Sean Rozekrans.

Address Space Oddities.

IPv6 has been on the network cards for a while. Are we there yet?

It is now seven years since IPv4 addresses have been exhausted and we are inching ever closer to two decades of IPv6 availability. Are we there yet?

IPv6 is in some ways a lot easier, but as with everything, new things have to be learnt. Over the past couple of years I have seen a lot of oddities on the road to a fully qualified IPv6 network.

There is tremendous news though. For my personal network I run a local DNS server. Doing so gives me lots of interesting statistics. One of them is the percentage of requests for AAAA records, which are hostnames that have an IPv6 address.

Just recently the percentage of IPv6 requests exceeded those of IPv4 by a small margin for the first time since running these statistics. IPv6 is gaining ground, albeit slowly.

I am using requests rather than traffic amount, as it is a more fair way of seeing how far the transition is so far.

Now, there are a couple of important things to realise here. First, this is not an entirely scientific tests. A lot of DNS requests are not done on purpose. For example, opening a given website sends out lots of requests to lots of different hostnames, without asking.

I also made some changes to my network that possibly increased the percentage slightly. For many years I had my DHCP server serve up both an IPv4 and an IPv6 address of the DNS server, mainly for compatibility reasons.

A DNS server can resolve hostnames for both protocols regardless of which protocol it is connected from. So, once all clients on the network have at least a working link‑local address IPv4 is not actually necessary.

Most clients will default to IPv6, but typically send out requests to both IPs and sometimes the IPv4 can be quicker to reply. It is the luck of the draw. But, these days I only need the IPv6 IP since everything just works right.

I have to run a separate DHCP server, to replace from the one that my router supplies. Turns out there is a bug in the firmware of the router.

I need to enter a custom DNS server, since my DNS server runs on Linux. When I enter the IPv6 address in the router’s DHCP server settings it will crash and endlessly reboot. The only way to fix it is to do a factory reset which wipes out all settings.

So the natural thing is to swap out the router for something better. But for the moment I am running a DHCP server that is not as buggy, and then disable the router’s DHCP server. The other IPv6 related functionality of the router still works as needed.

The same cannot be said for Apple and Android systems. Both have incomplete implementations.

Bad Software.

Bad Software. Address Delegation. Final Thoughts.

Try browsing to an IPv6 address in Safari. You do this by surrounding the IPv6 address with [square brackets]. If you do this in any other major browser it will try to connect to the website. Safari will perform a search. It makes no sense. This issue has been present in every version of Safari on both Mac and mobile.

This is a big problem if you want to access your router by IPv6 if it does not have a hostname, for example when you are having DNS problems. You have to hope you have another way of opening the website, because you will probably not be able to download another browser.

Windows 2000, from the 90s, has IPv6 support. That is how long IPv6 has been around in commercial operating systems. As is common for Apple, they neglect what does not sell.

In the most recent version of their desktop operating system there are even more bugs. When you run your own DHCP server the client is supposed to send its hostname. In High Sierra this works, but only for IPv4. What this means is that no other clients on the the network can access your machine over IPv6.

This issue was not present in earlier versions. Also, if you have an IPv6‑only network, you cannot use local hostname resolving at all because of this bug. This is either a huge bug, or a huge oversight. SSL requires working hostnames. Thus, this bug prevents even more things from working.

And then there is Android. It does not support IPv6 enough to the point where much more gets broken.

IPv6 addresses can be assigned in two different ways. A typical IPv4 networking situation is where a DHCP server assigns IP addresses to clients on the network that request it. These are from a predefined pool. In IPv6 what is most similar to this setup is Stateful Configuration.

In the IPv4 example clients can also specify their own IP address and usually this does not give problems, but if it goes wrong IP address collisions can occur. IPv6 for its part has a network address neighbourhood concept which prevents this. It is a topic for another entry, but to keep it short and simple; no IP collisions should ever occur.

IPv6 also has Stateless Configuration. In this situation all clients provide their own IPv6 address. Again, with the neighbourhood system in place, collisions still do not occur. It is the best of both worlds. Or is it?

Both Stateless and Stateful Configuration can be used simultaneously in an IPv6 network.

Address Delegation.

Bad Software. Address Delegation. Final Thoughts.

An IPv4 address is made up of four segments, whereas an IPv6 address is made up of eight. It can have less segments by omitting leading zeroes. But it is not actually that more complicated.

A typical situation is where IPv6 addresses get delegated with a prefix based on the WAN address. Here is an example IP address.


The first part indicates address range. Here it is 2001 indicating it is connected to an Internet. Had it been say fe80, we would know that we are dealing with a link‑local network. You have become accustomed to knowing what 192.168 means, and this is IPv6’s version of ranges.

The next three segments are the WAN prefix. These segments on the IP address of the router are delegated, forwarded as it where, to any connecting hosts. Put differently, all IP addresses on the network that can connect to an Internet through the WAN, will have these three segments also.

In a Stateless Configuration the remaining segments are pseudo‑randomly made up (autoconf) by the clients. There are two addresses made up per client. One will be a temporary one, to help negotiate with the network. The second will be the address that is secured, and will be the one that connects to an Internet or another client on the network.

In some situations more IP addresses will be in use, but I will not go into that here. Regardless, the IPv6 system is clever enough to figure out which one is the correct one to use at a given time.

However, in a Stateful Configuration the router can assign an IP address from a give range. With leading zeroes trimmed, this can lead to a shorter address. Here is an example again.


Depending on network configurations, prefix lengths and some other factors, it may look different. But you get the idea. I personally prefer stateful assignments because they are easier to remember. As the prefix does not typically change, all I have to do is remember a single digit in this case.

Here is the problem though. Every client I have come across supports Stateless, but not all support Stateful, in particular Android because it does not support DHCPv6. Until this is the case, there is little benefit to running a network with a mix of Stateless and Stateful.

Final Thoughts.

Bad Software. Address Delegation. Final Thoughts.

IPv6 is a great technology. The more I work with it, the more I like how it works. A lot of the headaches of IPv4 networking go away. In the (near) future we will be able to do away with NAT, DHCP servers, and several other workarounds that were needed to scale IPv4 to where it had to go.

I have been slowly, but surely, making more of an effort to better manage my network also. Working with IPv6 means it pays of to have a properly thought out plan for DNS. My old DNS system was broken.

I could not look up hostnames of local machines on the network, and the public DNSv4 hosts were often set per client. And they were set to different ones on different machines. It was mess.

IPv6 is by no means perfect or easy. There is a reason it has taken so long to get here.

If I can get things working right, I intend to put up a local 6to4 tunnel on the network. If it works as intended I can then start to experimentally turn off IPv4 on some clients on the network. And in the future I can then turn off the tunnel and say goodbye to IPv4 in one fell swoop. That day is still far away though.

If you have never attempted anything with IPv6, I encourage you to start by trying to use DNS over IPv6. It is the safest way to dip your toes and it is fairly easy.

Or, if you have to copy files between two clients by direct wire (USB, FireWire, Thunderbolt) you can use just IPv6. Set one client’s address to ::1 and the other to ::2. That’s all it takes. IPv6 is incredibly handy.