IP MISMATCH (ipv4>ipv6)

ipv6

#1

Hello!
I have a problem with IP address mismatch

  1. User with ipv4 address goes to my domains added to Cloudflare.
  2. I log ip addresses of all visitors and find a strange discrepancy for my domains.
  3. Sometimes Cloudflare return ipv6 client address instead of ipv4.

here same proplem

I collected the statistics: approximately from 10,000 ipv4 addresses, 500 have ipv6 address
I want to ipv6 support was be enabled, but I need that if the user has the address ipv4, then Cloudflare return ipv4 client address, and not the ipv6 address.
How to fix this?


#2

If the user has ipv6, they will only connect to your server - and cloudflare - over an ipv6 connection. Ipv4 is only used if the client doesn’t support ipv6.

If you want an IP address, see the following post. Cloudflare can generate a unique, fake ipv4 to identify visitors. The only downside is this will likely break geolocation services and other software that relies on ipv4’s being real-world addresses.


#3

I don’t believe it is possible to do what you are asking. If a user has both an IPv4 address and an IPv6 address and they are connecting to your site over IPv6 we don’t know their IPv4 address… and an address is an address. Their address is the IPv6 address, there is no mismatch.


#4

Hi again. We did another test:
We have one source of traffic. We divided it into two streams (in half) and logged each one.

  1. The first traffic stream passed without Cloudflare. Information in the logs showed that all users have ipv4 addresses.
  2. The second traffic stream passed through Cloudflare. Information in the logs showed that 5% of users have ipv6 addresses, and 95% of users - ivp4.

All traffic came from one source. How can this be?


#5

Your origin server likely doesn’t support IPv6 itself. This means that when a visitor connects and it can’t find/connect to an IPv6 for that server, it will only connect over IPv4.

However, Cloudflare does support v6, so when a user tries to connect to Cloudflare it will prefer ipv6 if the visitor supports ipv6. Cloudflare will still talk to your server over ipv4 if your server doesn’t have ipv6, however your access logs (via the Real IP header) will show the ipv6 address the user is connecting to Cloudflare with.

If you would like to disable ipv6 connections in Cloudflare, you will need to use the following API call. Note that there are no CF tutorials or support articles for this because turning IPv6 off is heavily discouraged.

https://api.cloudflare.com/#zone-settings-change-ipv6-setting


#6

I understand. Yes, my server does not support Ipv6. I just need to see the real user IP with using Cloudflare at the same time.


#7

You are seeing their real IPs. Some of them are IPv6.

Is supporting IPv6 causing any problems?


#8

I will describe the situation on a concrete example of the work of our system:

  1. User clicks on the link to domain with CloudFlare and we define it as ipv6 = 2a02:2788:58:1a66:21aa:7586:8dd5:2fc2
  2. We redirect this request to another server without CloudFlare and its IP is already defined as ipv4 = 149.154.229.225

#9

#update new test
One and the same user installs our product 2 times. During the installation, we generate a unique user ID, by which we can understand which user the IP belongs to. So:

  1. We check one domain with CloudFlare. IPv6 Compatibility option - on
    User clicks on the link to domain and we define it as ipv6 = 2001:ee0:43a1:b9d0:b144:5340:40a0:d87a
  2. I disabled the option IPv6 Compatibility for the domain from which the first installation of our product was made.
  3. The same user with the same IP (ipv4 real) installs our product a second time from same domain with CloudFlare IPv6 Compatibility option - off
  4. Result: ipv4 14.244.147.183 in our logs.

This is the same user, with the same real IPv4 address twice installed our product.
CF changed ipv4 to ipv6 if IPv6 Compatibility option was enabled.


#10

Once again this is intended behaviour - Cloudflare does not “change” an ip to ipv6, if the user’s computer and internet modem support ipv6, it will prefer connecting to Cloudflare with the ipv6 protocol. If you want ipv4 addresses only, you will need to keep ipv6 off.