On 5/10/2008, at 6:14 PM, Mikael Abrahamsson wrote:
Hi.I conducted an experiment to collect some ipv4/v6 data with the help of a certain large p2p bittorrent tracker website. I had them include javascript code that would load three 42 byte gifs upon webpage load completion (to not impact user experience). The site itself wasn't v6 enabled. The site itself is biased towards the scandinavian geographical region, but has a worldwide user base.The first gif was loaded from an address with a single A record (v4only).Second had both A and AAAA (v4v6). Third had just AAAA (v6only).I haven't put all the data into a neat presentation or anything yet (though I have given it to others who will), but I thought I'd share some key numbers ("user" here is an IP number in the log, where each IP number is only counted once, I only used unix tools like cut/awk/ sort/uniq etc, nothing fancy). This data is only from around 24 hours or collecting, but still hundreds of thousands of unique IPs.0.5% of the users pulled the v4v6 gif using IPv6. 6% of the users were able to get the v6only gif.Of the v6only accesses, 91% were from 6to4 addresses, 7% were teredo and 2% were from other ipv6 space. The "other ipv6 space" was from 58 different /32s.Of the users getting v6 only gif from non-tunnel-space, 58% were from Proxad (free.fr I believe), and then on the list came UNINET, SUNET, FUNET (university networks in .no, .se and .fi) and Hurricane electric.98% of Teredo users run Windows XP. 88% of 6to4 users run Windows Vista.The difference in page loads between v4only and v4v6 was 0.4%, indicating that some users might have problems loading something that has both A and AAAA DNS. This might be that it's slower, doesn't work, or simply that some users clicked on a link before that gif was loaded. The gifs were loaded in the order indicated above, with the javascript function "window.onload".
I have some javascript code that can be dropped on to a web page with little effort to do exactly this.
In addition, it times how long images take to load, and provides feedback on status periodically by updating another IMG tag's address to a url with several parameters in it.
http://www.braintrust.co.nz/ipv6wwwtest/It's not amazing code as I'm not a javascript coder, but it seems to work OK.
The Teredo count on the IPv6 only address seems very low, considering that Teredo is used by hosts behind NAT, while 6to4 is used by hosts not behind NAT. Given that most hosts are behind NAT, it would be my suspicion that most hosts are on Teredo - and that is indeed what my research shows.
That 98% of Teredo users run XP suggests to me that perhaps the v6only gif had an A record on it accidentally.. Vista will prefer A over AAAA if it only has Teredo connectivity. XP will prefer AAAA over A all the time. Considering that Teredo is disabled by default in XP, the numbers you've got here seem more like what I'd expect from an A+AAAA DNS name (though many XP Bittorrent users now have Teredo turned on thanks to uTorrent).
I'd also recommend trying various combinations with 6to4 and Teredo IPv6 addresses in AAAA records as well. My code there only does Teredo and 6to4 addresses, no native addresses as at the time I was using it I did not have native connectivity.
Also, looking at packet captures, keeping an eye out for ICMPv6 ping for the Teredo relay discovery could be interesting. You might find that the Teredo relay closest to you was unreliable, in which case you'd see ICMPv6 echo requests coming to you and responses going out, but no initial SYN packet. Were you running your own relay?
Also of interest would be bits 33-64 of the Teredo address, see what hosts are using what Teredo servers (ie. who is using the Microsoft ones? Who is using ones provided by $linux_vendor?).
6to4 addresses are also interesting, you can detect Windows style host- based 6to4 by checking to see if the address is of the format: 2002:AABB:CCDD::AABB:CCDD, ie the IPv4 address appears in the last 32 bits, as well as bits 17-48. It would be interesting to see what Windows vs. non-Windows hosts are on which type of addresses, etc. Also looking for EUI-64 vs static addressing (ie 2002:AABB:CCDD::1 or something).
I've been crunching numbers with this sort of data for a while so if anyone doing this sort of research, I'd be more than happy to help out any way I can, drop me a line offlist - nward@braintrust.co.nz. I've got a bunch of custom tools and things for processing packets (ie. decoding Teredo/6to4/etc.) and such and putting info in to databases so that it can be queried etc. etc.
-- Nathan Ward