Single Stack and Dual Stack Nodes

Single Stack Nodes

Like networks, nodes can be single stack or dual stack as well. Single stack nodes will work only in networks that support that IP family. IPv4-only nodes will work in IPv4-only and Dual Stack networks. IPv6-only nodes will work in IPv6-only and Dual Stack networks. If you deploy an IPv6-only node, be sure to provide it with IPv6 addresses of DNS (these can be obtained from DHCPv6, by RFC 6106 or manually configured).

Until mid-2012, an IPv6-only Windows node could not obtain updates normally. At that time, Akamai added support for IPv6, which fixed that problem.

Most nodes in use today are running IPv4-only. With most recent operating systems (since Windows Vista era), IPv6-support is included and enabled by default. It just doesn't configure IPv6 without a source of Router Advertisements. If you put such a node in a Dual Stack network, it will automatically configure and begin working Dual Stack (unless you specifically disabled IPv6). In most cases, it will configure IPv6 using SLAAC, which is adequate for most purposes. For servers, you should configure a static IPv6 global address, as with IPv4 (although with IPv4 it is usually a static private address). If you manually configure a node with both IPv4 and IPv6 addresses, gateways, etc, it will function as a dual stack node regardless of whether there is a source of router advertisements or not.

In many cases, existing nodes when placed into an IPv6-only single stack network will work. Windows XP and Windows Server 2003 are major exceptions - they can only do DNS queries over IPv4, so they cannot function in an IPv6-only network - they work fine in a dual stack network. Most recent operating systems (Windows since Vista, FreeBSD, Linux, OS-X, etc), will work fine in IPv4-only or IPv6-only single stack networks. You can leave the other IP family enabled but unused, or in many cases you can disable that IP family or simply not configure it.

One common issue on Dual Stack or IPv6-only nodes is third party host-based firewalls. Many have poor or no support for IPv6. The host-based firewall that comes with Windows 7 and later is suitable for all uses, and fully supports IPv6. For FreeBSD, most host-based firewall software supports IPv6. I recommend pf. Anti-Virus software rarely has any IP family dependency, although it may not be able to obtain updates in an IPv6-only network. Microsoft Security Essentials works fine in single or dual stack networks.

In a Dual Stack network, the network applications on your nodes can continue running over IPv4 without any modifications. In an IPv6-only network, some network applications may have to be upgraded, replaced or re-written to support IPv6.

Single Stack nodes (IPv4-only or IPv6-only) will normally only be able to access external nodes of the same IP family. For IPv6-only nodes that can be fairly limiting today. With a translator such as SolidProxy, Single Stack nodes (IPv4-only or IPv6-only) can access any external node (at least over protocols supported by the translator). You can also allow an IPv4-only node access external IPv6 nodes via a host-based tunnel endpoint (as stated elsewhere, there are major security issues with this - such tunneled access should be only between the border gateway and the source of IPv6 service).

 

Dual Stack Nodes

As mentioned above, most recent operating systems will simply begin functionally normally as dual stack nodes if a source of Router Advertisements is present (or if you manually configure it with both IPv4 and IPv6 addresses, gateways, etc. You can run IPv4-only, IPv6-only or dual stack client, server or P2P applications on a Dual Stack node.

If you deploy a Dual Stack capable node in a single stack network, only the IP family supported by the Single Stack network will function properly.

If you do deploy Dual Stack nodes in a Dual Stack network, be careful to configure the host based firewall rules for both IP families - don't leave IPv6 wide open by mistake.