Thoughts about ipv6 white listing

Nick Hilliard nick at foobar.org
Sun Dec 5 16:22:08 CET 2010 

On 04/12/2010 23:24, Brian E Carpenter wrote:
> If all ISPs with content providers offering IPv6 service
> provide a 2002::/16 route to a properly working relay,
> we'd eliminate many of the return path problems.

Brian,

Helicopter view: debugging ipv6 connectivity problems requires expertise 
beyond that available on FLS desks.  Ergo, disabling ipv6 will be chosen 
before fixing it, at least in the short to medium term.

Details:  while not particularly wanting to take a deconstructionist view 
of all this, if all content providers had enough clue to provide a reliable 
6to4 return relay, we may eliminate some problems associated with 6to4 
return paths.  This is a far cry from what you say.

Going back to what you said previously:

> Except that it's encouraging the wrong solution (turn off IPv6
> and 6to4 at the subscriber end if they don't work).
>
> The right solution is: make them work, which is mainly the
> responsibility of the ISPs at the content provider end.

The end-user does not typically ring up the content provider when they 
can't access their site.  If anything, they ring up their ISP and moan that 
the Internet is broken again.  The ISP support desk - after sighing wearily 
- will make a quick evaluation of the problem, and will probably decide 
that it would take a fair chunk of second level tech support time to sort 
out.  Facing a choice of spending lots of time and effort - and 
consequently money - in trying to sort out the user's problem or else 
disabling ipv6, they will take the path of least resistance and move them 
to a user profile which uses a different DNS resolver which doesn't hand 
out AAAA records.  Problem solved, and everyone walks away blissfully happy.

The problem is that your priorities are different to that of the ISP / 
content provider.  You are interested in getting everyone's ipv6 
configuration fixed.  The ISPs and content providers are simply interested 
in providing a working service, with or without ipv6.  The day that no ipv6 
means no service is a long way off.

The good thing is that between now and then, it's likely that this small 
percentage of people with pathologically broken systems will shrink 
asymptotically to zero, as their software / hardware is slowly upgraded.

Nick

More information about the ipv6-ops mailing list