I have both IPv4 and IPv6 public addresses. Why?

For my home network, my public IP address shows through some websites as an IPv4 and others as an IPv6 address. I have read this thread and understand that it is possible for my ISP to have assigned me one of each type.

  1. What is the purpose of me being assigned one of each type?
  2. Can disabling IPv6 from within Windows on a local host guarantee only my IPv4 address is used from that machine? I ask as I have read about security concerns in relation to certain VPN protocols used in combination with IPv6.

Firstly, what is the purpose of me being assigned one of each type?

Ideally, we should be moving towards greater IPv6 rollout, due to IPv4 exhaustion. However, a lot of servers still don't support IPv6 - there are many workarounds, none particularly great, but they generally involve tunneling through an intermediate server that can translate between the two. Your ISP provides you an IPv4 address for compatibility reasons.

What many ISPs now do is implement CGN, where many people share a single 'public' IPv4 address. There are many, many reasons this is a bad thing1, but it is necessary simply because there aren't enough IPv4 addresses to go around. This is why we need IPv6, and probably why your ISP provides it.

Secondly, can disabling IPv6 from within Windows on a local host gaurentee only my IPv4 address is used from that machine.

Yes. However, this is generally not a good idea. Alternatively, you can disable IPv6 at your router, which is a bit better, but again this isn't a great idea. We can't stay with IPv4 forever.

I ask as I have read about security concerns in relation to certain VPN protocols used in combination with IPv6.

That's typically due to broken VPN clients and configurations. It's getting better now, though. If you don't use any VPNs, it won't affect you. If you do use one, you should first research if it supports IPv6 correctly - modern ones should by now. One of the biggest issues was VPN clients ignoring IPv6 entirely, so IPv6 connections bypass the VPN, but hopefully that's gotten better now that there's some more attention there (see also: http://www.techrepublic.com/article/ipv6-security-vulnerability-pokes-holes-in-vpn-providers-claims/).


1 For example, one of the consequences of CGN is home users can no longer reliably host a server. Traditional NAT was bad enough (and again a consequence of IPv4 shortage) but with CGN port-forwarding is no longer possible either. There are techniques around it, such as NAT hole-punching, but they again require external servers and won't always work depending on the service required. Having a unique IPv6 address works around this limitation.


IPv6 and IPv4 are different and incompatible systems, you are running a 'dual stack' and your OS will try one then the other - typically 6 and then 4. If a site has a AAAA record, and you have a dual stack setup, you will typically connect to ipv6 first then ipv4.

In theory this also means you can connect to ipv6 only or ipv4 only servers transparently.

And yes, disabling ipv6 for the interface will ensure you don't get an ipv6 address. You can confirm this with ipconfig.Protocols are set per interface, not per machine. However with modern versions of windows, some file sharing related things - like homegroups, may rely on ipv6. Depending on how your VPN is configured, you may need to disable it on each interface that is active, rather than just the VPN