Fix browser slowness with ipv6 enabled computer

Categories: Uncategorized
Comments: Comments Off
Published on: October 30, 2012

When I received my ipv6 tunnel from Tunnelbroker I was very happy to finally try ipv6.
I am running an ipv6 tunnel over ipv4 to reach hurricane electric ipv6 network. My first reaction was like Felix Baumgartner when he was on the edge of his stratosphere capsule. Finally I am there. Then when I jumped into ipv6 I realize that google takes 10 seconds to load with firefox under windows. I continue to browse and some site were very snappy and some were very slow to load. I decided to try with a MAC and it was the same behaviour.

It seems that the SSL enabled websites were very slow to load.
After investigating I observed that the secure websites were freezing for several seconds. I did a packet capture and I saw this just to load hotmail.

20:01:47.950204 IP 192.168.254.102.51553 > 212.33.55.5.53: 13981 AAAA? evintl-ocsp.verisign.com. (42) 20:01:48.950146 IP 192.168.254.102.51553 > 212.33.32.160.53: 13981 AAAA? evintl-ocsp.verisign.com. (42) 20:01:49.950214 IP 192.168.254.102.51553 > 212.33.55.5.53: 13981 AAAA? evintl-ocsp.verisign.com. (42) 20:01:51.950204 IP 192.168.254.102.51553 > 212.33.55.5.53: 13981 AAAA? evintl-ocsp.verisign.com. (42) 20:01:51.950365 IP 192.168.254.102.51553 > 212.33.32.160.53: 13981 AAAA? evintl-ocsp.verisign.com. (42) 20:01:55.950181 IP 192.168.254.102.51553 > 212.33.55.5.53: 13981 AAAA? evintl-ocsp.verisign.com. (42) 20:01:55.950306 IP 192.168.254.102.51553 > 212.33.32.160.53: 13981 AAAA? evintl-ocsp.verisign.com. (42) 20:01:58.205604 IP 192.168.254.102.53335 > 212.33.55.5.53: 12060 AAAA? evsecure-ocsp.verisign.com. (44) 20:01:59.204956 IP 192.168.254.102.53335 > 212.33.32.160.53: 12060 AAAA? evsecure-ocsp.verisign.com. (44) 20:02:00.204928 IP 192.168.254.102.53335 > 212.33.55.5.53: 12060 AAAA? evsecure-ocsp.verisign.com. (44) 20:02:02.205002 IP 192.168.254.102.53335 > 212.33.55.5.53: 12060 AAAA? evsecure-ocsp.verisign.com. (44) 20:02:02.205167 IP 192.168.254.102.53335 > 212.33.32.160.53: 12060 AAAA? evsecure-ocsp.verisign.com. (44) 20:02:02.952271 IP 192.168.254.102.59232 > 212.33.55.5.53: 44023 A? evintl-ocsp.verisign.com. (42) 20:02:02.968207 IP 212.33.55.5.53 > 192.168.254.102.59232: 44023 2/6/12 CNAME ocsp.verisign.net., A 199.7.52.72 (497) 20:02:06.205002 IP 192.168.254.102.53335 > 212.33.55.5.53: 12060 AAAA? evsecure-ocsp.verisign.com. (44) 20:02:06.205134 IP 192.168.254.102.53335 > 212.33.32.160.53: 12060 AAAA? evsecure-ocsp.verisign.com. (44) 20:02:08.455987 IP 192.168.254.102.51175 > 212.33.55.5.53: 61681 AAAA? evsecure-crl.verisign.com. (43)

That’s about 20 seconds delay with a completely non reacting browser!
Firefox looks for ocsp to validate SSL certificates. The problem is those ocsp servers are not ipv6 enabled yet and it times out several time before it realises that it’s not there.

The solution for windows, Mac and linux is to:
– In firefox browse to the address about:config.
– Search for the key network.dns.ipv4OnlyDomains and double-click on it.
– Then you need to put some servers to force a dns query over ipv4. Put all the servers.
from this up to date list.
– Completely close all the browsers and reopen a new one.

Now your internet surfing over ipv6 is now much faster!
If you experience slowness do a packet capture and identify the AAAA queries that are timing out but working over ipv4. Add it in the list and try. You can send us an email and we will update this list too.

I know it’s a ugly patch but, until ipv6 is fully migrated or somebody fix the dns queries in the OS or the ocsp list in firefox or… well until this day, the solution we propose is working. Share your toughts with us.
IPv6 Certification Badge for wedebugyou

Fix browser slowness with ipv6 enabled computer was last modified: November 17th, 2013 by Jean Debogue
The following two tabs change content below.
Jean Debogue

Jean Debogue

IT consultant at Wedebugyou
I am a Canadian now living abroad in Austria. My several years of experience in IT permits me to deliver quality solutions that scale for my clients. I am an expert in ipv6, firewalling, routing, switching and linux servers of many kind. I am able to solve problems of great complexity. I like challenges and I always enjoy the process of achieving a successful outcome.
Comments are closed.


We are fully
Infrastructure
  • Firewall, vpn, load-balancer
  • Router switch
  • Virtualization & cloud
  • Web, database, ftp servers
  • Mail, dns, dhcp services
  • Storage, SAN, NAS
  • Backup & disaster recovery
  • Performance Monitoring
Technology
  • Linux, Unix, Microsoft, Apple
  • High availability
  • DDoS mitigation
  • Clustering & Server redundancy
  • Network & power redundancy
  • Security
  • IPV4 to IPV6 migration
  • High performance & throughput
  • Incidents & problems investigation
  • Error detection & recovery
  • Self-healing mechanism

Welcome , today is Thursday, May 25, 2017