Say "Thank you" to Bill...

Jeroen Massar jeroen at unfix.org
Tue Mar 27 01:14:56 CEST 2007 

Max Tulyev wrote:
> Hi!
> 
> I host a number of sites for my friends and clients, and my hosting
> servers have IPv6 addresses, as well as I put correct AAAA records in
> these domains I host.
> 
> During last time I see a lot of complaints ("Nothing works! Help!!!" as
> usual). I figured out:
> 
> 1) If a site have both A and AAAA records, the AAAA record used first.
> (Not a news, really! :) )
> 2) When IPv6 stack installed in a Windows and not configured (and in
> some cases it is so by default when installing Windows) - it tries to
> use tunnel broker as Teredo.

Teredo has nothing to do with tunnel brokers.

> 3) And often all "strange" traffic is firewalled by system administrators.

You mean dropped dead on the floor, without an ICMP or other
notification. That is an administrative choice, thus they also need to
carry the burden of doing so.

Fortunately Teredo has a backoff mechanism, if it can't contact a server
on the outside it won't be enabled either.

6to4 though, will simply time out after a while, and most likely that is
the one causing this pain.

Which reminds me to change AICCU to only add a default route (if
requested to do so) when the PoP is actually reachable by eg a ping.
Which can avoid the above issues too, no default -> not tried.

> So a significant amount of people can't access sites I host. And that's
> why I can't say that a large production site can be IPv6 enabled by
> default. Sorry :(
> 
> Any ideas how to correctly fix it?

You can't do anything about this, it is the administrators fault that they:
 - allow machines in their networks to be IPv6 enabled
 - drop 'filtered' traffic dead to the floor instead of returning
   an ICMP admin-reject or related ICMP.

You could maybe educate them though.

It is the same case as people having broken DNS servers, not much you
can do except contact them and educate them.

Greets,
 Jeroen

PS: Macintoys come IPv6 enabled already for quite some time too, they
though have IPv6 disabled in Safari to avoid the above issue...
Don't blame "Bill", *THANK* "Bill" for M$ having enabled IPv6. If they
didn't then IPv6 would never ever be used anywhere, or do you really
think that those few Linux boxes are going to matter? :)


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 311 bytes
Desc: OpenPGP digital signature
Url : http://lists.cluenet.de/pipermail/ipv6-ops/attachments/20070327/c2408aa2/signature.bin

More information about the ipv6-ops mailing list