On killing IPv6 transition mechanisms

Jeroen Massar jeroen at unfix.org
Mon Mar 15 22:14:11 CET 2010

Ted Mittelstaedt wrote:
> Jeroen Massar wrote:
>> The problem with upgrading a site is not so much stuff an IPv6 enabled
>> proxy/loadbalancer in front of it, the problem generally is the fact
>> that folks tend to store those nasty things called IP addresses and that
>> suddenly you have very long ones.
> And this is our problem?

Depends on who 'our' is. I don't have any problems with it, as I don't
earn my money with providing either content or access ;)

> As I said if a content provider wants to build
> their network ass-backwards with hard-coded IP addresses buried in
> config files all over their servers, that's their right.

Why is that a problem? I do that all the time, even in very large
setups. That those configs are auto-generated solves all the problems.
(Heck I even auto-generate m0n0wall configs)

But I think you misunderstand something in what I wrote: there are these
things called LOG FILES, they also contain IP addresses.
Log files are used for all kind of things, amongst others user tracking
and for security reasons. You'll find IP addresses all over the place.
(Indeed there was already a site that was wide open when connecting over
IPv6 because the 'security match' didn't properly work on that level;
next to early postfix IPv6 patches having had an easy way to
misconfigure IPv6 so that one become an open relay, and other such problems)

Oh and then there is that little thing with training support personal,
but that is outside the scope of the above problem.

>  I doubt that
> such sites would ever be enabling IPv6, though.  They will probably
> still be fighting it even with the entire Internet has switched.

As Randy Bush will say: I hope all my competitors do that

So is that your, or my problem that they mismanage their stuff and can't
upgrade... nope.

>>> Of course, I should not assume to tell content providers how to
>>> run their businesses, if they want to do it the bass-ackwards way
>>> that's their right. :-)
>> Backwards would be dedicating a pool of boxes and connecting them
>> directly to the Internet while you can just use the same methods you
>> already use for IPv4 just for IPv6...
> So I take it then you disagree with the claim that dual-stacking melts
> down the latency?

Depends on what kind of dual-stacking you are deploying and what the
environment that is in. I love dual-stack and have been running so for
pretty much 10 years already without many problems (the ones I had I
kicked people really hard for :) Latency for IPv4 and IPv6 for me is
generally the same, and sometimes lower in IPv6 (due to unused circuits
etc). IPv6-Google has also been claimed to be faster on IPv6 (even
through tunneled connections) than over IPv4 several times.

If you have crap connectivity though (bad tunnel or bad upstream) or if
you are going to tunnel twice around the world, well, you are peeped.

I refer to:
which has nice ones as:
"2001:200:a000::/35 25441, 3257, 3549, 6939, 2516 7660, 22388 11537,
2500 at 40760 km
flowing through Ireland, Germany, Netherlands, US, Japan, US and Japan.
2001:200:a000::/35 1836, 3549, 6939, 2516 7660, 22388 11537, 2500 at
39500 km flowing through Switzerland, Netherlands, US, Japan, US, and

And if you are in some remote place where there is little to no
incentive to have Internet (IPv4) in the first place, then most likely
you won't find IPv6 either. But you most likely have no other choice if
you want to get ready and already play with it.

Fortunately the IPv6 routing world improved a lot since then, and the
underlying tunnels are mostly gone or have become more aligned with the
IPv4 network. As for to the end-site there are still lots of places
where they will go quite a number of times around the world.

>> Nothing to do with the consumer, they didn't do a thing.
>> The ISP will get the complaints though that service X is unreachable.
> What it boils down to is laziness of the ISP.

Why is it lazyness of the ISP? The ISP is offering IPv4 connectivity.
That is the job they are providing and generally they are doing that
just fine. (They should start doing IPv6 soon though, but that is a
different thing)

> The ISP can educate their customers,

I just have to assume that you clearly have no perception of cost.
If you have a million customers, every dollar spent on 'educating' them,
is way too much.

Be happy that ISPs already handle abuse.

> fix their nameservers,

The ISPs nameservers are NOT broken. The problems lies in the CPE in
which there is a broken DNS caching resolver. There are a couple of
levels of brokenness but the most hopeless one is the one that only
understands A records and drops everything else, without sending back a
DNS packet stating that the request was refused.

Sometimes these CPEs are owned by the ISP and thus theoretically they
could upgrade them (but in some cases that means replacing them, times a
million is well, lots of centavos lost revenue) but in a lot of cases
the customer owns them. Thus it is the customer's problem which they
have to fix. Oh and this little DNS issue is number #1 reason for 'turn
off IPv6 and your Internet is fast again'....

> and provide workarounds for
> other idiots on the Internet who have botched their IPv6 rollouts.

Who "botched" exactly what here? I think you botched the part where you
have to read ;)

> Or they can be lazy-asses and find some quick hack to get their
> customer off the phone.  (disable IPv6 on the workstation, perhaps?)

That unfortunately is the quickest and cheapest method.
It solves the problem with minimal change.

It doesn't present a long term solution though, but hey, that is not
what people who care about their bread and their cash in their bank
account care about now do they?

Real solution would be replacing the CPE, but that is a costly thing.
And why bother, over time people will replace that thing anyway and then
they can get an IPv6 enabled edition, problem solved.

>>> The fact of the matter though is that it really only matters
>>> to get the center of the bell-curve users on IPv6.  Once that
>>> happens the power users will have to get on it also.
>> True power users know what they do, they don't have issues.
> That's why I quoted "power users" :-)

Are you one of them?


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 196 bytes
Desc: OpenPGP digital signature
Url : http://lists.cluenet.de/pipermail/ipv6-ops/attachments/20100315/290e3261/attachment.bin 

More information about the ipv6-ops mailing list