It seems more and more operating systems are moving away from the IPv4-mapped IPv6 address transition mechanism and setting the socket option IPV6_V6ONLY by default.  Is it too soon for this?  Is this going to hurt IPv6 deployment?  Think about scared system administrators who deploy dual-stack and then find out later that all their IPv6-aware applications suddenly start rejecting IPv4 connections…

What are these IPv4-mapped IPv6 addresses that I speak of?  If you didn't click on the Wikipedia link above, it's part of a transitionary mechanism that allows applications to easily convert to a dual-stack model by listening on an IPv6 socket only.  With the transition mechanism in place, any application binding to :: will also cause the kernel to open up a corresponding listening socket on 0.0.0.0, allowing the application to listen on both IPv4 and IPv6.  Any IPv4 connections to the application will be seen as ::ffff:.  For example: ::ffff:192.168.1.1.  The IPV6_V6ONLY socket option disables this behavior.

Section 5.3 of RFC3493 apparently says the default option is off.  Does this mean that operating systems that enable IPV6_V6ONLY by default are violating the RFC?

FreeBSD enabled IPV6_V6ONLY a few years ago in the form of ipv6_ipv4mapping="NO" in /etc/default/rc.conf.  It's easy to disable by setting ipv6_ipv4mapping="YES" in /etc/rc.conf.  Debian recently added net.ipv6.bindv6only=1 in /etc/sysctl.d/bindv6only.conf as part of the netbase 4.40 upgrade.  This, of course, generated a bug report on the subject.  Rationale for the change, as listed in the bug report, is here.

For me, I need IPV6_V6ONLY disabled on both FreeBSD and Linux.  jabberd2 on FreeBSD has major dual-stack issues (I reported one of them awhile back, but it's yet to be fixed) and Courier IMAP on Linux seems to still rely IPV6_V6ONLY being off due to the presence of IPv4-mapped IPv6 addresses in all the logs.

New comments are currently disabled for this entry.