Consensus on MHAP/v6 Multi-homing

Michael Loftis mloftis at wgops.com
Wed Apr 20 19:28:39 CEST 2005 


--On Wednesday, April 20, 2005 5:56 PM +0200 Jeroen Massar 
<jeroen at unfix.org> wrote:


> The whole goal of multihoming is being independent of upstream address
> space isn't it ?

Speaking from the point of view of a web hosting operator.  Not entirely, 
no.  We multi-home for redundancy purposes *AND* for PI space.  Without PI 
space you are locked into keeping one provider, in order to keep your 
address space and avoid renumbering.  From what I've seen IPv6 still hasn't 
done anything to really address the renumbering issue, and it will always 
exist.  There's not much of a way around it.  It will always be there. 
Routing hardware, likewise, has become more powerful and better able to 
handle larger tables.  However I'm very cheesed off that I have trouble 
getting a /22, where there are places that do *NOTHING* with a /19.  And 
some of these are newer allocations even.  I see SPAM gangs getting more 
space than we could manage to justify to ARIN, RIPE, or anyone.  Anyway 
that's unrelated.

> Scenario, we are example.com and have 2 upstreams, thus 2x /48 and those
> are 2001:db8::/32 from the IPv6-Doc prefix and 3ffe:ffff::/48 out of the
> 6bone test/play/doc prefix. We have our example.com domain, where our
> web&smtp&etc-server resides at our shim6'd addresses. We can't shim6 our
> DNS/shim6-directory server because of cyclic redundancy, thus we have in
> DNS:
>
> ns1.example.com AAAA 2001:0db8::53
> ns1.example.com AAAA 3ffe:ffff::53
>
> It is 6/6/6 and major ISP's filter out 3ffe::/16. Thus one out of two
> first-query attempts go into oblivion and that is only for contacting
> DNS. When we want to update* the above we need to contact the registrar
> etc. Fortunately for some domains there is a 5 minute or so time, but
> then still you have cached entries etc.
>
> If people would rely on DNS to be so quick, then they could also do that
> for everything else, webservers etc.

But you can't.  MS (Win2K and later) caches for about 30 minutes and *THEN* 
obeys TTLs.  So even if you get your NS recs fixed, there's still 
significant outage *PLUS* someone has to be awake and notice it!  That's, 
imho, sub optimal at best.  And really not at all desireable.

As it sits, IPv6 isn't usable in several situations because of lack of any 
sort of PI space and lack of a cohesive multi-homing system like IPv4.  I 
understand the goals of setting up/cleaning up hierarchy, but the 'net 
doesn't bend to that, at all.  I'm sure I'm probably missing some other key 
points or information and will undoubtedly need to don my asbestos suit but 
that's my point of view sitting here as a web hosting provider with about 
5k domains.

> Not even mentioning outsourced DNS servers, or having customers hardcode
> the DNS servers, eg ns1.example.org AAAA 2001:0db8::53, CNAMEs are not
> allowed and they love their own name.



>
> Greets,
>  Jeroen
>
> * = Can't we organize a 'kick the .org/.com/.net registrars' event so
> that they will start accepting AAAA entries for NS's?
>



--
Undocumented Features quote of the moment...
"It's not the one bullet with your name on it that you
have to worry about; it's the twenty thousand-odd rounds
labeled `occupant.'"
   --Murphy's Laws of Combat

More information about the ipv6-ops mailing list