Thoughts about ipv6 white listing
nick at foobar.org
Sun Dec 5 16:22:08 CET 2010
On 04/12/2010 23:24, Brian E Carpenter wrote:
> If all ISPs with content providers offering IPv6 service
> provide a 2002::/16 route to a properly working relay,
> we'd eliminate many of the return path problems.
Helicopter view: debugging ipv6 connectivity problems requires expertise
beyond that available on FLS desks. Ergo, disabling ipv6 will be chosen
before fixing it, at least in the short to medium term.
Details: while not particularly wanting to take a deconstructionist view
of all this, if all content providers had enough clue to provide a reliable
6to4 return relay, we may eliminate some problems associated with 6to4
return paths. This is a far cry from what you say.
Going back to what you said previously:
> Except that it's encouraging the wrong solution (turn off IPv6
> and 6to4 at the subscriber end if they don't work).
> The right solution is: make them work, which is mainly the
> responsibility of the ISPs at the content provider end.
The end-user does not typically ring up the content provider when they
can't access their site. If anything, they ring up their ISP and moan that
the Internet is broken again. The ISP support desk - after sighing wearily
- will make a quick evaluation of the problem, and will probably decide
that it would take a fair chunk of second level tech support time to sort
out. Facing a choice of spending lots of time and effort - and
consequently money - in trying to sort out the user's problem or else
disabling ipv6, they will take the path of least resistance and move them
to a user profile which uses a different DNS resolver which doesn't hand
out AAAA records. Problem solved, and everyone walks away blissfully happy.
The problem is that your priorities are different to that of the ISP /
content provider. You are interested in getting everyone's ipv6
configuration fixed. The ISPs and content providers are simply interested
in providing a working service, with or without ipv6. The day that no ipv6
means no service is a long way off.
The good thing is that between now and then, it's likely that this small
percentage of people with pathologically broken systems will shrink
asymptotically to zero, as their software / hardware is slowly upgraded.
More information about the ipv6-ops