I have both IPv4 and IPv6 public addresses. Why?

Firstly, what is the purpose of me being assigned one of each type?

Ideally, we should be moving towards greater IPv6 rollout, due to IPv4 exhaustion. However, a lot of servers still don't support IPv6 - there are many workarounds, none particularly great, but they generally involve tunneling through an intermediate server that can translate between the two. Your ISP provides you an IPv4 address for compatibility reasons.

What many ISPs now do is implement CGN, where many people share a single 'public' IPv4 address. There are many, many reasons this is a bad thing1, but it is necessary simply because there aren't enough IPv4 addresses to go around. This is why we need IPv6, and probably why your ISP provides it.

Secondly, can disabling IPv6 from within Windows on a local host gaurentee only my IPv4 address is used from that machine.

Yes. However, this is generally not a good idea. Alternatively, you can disable IPv6 at your router, which is a bit better, but again this isn't a great idea. We can't stay with IPv4 forever.

I ask as I have read about security concerns in relation to certain VPN protocols used in combination with IPv6.

That's typically due to broken VPN clients and configurations. It's getting better now, though. If you don't use any VPNs, it won't affect you. If you do use one, you should first research if it supports IPv6 correctly - modern ones should by now. One of the biggest issues was VPN clients ignoring IPv6 entirely, so IPv6 connections bypass the VPN, but hopefully that's gotten better now that there's some more attention there (see also: http://www.techrepublic.com/article/ipv6-security-vulnerability-pokes-holes-in-vpn-providers-claims/).


1 For example, one of the consequences of CGN is home users can no longer reliably host a server. Traditional NAT was bad enough (and again a consequence of IPv4 shortage) but with CGN port-forwarding is no longer possible either. There are techniques around it, such as NAT hole-punching, but they again require external servers and won't always work depending on the service required. Having a unique IPv6 address works around this limitation.


IPv6 and IPv4 are different and incompatible systems, you are running a 'dual stack' and your OS will try one then the other - typically 6 and then 4. If a site has a AAAA record, and you have a dual stack setup, you will typically connect to ipv6 first then ipv4.

In theory this also means you can connect to ipv6 only or ipv4 only servers transparently.

And yes, disabling ipv6 for the interface will ensure you don't get an ipv6 address. You can confirm this with ipconfig.Protocols are set per interface, not per machine. However with modern versions of windows, some file sharing related things - like homegroups, may rely on ipv6. Depending on how your VPN is configured, you may need to disable it on each interface that is active, rather than just the VPN


Internet Protocol Version 4 is the 4rth revision of Internet protocol, its generally a 32-bit address consisting of 4 numbers separated by periods for example 12.342.7.89

Internet Protocol Version 6 is the 6th revision and intended to replace IPv4, it is a 128 bit address written in hexadecimal and separated by colons for example 8ffe:1900:4545:7:336:f3ff:fe19:34c

Since there a limited number of potential IPv4 address (around 4 billion) we are rapidly running out of unused Ipv4 addresses to assign to new devices this is called IPv4 exhaustion. However since this is the older and dominant form most computers still have one, your ISP however is anticipating the move into IPv6 and has therefore assigned you an address

IPv6 also provides a number of other benefits included but not limited to

  • No more NAT (Network Address Translation)
  • Auto-configuration
  • No more private address collisions
  • Better multicast routing
  • Simpler header format
  • Simplified, more efficient routing
  • True quality of service (QoS), also called "flow labeling"
  • Built-in authentication and privacy support
  • Flexible options and extensions
  • Easier administration (no more DHCP)

Most modern servers will typically try to connect to your IPv6 address first and then your IPv4, many modern OS's functions may rely entirely on IPv6 therefore it is not recommended for you to disable your IPv6 although this will force your computer to connect through IPv4.

The security vulnerabilities with IPv6 are almost entirely related to VPN's as they sometimes bypass IPv6 entirely, however this is no longer becoming an issue and most new VPN providers are switching to provide IPV6 compatibility.