Any way of detecting IPv6 clients on my website?

1
votes

I'm wondering whether it's technically possible to detect IPv6 clients that are on my website?

I'm currently running Classic ASP using Request.ServerVariables("remote_addr") to detect my visitors IP addresses but some of my mobile users (which I think are Telstra customers here in Australia) are now using IPv6. This function only seems to give me an IPv4 address.

Is there an easy/free solution to detect IPv6 addresses of my visitors?

PS - I don't believe IPv6 is enabled on the server, so am I wasting my time?

3
vbscriptipv6
If IPv6 is disabled, every connection can only ever use IPv4, so that's the reason you're getting such addresses. While a few ISPs and websites provide IPv6, we're still in a world dominated by IPv4 and almost everything supports it, as a fallback at the very least. - Alejandro

3 Answers

4
votes

Your website can only be reached over IPv6 if your webserver and ISP support it. When your server doesn't have IPv6 there is usually a translation mechanism in the user's ISP's network (NAT64) that translates the user's IPv6 packets to IPv4 packets that can reach your server. Because of that you will only see IPv4 connections coming in. Some of those will be real IPv4 users, some will be IPv6 users that got translated into IPv4.

If you want to be optimally reachable for all users then relying on someone else's translation mechanism is a hack that you'd want to avoid. Asking your ISP/hoster/sysadmin/etc to make your server reachable over IPv6 as well as over IPv4 is the best solution. That way all users can directly contact your server, no matter what their ISP offers.

2
votes

If the clients are IPv6-only and do not have access to any transition mechanism they will never be able to reach your IPv4-only service in the first place.

In that case it will appear to those users as if your server is down and you will have no way of knowing they even tried reaching your server.

However IPv6-only clients with no access to a transition mechanism are still very rare. More likely the clients will have access to some transition mechanism such as NAT64.

There are a few ways to know if a client accessed your site through a NAT64.

The IPv4 address of the NAT64 may have information in reverse DNS or whois which will tell you that it is a NAT64 device. Additionally clients relying on NAT64 will often be unable to access literal IPv4 addresses. Only access through hostnames work as they rely on DNS64 to find the IPv6 address.

Another way of telling the difference is that the MSS value advertised in SYN packets tend to have different values for native IPv4 clients and NAT64 translated clients.

None of these are 100% reliable ways of telling the difference, but as long as the clients don't have any incentive to mess with your results they can provide a good estimate.

Notice that though the DNS64/NAT64 combo will allow IPv6-only clients to access IPv4-only servers it will not work with servers that have bad or misconfigured IPv6 access. So before you add an AAAA record on your domain make sure that the IPv6 address actually works. And once you have set up the AAAA record you can use a service such as https://nat64check.org/ to verify that it actually works.

0
votes

Appreciate both responses above, it's made things significantly clearer for me. After some further reading/investigation, it's apparent that IPv6 packets are being translated to IPv4 (or they are dual-stacking). If the former, I'm now trying to see if I can convert them at my end.

One example is this IPv6 address: 2001:8003:1909:2700:3c97:38e7:9c98:bb5b

It's being translated to IPv4 as: 101.177.229.36

There are many online calculators but none seem to give me the above conversion so I'm thinking their ISP is using their own translation mechanism.