With the demise of Apple's own networking protocol AppleTalk, Apple's products are suffering from the same issue as anyone else's: the Internet is running out of addresses. Google, Facebook, Yahoo, Netflix, and others will permanently turn on IPv6 in less than a month with the World IPv6 Launch, so here's everything you need to know about IPv6. The short version? IPv6 has 79,228,162,514,264,337,593,543,950,336 times more addresses than the current IPv4.
Unlike Windows XP, which supports IPv6 if the user turns it on first, the protocol was turned on by default for Mac users as part of the OS X 10.2 Jaguar release in May 2002. This means that Macs running Jaguar (or later) will detect IPv6 routers on the local network and use those to talk IPv6 to the rest of the world. But even if there is no IPv6 router present, your Mac will have special IPv6 addresses for local use ("link local" addresses in IPv6 lingo), so those so inclined can do things like this in the Terminal:
$ ping6 nirrti.local. PING6(56=40+8+8 bytes) fe80::60c:ceff:fee3:1860%en0 --> fe80::21b:63ff:fe95:7d9b%en0 16 bytes from fe80::21b:63ff:fe95:7d9b%en0, icmp_seq=0 hlim=64 time=1.272 ms 16 bytes from fe80::21b:63ff:fe95:7d9b%en0, icmp_seq=1 hlim=64 time=3.391 ms 16 bytes from fe80::21b:63ff:fe95:7d9b%en0, icmp_seq=2 hlim=64 time=3.354 ms What I did above was use the IPv6 version of the ping command toward my other computer using its local name (hence the .local.).
Once the basic IPv6 foundations were there in Mac OS, Apple started adding IPv6 support to its applications. This was made easy by having the Cocoa network frameworks use IPv6 where available, so applications that interact with the network through these will automatically use IPv6 when appropriate. I believe that all of Apple's built-in applications now support IPv6. However, there is a slight caveat: several of these applications use logic that determines whether you're connected to the Internet or not. Safari seems to handle this well, and works without issue even when the system only has IPv6 connectivity but no IPv4. (At some point in the future this will be routine. Really!)
iChat Messages, on the other hand, will declare that the system isn't connected to the Internet when you manually turn off IPv4. It won't bother to even try to connect to (for instance) Google Talk, while it will do so over IPv6 when the system still has an IPv4 address. Or even when the system doesn't have an actual IPv4 address, but the IPv4 protocol is enabled as usual.
Avoiding broken IPv6
Because all the routers along the path between two IPv6 systems must be upgraded to provide "native" IPv6, most IPv6 connectivity was based on tunnels until recently. With a tunnel, an IPv6 packet is put inside an IPv4 packet so it can be forwarded by existing IPv4 routers until it reaches an IPv6-capable router again. Windows Vista and Windows 7 have IPv6 turned on out of the box, and will try to use the 6to4 or Teredo tunneling mechanisms to talk to the IPv6 Internet if they can't find a local IPv6 router. However, these tunneled packets are sometimes filtered and then the systems think they have IPv6... but it doesn't actually work.
To add insult to injury, Windows makes it exceedingly easy to share such broken IPv6 connectivity over Ethernet or WiFi, creating problems for all users of IPv6-enabled systems. In OS X 10.2 to 10.5, as with pretty much any other IPv6-capable system, IPv6 connectivity is preferred when the local machine has a "real" IPv6 address (not just a local one) and the destination has an IPv6 address in the DNS. So advertising broken IPv6 connectivity means the systems that pick up on that connectivity will try to use it preferentially over IPv4, to their detriment.
In late 2008, Google measurements showed that Apple users were ten times as likely to be IPv6-capable than Windows and Linux users. It's a result helped by 6to4 tunneling in Airport Extreme base stations, or AEBSes (discussed below). Another outcome of this test was that about one in a thousand systems had broken IPv6. Many large websites, such as Google, were reluctant to make themselves reachable over IPv6, because that way, systems would try to connect over IPv6 and not get anywhere. This would leave the user waiting for a timeout, after which the system retries over IPv4.
In response, operating systems started preferring IPv4 connectivity over tunneled IPv6 connectivity. In OS X, this change was made in the 10.6.5 update. But users waiting for applications to realize that IPv6 connections aren't going anywhere isn't exactly up to Apple's user experience standards. So with 10.6 Snow Leopard, Apple further introduced a mechanism that tried to determine whether IPv4 or IPv6 is faster, and then prefer to use that protocol.
During most of the reign of Snow Leopard, this "happy eyeballs" approach had an unexpected side effect. Sometimes sites wouldn't load at all when running IPv6-only, because the IPv6 connectivity was deemed insufficient. However, this issue seems to have been fixed in the 10.6.8 update. In 10.7 Lion, the eyeballs were made even happier because now the system will try to talk to a remote destination that has IPv6 and IPv4 over both protocols and then settle on the one that is fastest. What I see a lot is that a first connection uses IPv6, and then subsequent ones use IPv4, as my (tunneled) IPv6 at home is somewhat slower than my IPv4.
For most users, this is an improvement. If one protocol is slow or fails, the system will use the other, thus minimizing the amount of time you're staring at a non-responsive application. But the downside is that it's really hard to debug IPv6 (or IPv4) for connectivity issues. You have no idea which protocol version is being used for any particular connection. It would be great if Apple could add the mechanism that lets system administrators change the rules that govern IPv4 vs IPv6 preference (the RFC 3484 policy table), something already possible in other operating systems.
reader comments
95