On killing IPv6 transition mechanisms

[Ted Mittelstaedt]

Jeroen Massar wrote:
> Ted Mittelstaedt wrote:
>> Jeroen Massar wrote:
> [..]
>>> The problem with upgrading a site is not so much stuff an IPv6 enabled
>>> proxy/loadbalancer in front of it, the problem generally is the fact
>>> that folks tend to store those nasty things called IP addresses and that
>>> suddenly you have very long ones.
>>>
>> And this is our problem?
> 
> Depends on who 'our' is. I don't have any problems with it, as I don't
> earn my money with providing either content or access ;)
> 
>> As I said if a content provider wants to build
>> their network ass-backwards with hard-coded IP addresses buried in
>> config files all over their servers, that's their right.
> 
> Why is that a problem? I do that all the time, even in very large
> setups. That those configs are auto-generated solves all the problems.
> (Heck I even auto-generate m0n0wall configs)
> 
> 
> But I think you misunderstand something in what I wrote: there are these
> things called LOG FILES, they also contain IP addresses.
> Log files are used for all kind of things, amongst others user tracking
> and for security reasons. You'll find IP addresses all over the place.
> (Indeed there was already a site that was wide open when connecting over
> IPv6 because the 'security match' didn't properly work on that level;
> next to early postfix IPv6 patches having had an easy way to
> misconfigure IPv6 so that one become an open relay, and other such problems)
> 
> Oh and then there is that little thing with training support personal,
> but that is outside the scope of the above problem.
> 
>>  I doubt that
>> such sites would ever be enabling IPv6, though.  They will probably
>> still be fighting it even with the entire Internet has switched.
> 
> As Randy Bush will say: I hope all my competitors do that
> 
> So is that your, or my problem that they mismanage their stuff and can't
> upgrade... nope.
> 
>>>> Of course, I should not assume to tell content providers how to
>>>> run their businesses, if they want to do it the bass-ackwards way
>>>> that's their right. :-)
>>> Backwards would be dedicating a pool of boxes and connecting them
>>> directly to the Internet while you can just use the same methods you
>>> already use for IPv4 just for IPv6...
>>>
>> So I take it then you disagree with the claim that dual-stacking melts
>> down the latency?
> 
> Depends on what kind of dual-stacking you are deploying and what the
> environment that is in. I love dual-stack and have been running so for
> pretty much 10 years already without many problems (the ones I had I
> kicked people really hard for :) Latency for IPv4 and IPv6 for me is
> generally the same, and sometimes lower in IPv6 (due to unused circuits
> etc). IPv6-Google has also been claimed to be faster on IPv6 (even
> through tunneled connections) than over IPv4 several times.
> 
> If you have crap connectivity though (bad tunnel or bad upstream) or if
> you are going to tunnel twice around the world, well, you are peeped.
> 
> I refer to:
> http://www.sixxs.net/news/2007/#grhlongestdistancerouting-0401
> which has nice ones as:
> "2001:200:a000::/35 25441, 3257, 3549, 6939, 2516 7660, 22388 11537,
> 2500 at 40760 km
> flowing through Ireland, Germany, Netherlands, US, Japan, US and Japan.
> 2001:200:a000::/35 1836, 3549, 6939, 2516 7660, 22388 11537, 2500 at
> 39500 km flowing through Switzerland, Netherlands, US, Japan, US, and
> Japan."
> 
> And if you are in some remote place where there is little to no
> incentive to have Internet (IPv4) in the first place, then most likely
> you won't find IPv6 either. But you most likely have no other choice if
> you want to get ready and already play with it.
> 
> Fortunately the IPv6 routing world improved a lot since then, and the
> underlying tunnels are mostly gone or have become more aligned with the
> IPv4 network. As for to the end-site there are still lots of places
> where they will go quite a number of times around the world.
> 
> [..]
>>> Nothing to do with the consumer, they didn't do a thing.
>>> The ISP will get the complaints though that service X is unreachable.
>>>
>> What it boils down to is laziness of the ISP.
> 
> Why is it lazyness of the ISP? The ISP is offering IPv4 connectivity.

They are offering INTERNET connectivity, that is why they are
called INTERNET SERVICE PROVIDERS.

When they start calling them INTERNET VERSION 4 SERVICE PROVIDERS
then you would have a point.

Many other things on the Internet are standards that have changed.
IPv6 is no different and ISPs need to change on it, too.

> That is the job they are providing and generally they are doing that
> just fine. (They should start doing IPv6 soon though, but that is a
> different thing)
> 
>> The ISP can educate their customers,
> 
> I just have to assume that you clearly have no perception of cost.
> If you have a million customers, every dollar spent on 'educating' them,
> is way too much.
> 

Then don't educate them.

You will make your millions as your customer base gets tired of you
treating them like morons, and out grow you and go to other ISPs who
are willing to help them.

Then I guess you will retire on your golden parachute while your 
stockholders are left with nothing.

You obviously learned American Business very well!  :-)

> Be happy that ISPs already handle abuse.
>

Since these large ISPs are the source of most of the abuse they
are obligated to handle it.

>> fix their nameservers,
> 
> The ISPs nameservers are NOT broken. The problems lies in the CPE in
> which there is a broken DNS caching resolver.

a DNS caching resolver IS a nameserver.  It's a caching-only nameserver.

> There are a couple of
> levels of brokenness but the most hopeless one is the one that only
> understands A records and drops everything else, without sending back a
> DNS packet stating that the request was refused.
> 
> Sometimes these CPEs are owned by the ISP and thus theoretically they
> could upgrade them (but in some cases that means replacing them, times a
> million is well, lots of centavos lost revenue) but in a lot of cases
> the customer owns them. Thus it is the customer's problem which they
> have to fix. Oh and this little DNS issue is number #1 reason for 'turn
> off IPv6 and your Internet is fast again'....
> 
>> and provide workarounds for
>> other idiots on the Internet who have botched their IPv6 rollouts.
> 
> Who "botched" exactly what here? 

Well, the CPE manufacturers for starters.  The 
"linksys/netgear/whatever" small router manufacturers for another.

A decent ISP will educate their user that their CPE is crap and
needs to be replaced, or firmware-updated, or worked around with static 
DNS numbers in the OS config file or some such.

A AOL/Comp$pend kind of ISP will do the "turn off IPv6 workaround"

Both solutions will work to fix the immediate problem.

A few years down the road when the customer figures things out, the
second solution just cements their view that their ISP is incompetent.

And on top of that the broken CPE's have other side effects as well,
side effects that are often blamed on the ISP even when it isn't the
ISP's fault.

Here is a story for you.  When the small Linksys BEFSR routers first
came out we had a lot of DSL customers buy and use them.  Then 6
months later we started getting a few disconnects from those customers
on claims that the service was too slow.

We investigated this rather aggressively (sent techs to homes and such)
and discovered that the Linksys units were failing - but they weren't
failing like a lightbulb and just stopping.  They were getting slower
and slower and slower.  The customer of course blamed us until techs
would pull out a brand new linksys of the same model, swap it, and
speed went back to normal.

If we had NOT had the focus on customer education that we have, we
would have lost a large number of DSL customers.  Instead we contacted
all our customers using them (easy to do just read the MAC addresses
to find the linksys units) and warned them about the problem.  We got
many comments thanking us as many customers by then were noticing
problems.  Needless to say we did NOT recommend Linksys units for
many years after that.

So, yeah, I do have a perception of cost.  And yes I understand that
when "stuff happens" that it is going to cost someone.  But apparently
I also understand that a dollar of preventative education now is worth 
100 dollars of cure later on.  I wonder if you have learned that?

ISP's with millions of customers who begrudge the PENNIES spent upfront
on educating their customers are very, very stupid.  Yes they get a
slight boost to their bottom line now.  But that comes at a much higher
cost down the road.  And once the perception gets out there that the
large ISP is a problem, it is extremely expensive to change.  Sometimes
it even cannot be changed at all, as AOL, AGIS, CompuServe have all 
found out, and Comcast is finding out.

Just consider the millions of dollars Comcast is currently spending
on television advertisements touting their new HD-TV service.  All
of those TV ads that are running on over-the-air broadcast digital TV 
are running with the vertical sidebars on HD-TV's because those adverts 
were filmed NTSC aspect ratio, not HD-TV aspect ratio, so that Comcast 
could make a very small short term financial
gain (since TV stations charge more money for adverts in HD).  Please 
consider the lunacy of a TV advert campaign for HDTV cable service that 
does not run in High Def on a HDTV set receiving High Def over the air. 
  That ad campaign merely cements in the users minds who see it that 
Comcast is incompetent, and it is a perfect example of what happens when 
ISPs with "millions of customers" chintz upfront.

> I think you botched the part where you
> have to read ;)
> 
>> Or they can be lazy-asses and find some quick hack to get their
>> customer off the phone.  (disable IPv6 on the workstation, perhaps?)
> 
> That unfortunately is the quickest and cheapest method.
> It solves the problem with minimal change.
> 
> It doesn't present a long term solution though, but hey, that is not
> what people who care about their bread and their cash in their bank
> account care about now do they?
> 

No, because most of them (in the US anyway) were educated at business
schools where that kind of thinking was all the rage during the last
decade.  Those schools now have reversed 180 degrees but it will take
many years before the young crop of MBAs takes the reins of power
in business and starts thinking long-term.

> Real solution would be replacing the CPE, but that is a costly thing.
> And why bother, over time people will replace that thing anyway and then
> they can get an IPv6 enabled edition, problem solved.
>

This is a pendulum in business thinking in the US.  During the 80's
most businesses were run short-term goals.  Then Japan started kicking
our ass and a lot of business schools and thinkers realized that long
term planning had benefits and the short-term stuff fell out of favor,
and companies started doing more long term planning.  Then in the mid
to late 90's short-term planning came back into favor as a result of
the dot-com boom.  That produced the 2008 financial crash and now it's 
back out of favor again.

You know, there's nothing wrong with simply educating the user that
they can use their existing junky CPE with a workaround, but that
it really ought to be replaced.  But I guess that sort of moderate
centrist approach nobody likes nowadays. :-(

>>>> The fact of the matter though is that it really only matters
>>>> to get the center of the bell-curve users on IPv6.  Once that
>>>> happens the power users will have to get on it also.
>>> True power users know what they do, they don't have issues.
>>>
>> That's why I quoted "power users" :-)
> 
> Are you one of them?
> 

It depends on the OS. :-)

> Greets,
>  Jeroen
>