2

Currently I am connected to Internet over IPv4, I am using tunnel from sixxs.net and I have got subnet and one of IPv6 assigned to my eth0 interface.

So, eth0 has IPv4 and IPv6:

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
    link/ether 00:02:XX:XX:61:36 brd ff:ff:ff:ff:ff:ff
    inet XXX.XXX.0.22/24 brd XXX.XXX.0.255 scope global eth0
    inet6 2a01:XXXX:XXXX::1/64 scope global 
       valid_lft forever preferred_lft forever

When I am trying to connect to some eg. website which is IPv6 ready, it is fine, IPv6 is preferred, but If something happen and it's IPv6 is not available I would like to have fall-back to IPv4. Is that possible?

Or is possible to temporary force user IPv4 instead of IPv6 even if program does not support (eg. by -4 option)?

Ency
  • 1,231
  • 1
  • 19
  • 27

1 Answers1

3

This should already happen, as it's (meant to be) the default behaviour of the your network.

However, in practice, there are one or two small things that can get in the way. Here's how it works:

  1. You want to access a URL, let's say www.kame.net. Your DNS should request an AAAA as well as an A record.

  2. If an AAAA record is returned, then it attempts to connect to the IPv6 address.

  3. If no connection can be established (host offline, IPv6 connection down, etc), or no AAAA record exists, IPv4 is used instead.

Problems can occur in the following:

  1. An incorrectly configured, or old, DNS server that does not return AAAA addresses will mean that IPv6 is never used.

  2. An incorrectly configured IPv6 network (e.g. having a routable IPv6 address (not a link-local address) but no RA's have been discovered, or the RA is not actually connected to the internet, then the TCP/IP stack can take up to 90 seconds to time out and fail back to IPv4, rendering it virtually useless.

If you are writing your own application that does its own DNS lookups, this is also the behaviour you should write into your application. If this is also the case though, then supporting IPv6 is a bit more complicated than just that (for example, our log parser, built on IPv4 had a fixed-sied, 32-bit field for IP address. That of course broke when we implemented our first IPv6 network).

Mark Henderson
  • 68,823
  • 31
  • 180
  • 259
  • 1
    +1 Spot on. The 90 second delay is why many sites do not want to publish AAAA records. It makes them seem unresponsive to everybody with broken IPv6 installations. – pehrs Mar 06 '11 at 11:33
  • Well, let me be more specific, when I am using `aptitude update`, I can see servers are resolved and IPv6 is returned, but sometimes server `cz.archive.ubuntu.com` is not resolved and program stuck, it won't fallback to IPv4. Shall I assume it's `aptitude`'s bug or network configuration error? – Ency Mar 06 '11 at 13:24
  • @Ency - it's impossible to say. What I'd suggest is doing a packet capture and analysing it with something like Wireshark. It will be able to show you exactly what's going on, and whether or not an IPv6 connection is being attempted or not. – Mark Henderson Mar 06 '11 at 20:40