Download PDF 

May 12, 2011, Kuala Lumpur, Malaysia -- When a website is available only over IPv4, typically a single A record is published in DNS which maps the nodename (e.g. www.v4address.com) to the site's IPv4 address (e.g. 184.105.238.114). Client software (e.g. a web browser) queries DNS with the nodename. One IPv4 address is returned (in an A record), which the client application uses to actually connect to the site.

When a website is available over both IPv4 and IPv6 ("Dual Stack"), both an A record (which maps the nodename to an IPv4 address) and a AAAA ("Quad A") record (which maps the same nodename to an IPv6 address) are published in DNS. Client software queries DNS with the nodename, and gets back two records (the A and AAAA records). Current applications (assuming IPv6 is available) will first try connecting to the IPv6 address (it normally has top priority), and if that fails, it will then try connecting to the IPv4 address (after a 30-70 second timeout). This is called "serial connection" (one after the other). In some situations, a client application might think that IPv6 is available, but for whatever reason (firewall blocking, broken infrastructure, etc) it doesn't work. The result is a mysterious 30 to 70 second timeout before connecting to the site, which makes it look like the content provider's site is broken. In reality it is a problem in the client application's node or network.

Because of this problem, some content providers only advertise IPv4 address(es) for its primary nodename (e.g. www.provider.com). They publish a different nodename to access their content over IPv6 (e.g. ipv6.provider.com). This sends the wrong signal to the public and to other content providers, that IPv6 is "not yet ready for prime time". World IPv6 Day, on June 8, 2011, is an effort on the part of many organizations to try to dispel this impression.

Lawrence Hughes, CTO of InfoWeapons, at the request of the IPv6 Forum's IPv6 Enabled group (of which he is a member), has created sample C code that illustrates how to resolve this problem. It uses an advanced technique called non-blocking sockets to connect to all addresses published in DNS for a given nodename, simultaneously (in parallel), rather than one at a time (serially). If client applications are modified to use this approach, then the "mysterious timeout" problem will go away, and content providers can safely publish both IPv4 and IPv6 addresses for their primary nodenames. This will hopefully make World IPv6 Day more successful.

There is another issue regarding accepting connections on both IPv4 and IPv6 in a server using "IPv4-mapped IPv6 addresses". This addressing scheme has been deprecated by the IETF due to security and other concerns. We have also included sample C code (for FreeBSD and Linux) that shows the correct way to accept connections from both IPv4 and IPv6 clients, again using non-blocking sockets. This sample is the source code for the dual stack telnet autoresponder (telar) which runs on www.v6address.com. You can experience the telnet autoresponder by connecting to either www.v4address.com or www.v6address.com with any telnet client. It will display the address from which you connected (IPv4 or IPv6) and disconnect.

This code in C (for FreeBSD and Linux) is available for free (under the Modified BSD license) at www.v6address.com (over both IPv4 and IPv6), along with other useful information and tools for organizations that are now deploying IPv6. Look under the "How To" section for this sample code and detailed explanation. InfoWeapons encourages others to port this code to other platforms. If you do so, we will be glad to add it (with credits) to our www.v6address.com site. We recommend use of the Modified BSD license as opposed to any of the GPL licenses, so that commercial companies can make full use of such code without compromising one of the most valuable assets (their source code).

Latif Ladid, President of the IPv6 Forum, commented: "The IPv6 Forum welcomes the free sharing of code like this that demonstrates a better way of doing things with IPv6. This particular code can improve the functionality of a wide class of IPv6 enabled client software and accelerate the support of IPv6 by content providers."

For further information on IPv6, including labs that talk you through creating a full dual stack testbed network using only open source software, generic PCs and free tunneled service, download Lawrence Hughes' free 300+ page book "The Second Internet: Reinventing Computer Networks with IPv6". This is available from various sites, including www.secondinternet.org, www.ipv6forum.org and www.apnic.net. This book has been downloaded hundreds of thousands of times and is helping advance IPv6 adoption worldwide.

InfoWeapons is celebrating our 7th anniversary (we opened our doors on Cinco de Mayo, 2004). We have been running production dual stack networks since then, and our websites (including www.infoweapons.com) and email have been available on both IPv4 and IPv6 for more than five years. Lawrence Hughes commented: "We welcome some of our competitors who have finally made their sites available on IPv6 this year to the Second Internet, and encourage those who have not yet done so to get onboard!"

About InfoWeapons

InfoWeapons delivers future-proof technology solutions that are secure, intuitive and reliable. The company creates next-generation, fully IPv6-compliant networking appliance products such as SolidDNS™, SolidPBX™ and SolidWall™.

Since 2004, InfoWeapons has been helping governments and enterprises begin supporting IPv6 in their networks. The company has since formalized and structured its efforts, culminating in its IPv6 Forum Education Certification Program, which includes instructor-led training and hands-on laboratory sessions for software engineers, programmers and computer security engineers.

The InfoWeapons Testing Laboratory, one of only a handful of official IPv6 Ready Logo Program testing centers in the world, is authorized to test products that support IPv6 and certify them as "IPv6 Ready" as defined by the IPv6 Forum Ready Logo Program Committee. Both SolidDNS™ and SolidPBX™ network appliances carry the IPv6-Ready Gold Certification logos of the committee. Many organizations and governments now accept this certification as proof that the products bearing it are fully compliant with all relevant standards, and will correctly interoperate with other vendor’s products.

For more information about InfoWeapons and its products and services, please call +1 (703) 291-1200 or +1 (877) 480-1634 (U.S. Toll Free) or visit the company's website at www.infoweapons.com.