Say "Thank you" to Bill...

Kurt Erik Lindqvist kurtis at kurtis.pp.se
Wed Mar 28 12:44:42 CEST 2007 

On 27 mar 2007, at 01.14, Jeroen Massar wrote:

> Max Tulyev wrote:
>
>> 3) And often all "strange" traffic is firewalled by system  
>> administrators.
>
> You mean dropped dead on the floor, without an ICMP or other
> notification. That is an administrative choice, thus they also need to
> carry the burden of doing so.

That is ofcourse correct from an idealistic view-point, but from  
someone who would have to make a living from providing a service, he  
couldn't care less about deploying v6 if it means customers can't  
reach his/her site.

> Fortunately Teredo has a backoff mechanism, if it can't contact a  
> server
> on the outside it won't be enabled either.

I think the problem more is that at least in the past the default  
Teredo setup was that you got a Server but no Relay.

> 6to4 though, will simply time out after a while, and most likely  
> that is
> the one causing this pain.

Agreed.

>> So a significant amount of people can't access sites I host. And  
>> that's
>> why I can't say that a large production site can be IPv6 enabled by
>> default. Sorry :(
>>
>> Any ideas how to correctly fix it?
>
> You can't do anything about this, it is the administrators fault  
> that they:
>  - allow machines in their networks to be IPv6 enabled
>  - drop 'filtered' traffic dead to the floor instead of returning
>    an ICMP admin-reject or related ICMP.
>
> You could maybe educate them though.

or, sadly, turn of IPv6. See above.

> PS: Macintoys come IPv6 enabled already for quite some time too, they
> though have IPv6 disabled in Safari to avoid the above issue...
> Don't blame "Bill", *THANK* "Bill" for M$ having enabled IPv6. If they
> didn't then IPv6 would never ever be used anywhere, or do you really
> think that those few Linux boxes are going to matter? :)

Actually this is an interesting discussion. Either Bill has just  
given everyone an incentive to enable working IPv6, or he just gave  
them an incentive to remove what IPv6 is already deployed. I have no  
idea which way. All I know is that we are still struggling to figure  
out an operationally useful migration part. Sadly I agree with the  
people who say that IPv6 was not really engineered for operational  
deployment...

- kurtis -

More information about the ipv6-ops mailing list