reachable via IPv6. My problem is focused on the problem of selecting
>> the correct IPv6 source address for a given target-prefix.
>>
>> Its hard to believe, that there might be no way to achieve that on Mac,
>> when there are obvious ways for Win and Linux. You mention the command
>> "ip6addrctl". This command is not in Lion, but also not in Snow
>> Leopard.
>> I cannot say if it is in Leopard or even Tiger.
>>
>> By the way: Dual stacked, with a static IPv4 and IPv6 address and an
>> autoconfigured IPv6 address it is quite "funny" which address gets
>> selected when surfing the web: When surfing to "whatismyipv6.net" the
>> site displays my IPv4 address. When surfing to "six.heise.de", the site
>> is reached without a problem. When surfing to "sixxs.net" the site
>> displays my autoconfigured IPv6 address - after hitting "reload" a few
>> times, my IPv4 address gets displayed and stays there for each
>> subsequent reload request.
>>
>> To get through the IPv6 firewall and host.allow to our servers where
>> only my static /128 address is allowed I have found a workaround on
>> Mac:
>> use ssh with "ssh -6 -b <mystaticIPv6> <ipv6enabledhost>.
>>
>> I hate it when Win XP is capable of doing one thing better than the
>> Mac;-)
>
> It depends on your definition of "better". If your definition is
> "prefer IPv6", you are right that OSX Lion's algorithm fails. If
> your definition is "connect to whichever is fastest", OSX Lion's
> algorithm wins.
>
> Right now, on effectively every network in the world, there is
> no user-noticable advantage to using IPv6 over IPv4. Users don't
> care if their connection to Google/Facebook/Yahoo is IPv6 or IPv4,
> and nothing different happens to the user -- they don't get
> additional cows for their games, they don't get IPv6 coupons for
> the pizza place down the road.
>
> I agree that IPv6 should be preferred -- see what Andrew and I
> wrote at
> http://tools.ietf.org/html/draft-ietf-v6ops-happy-eyeballs-06#section-4.1
>
> However, I also understand why Apple's algorithm works the
> way it does -- because, today, there is no difference in the
> application resources accessed over IPv4 or IPv6.
>
> IMO, Apple will keep their existing algorithm until those IPv4
> connections provide a worse application-level service than IPv6.
> For example, the user cannot get a location-specific feature on
> IPv4 but can get a location-specific feature via IPv6. Once
> IPv4 address sharing happens at an ISP, IPv6 for those subscribers
> will have the opportunity to provide a better application-level
> experience than IPv4, due to the additional location resolution
> available with IPv6 prefixes compared to the aggregation of
> users behind an IPv4 address sharing device. ("IPv4 address
> sharing" is any combination of Carrier Grade NAT, 4rd, Dual-
> IVI, A+P, and the other proposals to share IPv4 addresses
> between subscribers.)

I agree with Christoph: WinXP you can setup source address selection rules
for using temporary addresses for certain destiantion prefixes. In Mac OS
X you cannot control that. Therefore WinXP can follow BETTER the
local administrative policy of address usage.

Happy-Eye-Ball can be good for end user point of view, but a kind of
nightmare for user support point of view. There is no consistent way to
determine which IP transport in use - which one to debug. Except if there
is some knobs in every applications to prefer IPv6 transport or IPv4
transport....

Best Regards,
Janos Mohacsi

>
> -d
>
>> Any other comment and suggestion very welcome!
>>
>> Kind regards,
>> Christoph
>>
>>
>> Am 15.12.2011 11:19, schrieb Mohacsi Janos:
>>> Dear Chirstoph,
>>> You achieved the prefer source address selection with tweaking
>> the
>>> RFC 3484 (http://tools.ietf.org/html/rfc3484) policy table on Linux
>>> and Windows. According to some tests RFC3484 was implemented in some
>>> extent on Mac OS X Lion, but maybe more the Happy-Eye-Ball
>>> (http://tools.ietf.org/html/draft-ietf-v6ops-happy-eyeballs) . But
>>> seems to me that RFC3484 policy table setting utility (ip6addrctl) is
>>> missing from Lion. It seems that Lion is using non-temporary
>>> autoconfigured addresses as a source for some destination prefixes,
>>> and temporary autoconfigured addresses as source for some other
>>> destination prefixes. Maybe Lion kernel is deciding on /48 boundary
>> if
>>> use or not to use temporary address - according to some tests done by
>>> me - but it is not documented. Some guess work already done:
>>> http://lists.apple.com/archives/Ipv6-dev/2011/Jul/msg00009.html
>>>
>>> Janos Mohacsi
>>> Head of HBONE+ project
>>> Network Engineer, Deputy Director of Network Planning and Projects
>>> NIIF/HUNGARNET, HUNGARY
>>> Key 70EF9882: DEC2 C685 1ED4 C95A 145F 4300 6F64 7B00 70EF 9882
>>>
>>> On Wed, 14 Dec 2011, Christoph Stahl wrote:
>>>
>>>> Hi there,
>>>>
>>>> I like to share with you an interesting problem. Maybe someone on
>> this
>>>> mailinglist has already found a solution to this. I googled for
>> hours
>>>> but did not find anything helpfull.
>>>>
>>>> The setup is a Macbook Pro running Lion with native IPv4 and IPv6
>>>> connectivity at our office connected by Gigabitethernet.
>>>>
>>>> The goal is to use a stateless autoconfigured IPv6 Adress to "surf
>> the
>>>> the internet" and a statically configured IPv6 Adress to reach the
>> IPv6
>>>> (or dual stacked) hosts that use IPs belonging to our assigned
>>>> IPv6-prefix. So that we can configure the static "admin" IPv6
>> address in
>>>> firewalls or host.allows, but surf the web with all the benefits of
>> the
>>>> automatic privacy extension.
>>>>
>>>> I figured out how to get a static AND a dynamic IPv6 on my Mac:
>>>> In the system preferences I duplicated the ethernet Interface and
>> gave
>>>> the duplicates speaking names. One instance gets a fixed IPv4 and a
>>>> fixed IPv6 address. The other instance gets no IPv4 address, but an
>>>> "automatic" IPv6 address.
>>>>
>>>> Using "ifconfig en0" I can verify that two IPv6 Adresses have been
>>>> assigned to the interface, as planned.
>>>> But no matter what, when coonecting to an IPv6 host, the dynamic
>> IPv6 is
>>>> used.
>>>>
>>>> On Windows XP on a different hardware I can select which address to
>> use
>>>> for reaching our prefix by
>>>>
>>>> netsh interface ipv6 reset
>>>> netsh interface ipv6 add address "LAN-Verbindung"
>>>> 2001:db8:0:<staticIPs>:111:: store=persistent
>>>> netsh interface ipv6 add prefixpolicy
>>>> 2001:db8:0:<staticIPs>:111::/128 69 666
>>>> netsh interface ipv6 add prefixpolicy 2001:db8::/32 70 666
>>>> netsh interface ipv6 add prefixpolicy 2001:db8:0:<dynamicIPs>::/64
>> 71
>>>> 777
>>>> netsh interface ipv6 add prefixpolicy 2000::/3 72 777
>>>> netsh interface ipv6 add prefixpolicy ::/0 50 777
>>>>
>>>>
>>>> On Debian Linux, one can achieve this with
>>>>
>>>> iface eth0 inet6 static
>>>> address 2001:db8:0:<staticIPs>:111::
>>>> netmask 64
>>>> gateway fe80::1
>>>>
>>>> pre-up sysctl net.ipv6.conf.eth0.autoconf=1
>>>> pre-up sysctl net.ipv6.conf.eth0.use_tempaddr=2
>>>> pre-up sysctl net.ipv6.conf.eth0.accept_ra=1
>>>> # Label 1 ist vordefiniert als ::/0
>>>> post-up ip addrlabel add prefix 2001:db8:0:<dynamicIPs>::/64 label
>>>> 1 || true
>>>> post-up ip addrlabel add prefix 2001:db8::/32 label
>>>> 666 || true
>>>>
>>>>
>>>>
>>>>
>>>> Sadly, there is no netsh on mac os x (Ok, that is a good thing!).
>> And
>>>> there is no "ip"-command.
>>>>
>>>> Does anybody know how to achieve this goal on Mac?
>>>>
>>>> I really hope there is a solution. Any hints and help will be
>> greatly
>>>> appreciated!
>>>>
>>>> Have a nice day,
>>>>
>>>> Regards,
>>>> Christoph
>>>>
>
>

mohacsi at niif

Dec 15, 2011, 2:28 PM

Post #8 of 17 (2538 views)
Permalink

Re: IPv6 Source Address Selection on Mac OS X Lion [In reply to]

On Thu, 15 Dec 2011, Eric Schnoebelen wrote:

>
> Mohacsi Janos writes:
> - On Thu, 15 Dec 2011, Christoph Stahl wrote:
> - > Its hard to believe, that there might be no way to achieve that on Mac,
> - > when there are obvious ways for Win and Linux. You mention the command
> - > "ip6addrctl". This command is not in Lion, but also not in Snow Leopard.
> - > I cannot say if it is in Leopard or even Tiger.
> -
> - Since Max OS X has strong root in *BSD, and all the *BSD is using
> - "ip6addrctl" to setup policy table, we might expect ip6addrctl on Mac OS
> - X also. Not there for any Mac OS X until now.
>
> You're stretching in saying "all the *BSD is using".
>
> As far as I am aware, only FreeBSD is using ip6addrctl, and that
> occurred at some point after MacOS X was created from the FreeBSD
> userland. (much of the original MacOS X PPC kernel land came from
> NetBSD, merged into NextOS's MACH kernel)

Sorry probably I stretched wrongly the "ip6addrctl" availability to all
*BSD. Recently when I used NetBSD or OpenBSD it was patched with KAME. I
expected the all the KAME userland was imported to NetBSD and OpenBSD
including ip6addrctl. I see I was wrong:
http://mail-index.netbsd.org/tech-net/2011/11/26/msg003021.html

Also expected gradual merging of FreeBSD userland changes to Mac OS X....

I see some interesting source:
http://opensource.apple.com/source/network_cmds/network_cmds-356.8/ip6addrctl.tproj/

Best Regards,
Janos Mohacsi

visser at terena

Dec 15, 2011, 3:37 PM

Post #9 of 17 (2513 views)
Permalink

Re: IPv6 Source Address Selection on Mac OS X Lion [In reply to]

Hi Christoph

On 2011-12-14 15:00, Christoph Stahl wrote:
> The goal is to use a stateless autoconfigured IPv6 Adress to "surf the
> the internet" and a statically configured IPv6 Adress to reach the IPv6
> (or dual stacked) hosts that use IPs belonging to our assigned
> IPv6-prefix. So that we can configure the static "admin" IPv6 address in
> firewalls or host.allows, but surf the web with all the benefits of the
> automatic privacy extension.

Maybe I misunderstand the problem, but why don't you dedicate a /64 to
the "admin" network, use autoconfigured addresses, and filter the /64 in
firewalls/hosts.allows?
That would mean less configuration, and easier filtering.

Cheers,

--
Dick Visser
System & Network Engineer
TERENA Secretariat
Singel 468D, 1017 AW Amsterdam
The Netherlands
T +31 20 530 44 88 F +31 20 530 44 99
visser [at] terena | www.terena.org

Attachments:

smime.p7s (6.54 KB)

cstahl at netcologne

Dec 16, 2011, 12:35 AM

Post #10 of 17 (2485 views)
Permalink

Re: IPv6 Source Address Selection on Mac OS X Lion [In reply to]

> I agree with Christoph: WinXP you can setup source address selection
> rules for using temporary addresses for certain destiantion prefixes.
> In Mac OS X you cannot control that. Therefore WinXP can follow BETTER
> the local administrative policy of address usage.
>
> Happy-Eye-Ball can be good for end user point of view, but a kind of
> nightmare for user support point of view. There is no consistent way
> to determine which IP transport in use - which one to debug. Except if
> there is some knobs in every applications to prefer IPv6 transport or
> IPv4 transport....
>
> Best Regards,
> Janos Mohacsi
That is exactly my point: it is not about the prefered use of IPv4 vs
IPv6. It is selecting the right source IPv6 address (when there are two:
a static and a dynamic/autogenerated one) for a specified target IPv6
prefix (network). So that our administrative goals can be fulfilled.

And I am searching for a way of achieving the same on a Mac what can be
done on Linux, Windows (XP!) and probably freeBSD.

Regards,

Christoph

cstahl at netcologne

Dec 16, 2011, 4:23 AM

Post #11 of 17 (2486 views)
Permalink

Re: IPv6 Source Address Selection on Mac OS X Lion [In reply to]

Hi Dick,

because then you cannot find out which admin IP belongs to which admin
when looking at your logs. And then access to the layer 2 would bring
access through firewalls/host.allows. So its security and
operational/"administrational" reason behind this design.

There is one or maybe little more admin-IPv6-addresses per admin: Each
should be configured in the firewall. Of course there is a little
operational overhead but we consider it worth it.

And then: If you want to surf the internet you want such a thing as
privacy extension. So we see the need for having both: static IPs for
administartion of our hardware and private autoconfigured ones for
access everything that is not ours.

@Janos:
What is that apple opensource sourcecode - very interesting find!? Does
it built to a working ip6addrctl tool? Have you tried - has anyone?

Best regards,

Christoph

Am 16.12.2011 00:37, schrieb Dick Visser:
> Hi Christoph
>
> On 2011-12-14 15:00, Christoph Stahl wrote:
>> The goal is to use a stateless autoconfigured IPv6 Adress to "surf the
>> the internet" and a statically configured IPv6 Adress to reach the IPv6
>> (or dual stacked) hosts that use IPs belonging to our assigned
>> IPv6-prefix. So that we can configure the static "admin" IPv6 address in
>> firewalls or host.allows, but surf the web with all the benefits of the
>> automatic privacy extension.
> Maybe I misunderstand the problem, but why don't you dedicate a /64 to
> the "admin" network, use autoconfigured addresses, and filter the /64 in
> firewalls/hosts.allows?
> That would mean less configuration, and easier filtering.
>
> Cheers,
>

gert at space

Dec 16, 2011, 10:05 AM

Post #12 of 17 (2478 views)
Permalink

Re: IPv6 Source Address Selection on Mac OS X Lion [In reply to]

Hi,

On Thu, Dec 15, 2011 at 09:31:42AM -0800, Dan Wing wrote:
> It depends on your definition of "better". If your definition is
> "prefer IPv6", you are right that OSX Lion's algorithm fails. If
> your definition is "connect to whichever is fastest", OSX Lion's
> algorithm wins.

"consistent behaviour". And this is where Lion fails, because it
flip-flops back and forth between protocols even if nothing changes
in the network.

> Right now, on effectively every network in the world, there is
> no user-noticable advantage to using IPv6 over IPv4. Users don't
> care if their connection to Google/Facebook/Yahoo is IPv6 or IPv4,
> and nothing different happens to the user -- they don't get
> additional cows for their games, they don't get IPv6 coupons for
> the pizza place down the road.

Operators care, because for debugging, "I'll do IPv6 today and IPv4
tomorrow, and there is no way to influence preference" is a nightmare.

Gert Doering
-- NetMaster
--
have you enabled IPv6 on something today...?

SpaceNet AG Vorstand: Sebastian v. Bomhard
Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279

mark at exonetric

Dec 16, 2011, 10:11 AM

Post #13 of 17 (2482 views)
Permalink

Re: IPv6 Source Address Selection on Mac OS X Lion [In reply to]

On 16 Dec 2011, at 18:05, Gert Doering wrote:

> Hi,
>
> On Thu, Dec 15, 2011 at 09:31:42AM -0800, Dan Wing wrote:
>> It depends on your definition of "better". If your definition is
>> "prefer IPv6", you are right that OSX Lion's algorithm fails. If
>> your definition is "connect to whichever is fastest", OSX Lion's
>> algorithm wins.
>
> "consistent behaviour". And this is where Lion fails, because it
> flip-flops back and forth between protocols even if nothing changes
> in the network.

Isn't this behaviour what Chrome does too?

http://src.chromium.org/viewvc/chrome?view=rev&revision=85934

gert at space

Dec 16, 2011, 10:13 AM

Post #14 of 17 (2480 views)
Permalink

Re: IPv6 Source Address Selection on Mac OS X Lion [In reply to]

Hi,

On Fri, Dec 16, 2011 at 06:11:11PM +0000, Mark Blackman wrote:
> > On Thu, Dec 15, 2011 at 09:31:42AM -0800, Dan Wing wrote:
> >> It depends on your definition of "better". If your definition is
> >> "prefer IPv6", you are right that OSX Lion's algorithm fails. If
> >> your definition is "connect to whichever is fastest", OSX Lion's
> >> algorithm wins.
> >
> > "consistent behaviour". And this is where Lion fails, because it
> > flip-flops back and forth between protocols even if nothing changes
> > in the network.
>
> Isn't this behaviour what Chrome does too?
>
> http://src.chromium.org/viewvc/chrome?view=rev&revision=85934

on a network where IPv4 and IPv6 have the same (or close) RTTs, chrome
will *consistently* pick IPv6. Not "sometimes IPv6, sometimes IPv4".

Big difference.

The general idea of HE is good. HE-in-Lion a step backward.

Gert Doering
-- NetMaster
--
have you enabled IPv6 on something today...?

SpaceNet AG Vorstand: Sebastian v. Bomhard
Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279

peirce at maine

Dec 16, 2011, 10:27 AM

Post #15 of 17 (2501 views)
Permalink

RE: IPv6 Source Address Selection on Mac OS X Lion [In reply to]

Here's a recent article on the use of HappyEyeballs Chrome/Apple
implementations which also includes a post from
an Apple engr mentioning that Lion's 3484 policy table is readOnly.

https://labs.ripe.net/Members/emileaben/hampered-eyeballs

-----Original Message-----
From: ipv6-ops-bounces+peirce=maine.edu [at] lists
[mailto:ipv6-ops-bounces+peirce=maine.edu [at] lists] On Behalf Of
Gert Doering
Sent: Friday, December 16, 2011 1:13 PM
To: Mark Blackman
Cc: 'Christoph Stahl'; Gert Doering; Dan Wing; ipv6-ops [at] lists
Subject: Re: IPv6 Source Address Selection on Mac OS X Lion

Hi,

On Fri, Dec 16, 2011 at 06:11:11PM +0000, Mark Blackman wrote:
> > On Thu, Dec 15, 2011 at 09:31:42AM -0800, Dan Wing wrote:
> >> It depends on your definition of "better". If your definition is
> >> "prefer IPv6", you are right that OSX Lion's algorithm fails. If
> >> your definition is "connect to whichever is fastest", OSX Lion's
> >> algorithm wins.
> >
> > "consistent behaviour". And this is where Lion fails, because it
> > flip-flops back and forth between protocols even if nothing changes
> > in the network.
>
> Isn't this behaviour what Chrome does too?
>
> http://src.chromium.org/viewvc/chrome?view=rev&revision=85934

on a network where IPv4 and IPv6 have the same (or close) RTTs, chrome will
*consistently* pick IPv6. Not "sometimes IPv6, sometimes IPv4".

Big difference.

The general idea of HE is good. HE-in-Lion a step backward.

Gert Doering
-- NetMaster
--
have you enabled IPv6 on something today...?

SpaceNet AG Vorstand: Sebastian v. Bomhard
Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279

bzeeb-lists at lists

Dec 16, 2011, 5:50 PM

Post #16 of 17 (2477 views)
Permalink

Re: IPv6 Source Address Selection on Mac OS X Lion [In reply to]

On 16. Dec 2011, at 18:13 , Gert Doering wrote:

> Hi,
>
> On Fri, Dec 16, 2011 at 06:11:11PM +0000, Mark Blackman wrote:
>>> On Thu, Dec 15, 2011 at 09:31:42AM -0800, Dan Wing wrote:
>>>> It depends on your definition of "better". If your definition is
>>>> "prefer IPv6", you are right that OSX Lion's algorithm fails. If
>>>> your definition is "connect to whichever is fastest", OSX Lion's
>>>> algorithm wins.
>>>
>>> "consistent behaviour". And this is where Lion fails, because it
>>> flip-flops back and forth between protocols even if nothing changes
>>> in the network.

You want consistent behaviour? Do what I do.

>>
>> Isn't this behaviour what Chrome does too?
>>
>> http://src.chromium.org/viewvc/chrome?view=rev&revision=85934
>
> on a network where IPv4 and IPv6 have the same (or close) RTTs, chrome
> will *consistently* pick IPv6. Not "sometimes IPv6, sometimes IPv4".
>
> Big difference.
>
> The general idea of HE is good. HE-in-Lion a step backward.

The missing knob to turn it off sucks badly in either however and while I stop
caring myself I am seeing the problem you describe in dual-stacked networks for
others unfortunately and would love to have a switch to flip to get v6 first v4
then back (at least on demand).

Here, there is no IPv4 address anymore usually, a 127.1 on Lion.
The v4 link-local on XP doesn't seem to matter much currently for IE luckily
and on FreeBSD/PC-BSD the no-IPv4 stack does the job as well:) No decisions to
make for complex algorithms. Deterministic behaviour. User really happy.
Debugging is simpler. Problem solved. Good night.

/bz

--
Bjoern A. Zeeb You have to have visions!
It does not matter how good you are. It matters what good you do!

dwing at cisco

Dec 19, 2011, 11:17 AM

Post #17 of 17 (2439 views)
Permalink

RE: IPv6 Source Address Selection on Mac OS X Lion [In reply to]

> -----Original Message-----
> From: Mark Blackman [mailto:mark [at] exonetric]
> Sent: Friday, December 16, 2011 10:11 AM
> To: Gert Doering
> Cc: Dan Wing; 'Christoph Stahl'; ipv6-ops [at] lists
> Subject: Re: IPv6 Source Address Selection on Mac OS X Lion
>
>
> On 16 Dec 2011, at 18:05, Gert Doering wrote:
>
> > Hi,
> >
> > On Thu, Dec 15, 2011 at 09:31:42AM -0800, Dan Wing wrote:
> >> It depends on your definition of "better". If your definition is
> >> "prefer IPv6", you are right that OSX Lion's algorithm fails. If
> >> your definition is "connect to whichever is fastest", OSX Lion's
> >> algorithm wins.
> >
> > "consistent behaviour". And this is where Lion fails, because it
> > flip-flops back and forth between protocols even if nothing changes
> > in the network.
>
> Isn't this behaviour what Chrome does too?
>
> http://src.chromium.org/viewvc/chrome?view=rev&revision=85934

Chrome gives IPv6 a 300ms head start.

-d

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads