Adventures in Tech: Dive on in, the IPv6 is lovely

Blub blub blub, no really it's great

  • alert
  • submit to reddit

Bridging the IT gap between rising business demands and ageing tools

Part 2 In the previous part I explored why you should limber up to IPv6 sooner rather than later, and now here's my experience actually walking the talk.

Importantly, mine is not a big-bang approach. I'm not trying to have everything perfect for IPv6 immediately, but rather I want to do just enough to be visible in the brave new world, safely, and tie up loose ends later as I go along.

I expect you to die, Localhost

First, I tackled an issue that'll make you bury your face in your palm: I mentioned in part one that, during development, using localhost rather than in my URLs when testing caused a messy Java stacktrace of doom - localhost was expanded to IPv6 address ::1.

So after a little time isolating that issue and similar ones where I used the generic Java InetAddress but actually assumed IPv4, and a sprinkling of unit tests to make sure that the bug should stay dead, I was done.

I spent maybe an hour or two tackling the main bug, but probably the rest of a day on some triage and holding fixes on less obvious stuff such as geo-locating users by their IP address, and even some simple frontline anti-denial of service attack code, which identifies potential troublemakers by a prefix of their IP address.

In IPv4 that network prefix is of variable length, but simply masking out the last (least significant) 8 to 10 bits does a reasonable job of pinning down individual (misbehaving) users or even companies/groups with fancy proxies that spread out their accesses across multiple outbound addresses, and without too much collateral damage.

In IPv6 the network part is fixed to be the first 64 bits (though you might still want to drop some of the tail end of that for various reasons), which makes things simpler, but still required me to expand my troublemaker lookup keys from 32-bit Integer to 64-bit Long. Something similar will be needed for the geo-location stuff, but no one will cry into their soup with my temporary fix just to disable it for IPv6 for now and let it continue as-is for IPv4.


What not to write! This example real code fragment will fail for IPv6 (though relatively cleanly) even though the method's signature misleadingly accepts any IP address.

Heavenly host

Next, I went to get IPv6 working on my slightly ageing Solaris 10 box co-located with Bogons. After discussion we decided to move my host into a new address range, though I then stupidly applied the old one which caused some head-scratching for a while. Even the smartest tech can be defeated by my idiocy.

That aside all that was really needed to put up my wanted static address was to create a file:


(bge0 being the name of the network interface device) and put in it the magic incantation:

addif WWWW:XXXX:YYYY:ZZZZ::2/64 up

where WWWW:XXXX:YYYY:ZZZZ is my 64-bit network prefix.

Then reboot.

Now pings in and out (eg to ipv6.google.com) work fine. Hello, world!

This is much less messing around than IPv4 even for a static server address; in particular no default route has to be set as that is auto-discovered in IPv6.

At this point I also added a new connector definition to my Tomcat server (in conf/server.xml) to bind to and accept the IPv6 connections as well as the existing IPv4, and brought up the new code and did some quick testing with the magic of a telnet to port 80 at the new IPv6 address.

<!-- Existing IPv4 connector. --> <Connector executor="tomcatThreadPool" port="80" address="" protocol="HTTP/1.1" enableLookups="false" /> <!-- New IPv6 connector. --> <Connector executor="tomcatThreadPool" port="80" address="WWWW:XXXX:YYYY:ZZZZ::2" protocol="HTTP/1.1" enableLookups="false" />

I did find some other latent bugs when I added that, and so did another quick release. And in fact I winkled out a few more bugs in a few rapid rounds of upgrades. Users will have seen a few brief glitches, but I now had a working IPv6 and IPv4 site, though no one except me yet knew about the IPv6. Mwaha-ha-ha!

Tunnel of LOv6

I now wanted to be able to get out to IPv6 land from my own development machine to do more testing. Thanks to the Jobsian touch, and the fact that I have static publicly routable IPv4 addresses at my desk, enabling the "6 to 4" thang in Mac OS X 10.7 network settings (in the same pull-down as the VPN stuff) just worked. (Well, on the second attempt, after a bizarre boiler-plate error about a cable being disconnected, which is what I get when I try from NATted IP addresses such as when on 3G wireless.)

But after that I could ping IPv6 addresses on the Net from my machine, and look at IPv6-hosted pages such as Google's ipv6.google.com. And, most importantly, test out my own co-lo IPv6 site from my desk by using the literal IPv6 address in the form:


Also on the site is a page that shows what the browser's IP address is, and in that case it shows my Mac's (tunnelled) IPv6 address, so all is working.

The smart choice: opportunity from uncertainty

More from The Register

next story
BBC goes offline in MASSIVE COCKUP: Stephen Fry partly muzzled
Auntie tight-lipped as major outage rolls on
iPad? More like iFAD: We reveal why Apple fell into IBM's arms
But never fear fanbois, you're still lapping up iPhones, Macs
Nadella: Apps must run on ALL WINDOWS – PCs, slabs and mobes
Phone egg, meet desktop chicken - your mother
White? Male? You work in tech? Let us guess ... Twitter? We KNEW it!
Grim diversity numbers dumped alongside Facebook earnings
HP, Microsoft prove it again: Big Business doesn't create jobs
SMEs get lip service - what they need is dinner at the Club
ITC: Seagate and LSI can infringe Realtek patents because Realtek isn't in the US
Land of the (get off scot) free, when it's a foreign owner
Dude, you're getting a Dell – with BITCOIN: IT giant slurps cryptocash
1. Buy PC with Bitcoin. 2. Mine more coins. 3. Goto step 1
There's NOTHING on TV in Europe – American video DOMINATES
Even France's mega subsidies don't stop US content onslaught
You! Pirate! Stop pirating, or we shall admonish you politely. Repeatedly, if necessary
And we shall go about telling people you smell. No, not really
prev story


Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.