IPv4 vs IPv6 priority in Windows 7

33

29

I have IPv6 connectivity through Hurricane Electric tunnel. Since IPv6 day this year, many services (google.com, facebook.com, etc.) enabled IPv6 on their main domains. On my Windows machine, IPv6 is preferred over IPv4. This means that whenever I visit Google, all traffic goes through my tunnel to Hurricane Electric, which raises the latency by more than 100%:

C:\> ping www.google.com

Pinging www.l.google.com [2001:4860:8005::68] with 32 bytes of data:
Reply from 2001:4860:8005::68: time=85ms
Reply from 2001:4860:8005::68: time=84ms
Reply from 2001:4860:8005::68: time=112ms
Reply from 2001:4860:8005::68: time=86ms

Ping statistics for 2001:4860:8005::68:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 84ms, Maximum = 112ms, Average = 91ms


C:\> ping -4 www.google.com

Pinging www.l.google.com [173.194.79.103] with 32 bytes of data:
Reply from 173.194.79.103: bytes=32 time=28ms TTL=48
Reply from 173.194.79.103: bytes=32 time=28ms TTL=48
Reply from 173.194.79.103: bytes=32 time=55ms TTL=46
Reply from 173.194.79.103: bytes=32 time=29ms TTL=46

Ping statistics for 173.194.79.103:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 28ms, Maximum = 55ms, Average = 35ms

Question: How can I make Windows 7 to always prefer IPv4, when both IPv4 and IPv6 records are available for a specific domain name?

haimg

Posted 2012-06-13T23:34:40.933

Reputation: 19 503

1@grawity That should be prefixpolicies, not prefixpolicy. – Peter Wood – 2014-12-01T08:52:57.230

@PeterWood Might be different since XP, then. – user1686 – 2014-12-01T08:55:42.660

1@grawity Yes, I'm on Windows 7, and calling netsh interface ipv6 show gives usage including show prefixpolicies - Shows prefix policy entries, but no prefixpolicy. Cheers. – Peter Wood – 2014-12-01T09:11:13.110

4The proper way for this, on most operating systems, is to configure the prefix policy – on Windows, via netsh interface ipv6 show prefixpolicy. I might post a more detailed answer tomorrow. – user1686 – 2012-06-14T00:30:20.460

Answers

45

Solution #1: Add a prefix policy to prefer IPv4 addresses over IPv6

Prefix policy table is similar a routing table, it determines which IP addresses are preferred when making a connection. Note that higher precedence in prefix policies is represented by a higher "precedence" value, exactly opposite to routing table "cost" value.

Default Windows prefix policy table:

C:\> netsh interface ipv6 show prefixpolicies
Querying active state...

Precedence  Label  Prefix
----------  -----  --------------------------------
        50      0  ::1/128
        40      1  ::/0
        30      2  2002::/16
        20      3  ::/96
        10      4  ::ffff:0:0/96
         5      5  2001::/32

Note that IPv6 addresses (::/0) are preferred over IPv4 addresses (::/96, ::ffff:0:0/96).

We can create a policy that will make Hurricane Electric IPv6 tunnel less favorable than any IPv4 address:

netsh interface ipv6 add prefixpolicy 2001:470::/32 3 6

2001:470::/32 is Hurricane Electric's prefix, 3 is a Precedence (very low) and 6 is a Label.

I could have used a more generic prefix, but I wanted to make sure that if and when I get direct IPv6 connectivity from an ISP, it will take precedence over IPv4.

If you adapt this solution, you need to substitute an appropriate IPv6 prefix instead of my Hurricane Electric one.

Solution #2: Tweak registry to make Windows always prefer IPv4 over IPv6

This solution is more generic, but more invasive and less standards-compliant. In the end, Windows will still modify the prefix policy table for you.

  • Open RegEdit, navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tcpip6\Parameters
  • Create DisabledComponents DWORD registry value, set its value to 20 (Hexadecimal). See Microsoft KB 929852 for more info about this registry key, especially if DisabledComponents already exists on your system.
  • Reboot.

haimg

Posted 2012-06-13T23:34:40.933

Reputation: 19 503

PowerShell commands for solution #2:

`Get-ItemProperty -Path hklm:SYSTEM\CurrentControlSet\Services\tcpip6\Parameters -Name "DisabledComponents" | select -exp DisabledComponents`

`Set-Itemproperty -Path hklm:SYSTEM\CurrentControlSet\Services\tcpip6\Parameters -Name "DisabledComponents" -value 32`
 – Sergii Volchkov  – 2019-02-01T14:46:01.543

It's a bummer that you cannot set this preference per-connection (e.g. I have a buggy router) but only globally or at most per-adapter. – mirh – 2019-11-04T09:11:29.370

23

If monospace text and tables with strange numbers and symbols scare you, you can do this with Microsoft Fix-its, simple installers from Microsoft which make the configuration changes for you.

These fix its come from KB 2533454, which explains that you would want to do this if your IPv6 connectivity is broken. You need to be an administrator to run the fix its; after downloading, right click and select Run as administrator.

Michael Hampton

Posted 2012-06-13T23:34:40.933

Reputation: 11 744

7

The most simple way, and these are always so simple we overlook them...

  1. open Network and Sharing Center.

  2. There click on Change Adapter Settings

  3. On the "Menu Bar" Click on Advanced. **Note..If you only see "Organize" then click that, and then from the drop down choose "Layout - Menu Bar"

  4. After clicking advanced in the previous step, click "Advanced Settings" in this step (A box will open on your screen)

  5. What is displayed is adapters and settings and the adapter you are currently using will already be highlighted on the top half and its representative breakdown below (you should see bindings for that adapter). Highlight any one of the bindings in the list and you should notice the arrows to the right light up, use those arrows to change the binding order to your preference and then choose ok from the bottom.

  6. Note that just like when you install a protocol, service, or client in your adapter properties. Same applies here. which is that you change one adapter, and the rest follow suit. So, for instance, if you choose IPV6 prefer over 4 on your wireless adapter, Your LAN adapter changes also.

It's the easiest way I can think of to do this particular task without having to think too much about, or having too much knowledge about the routing of packets on an inter network.

StevenRowe6

Posted 2012-06-13T23:34:40.933

Reputation: 71

2When I go there, IPv4 is already listed first in both categories. However, when I go to the properties of my network adapter, IPv6 is listed first. – kojow7 – 2016-12-07T23:08:14.500

2

Short version

Before September 2012                     After September 2012
Precedence  Prefix                        Precedence  Prefix       
----------  -------------                 ----------  -------------
        50  ::1/128        IPv6 loopback          50  ::1/128        IPv6 loopback
        40  ::/0           Native IPv6            40  ::/0           Native IPv6
        40  fc00::/7       ULAs                   35  ::ffff:0:0/96  IPv4
        40  fec0::/10      site-local             30  2002::/16      6to4
        40  3ffe::/16      6bone                   5  2001::/32      Teredo
        30  2002::/16      6to4                    3  fc00::/7       ULAs
        20  ::/96          IPv4compat              1  fec0::/10      site-local
        10  ::ffff:0:0/96  IPv4                    1  3ffe::/16      6bone
         5  2001::/32      Teredo                  1  ::/96          IPv4compat

Long Version

RFC6724 defined a change in how addresses should be preferred. With this change IPv6 is no longer the preferred address in nearly every case :(

This question, which was asked in June of 2012 was "fixed" by an RFC from September 2012. Depending on your Windows version, you either had this new policy out of the box (Windows 8.1), or likely already delivered through an update (Windows 8, Windows 7, Windows Vista).

We're here because we want to use IPv6; we want that change undone.

How to put it back

If you get multiple IP addresses for a single host, your machine has to decide which address it will use. An example ranking might be:

  • IPv6 loopback
  • Native IPv6
  • Unique-Local addresses (ULAs), e.g. fdxx::
  • Site-local, e.g. fec0
  • 6bone
  • 6to4
  • IPv4compat
  • IPv4
  • Teredo, e.g. 2001

On your Windows machine, this ranking is called the prefix policy.

Prefix policy

You can view your computer's prefix policy by running:

>netsh int ipv6 show prefixpolicies

In the olden times (originally defined by RFC 3484), the prefix policy was:

Precedence  Prefix         
----------  -------------
        50  ::1/128        IPv6 loopback
        40  ::/0           Native IPv6
        40  fc00::/7       ULAs
        40  fec0::/10      site-local
        40  3ffe::/16      6bone
        30  2002::/16      6to4
        20  ::/96          IPv4compat
        10  ::ffff:0:0/96  IPv4
         5  2001::/32      Teredo

So you see it would pretty much always use IPv6 (yay!):

  1. IPv6 loopback
  2. Native IPv6, ULAs, site-local, 6one
  3. 6to4
  4. IPv4compat
  5. IPv4
  6. Teredo

If you went through the effort to deploy IPv6: it just worked.

New Prefix Policy

In 2012 a new preference order was defined by RFC6724. Nowadays the prefix policy pretty much ensures that you'll never use IPv6:

Precedence  Prefix         
----------  -------------
        50  ::1/128        
        40  ::/0           Native IPv6
        35  ::ffff:0:0/96  IPv4
        30  2002::/16      
         5  2001::/32      
         3  fc00::/7       ULAs
         1  fec0::/10      site-local
         1  3ffe::/16      
         1  ::/96          

You'll see that you will never be able to use your Unique Local Addresses, or site-local address; it's perpetually broken:

  1. IPv6 loopback
  2. Native IPv6
  3. IPv4
  4. 6to4
  5. Teredo
  6. ULAs
  7. site-local
  8. 6bone
  9. IPv6compat

How to fix it?

What we want is to fix IPv6 so that ULAs are preferred over IPv4. At the very least we want to push the use of ULAs (fc00::/7) above that of IPv4:

Precedence  Prefix         
----------  -------------
        50  ::1/128        
        40  ::/0           Native IPv6
        37  fc00::/7       ULAs <---------- from 3 up to 37
        35  ::ffff:0:0/96  IPv4
        30  2002::/16      
         5  2001::/32      
         1  fec0::/10      site-local
         1  3ffe::/16      
         1  ::/96          

Which is done by:

>netsh interface ipv6 set prefixpolicy prefix=fc00::/7 precedence=37 label=13 store=active

That will only keep it active until the next reboot. To make the change permanant:

>netsh interface ipv6 set prefixpolicy fc00::/7 37 13

If i:

  • went through the effort to generate a ULA global prefix for my /48
  • and choose a subnet id for my /64
  • and deploy ULAs to every machine in the enterprise
  • and update the DNS servers to return IPv6 ULA addresses in addition to IPv4 addresses

the least the computer could do is have the common courtesy to use the address.

Bonus Chatter

The fc00::/7 range is divided into two parts:

  • fd00::/8 - GlobalID prefix generated locally
  • fc00::/8 - ???

Nobody ever really decided was fc would be good for, and so just sits there.

The fd addresses are defined as:

fd [40-bit random GlobalID] [16-bit subnet] [64-bits for host assignment]

So if you generated a4d7f6dd66 as your cryptoghpcallly random 40-bit GlobalID, that gives you your /48:

  • fda4:d7f5:dd66:: /48
  • fda4:d7f5:dd66:face:: /64 (in the face subnet)
  • fda4:d7f5:dd66:face::825 as a host IP address

SixXS maintained a public database of Unique Local Address GlobalID prefixes in order to reduce the chance of collissions, e.g.:

  • fdee:e004:2208::/48: Apple Inc - Leopard OSX
  • fdd4:43c8:ba34::/48: TekSavvy - Danny Murray
  • fdac:afbd:fea1::/48: IBM Rational Build Forge - Chris Fuller

But due to slowing use, and the dubious value in the first place, SixXS discontinued the service in 2018.

Bonus Reading

Ian Boyd

Posted 2012-06-13T23:34:40.933

Reputation: 18 244

The fc00::/7 network is really divided into two parts. The fc00::/8 network is Reserved for a future global authority to assign from, and cannot currently be used, but fd00::/8 is available for local assignment, but it requires the next 40 bits to be randomly chosen. – Ron Maupin – 2019-01-08T20:59:47.227

Actually we are here because we (and OP) DON'T WANT to use IPv6 and it is still active on loopback even though I disabled every instance of IPv6 that I could find! – AaA – 2019-03-26T07:43:14.967

0

There is a easier method that works for me. I just changed the interface metric # to determine its priority. I had used this method in the past to change priority of network adapters (Wireless NIC priority first, LAN NIC priority second), but I found out it works on TCP/IPv4 and TCP/IPv6 as well. In this case, I changed the interface metric of TCP/IPv4 from Automatic to 5, and TCP/IPv6 interface metric from Automatic to 10. The lower the metric number, the higher its priority. Then restart your PC. So now whenever I ping using the hostname, it will reply from IPv4, instead of Ipv6.

Here is a more detailed instruction

https://www.windowscentral.com/how-change-priority-order-network-adapters-windows-10

Sam N

Posted 2012-06-13T23:34:40.933

Reputation: 1