[nycbug-talk] IPv6 NY-US Roll Call
ike at lesmuug.org
Fri Mar 23 14:11:59 EDT 2007
On Mar 22, 2007, at 7:15 PM, Miles Nordin wrote:
>>>>>> "a" == alex <alex at pilosoft.com> writes:
>>>>>> "il" == Isaac Levy <ike at lesmuug.org> writes:
> il> Does anyone on this list, in NY or America in general run IPv6
> il> services?
> I did for about two years, until OCCAID cut me off.
> The second phase of user response to IPv6-crappyness is to learn about
> these -4 options to all commands. Sometimes sysadmins do this,
> too---like they will start bind with '-4' and cut off access to any
> subdomain that has v6-only DNS servers, to make regular resolving
> faster with their crappy v6. Sysadmins may get into the action by
> putting stuff in /etc that makes each program prefer v4 instead of v6.
Hrm. I wonder how many *BSD apps have implementation details all
cleaned up? I honestly haven't thought through this, but this makes
> The third phase of response to v6 crappyness is, sadly, well underway.
> It's the _developer_ response to crappy v6 tunnels. We've got all
> these short-sighted Windows refugee developers working on free
> software now, who just bang away and hurl feces at problems until they
> sorta work. irssi's wrapped getaddrinfo() to make it prefer v4 for a
> while, unless you set it back to v6 in the template config file as I
> do, and even then it won't effect users who started irssi before you
> realized the problem and set it back because they'll all have local
> .irssi/config files. Firefox, on some ``distros'' of Linux anyway,
> now ships prefering v4 over v6. meaning you will actually have v6, go
> to kame.net and NOT see the dancing kame. You have to go into some
> still works right, but I guess it's an old version.
Yikes. Ok- so this is another issue to address- making sure apps
work sanely, (by making sure they are written correctly).
> getaddrinfo() is actually v4/v6-agnostic---it could work with ISO CLNP
> or IPv2000 or whatever comes next, with no modification to programs
> that call it in the most generic way possible, once DNS rules for the
> new protocol were invented.
> so these new programs are making their
> calls to getaddrinfo() less portable by hardcoding in an understanding
> of v4 and v6 address families. The right way to do the third phase
> is, well, not at all. But the less wrong way is to have a v6 stack
> that sorts the results of getaddrinfo based on a system-wide config
> file like /etc/netconfig or /etc/inet/ipaddrsel.conf. but NetBSD
> doesn't have these files, and on Solaris they don't seem to do what
> the documentation says.
Sounds simply like folks just haven't gotten enough experience
deploying and using the systems yet- Solaris makes sense, NetBSD as
well, that they'd have rough edges... (Sun being an American company,
but NetBSD? I guess we all have details to work out as systems get
> These phases are the Hidden Obstinance to IPv6, aside from
> uncooperative ISP's or heads-in-the-sand American ``businesses.''
> Some of the things that can make your v6 crappy:
> 1. using a high-rtt tunnel. HE's tunnel endpoint is in Fremont, so to
> connect to another site here in NYC, your packets cross the US
> twice, adding 40 - 100ms latency. This is enough for ssh users to
> notice that v6 sucks and type 'ssh -4'. Hurricane has presence in
> NYC, but they won't give tunnels from here, and they won't do
> colocation here so you can make your own tunnel, either.
Holy moses you know the tunnel scene well man.
> besides he.net, xs26.net in Europe has this problem, too, since
> your tunnel endpoint is 100ms away. (also, their web site seems
> down right now, so I dunno if they can meet the ``up almost as
> often as v4'' criteria)
> some people make a big deal about ``native'' v6, meaning v6 over
> the Ethernet cable. Not having tunnels definitely makes routing
> problems easier to track down, but I really don't think it's faster
> or intangibly ``better'' somehow. The problem is when the two ends
> of the tunnel are far apart. The tunnel should only be a couple ms
> long, not spanning countries or oceans, so routing is still close
> to optimal. It's the rtt, not the tunnel itself, that sucks.
> 2. bad neighbor ISP's (cough *Abliene* cough) that up the v6
> routing table. with OCCAID I had packets crossing the Atlantic
> twice to get to Hurricane Electric. stupid. OCCAID blamed HE and
> said they were doing something wrong and ignoring OCCAID's
> complaints. Who knows what the real story is.
> 3. not maintaining your v6 well. If your site depends on some
> ``tunnel broker'' with a dynamic address on your end, then
> inevitably the broker machine gets rebooted a couple times a month
> and loses your site's state. If your tunnel broker client is buggy
> and crashes, or isn't running at all, then your v6 goes down for
> weeks until someone notices.
> so, that covers almost every v6 deployment I've seen. not good.
> a> If you wantyour *glue* to be AAAA - well, its
> a> a bad idea - nobody could get to anything in your domain if
> a> you have only AAAA glue.
> but chia.arin.net and a.gtld-servers.net both have AAAA records. so,
> if you are going to configure your nameserver with v6 _connectivity_
> as well as just v6 record s, be damn sure your v6 is good, or you will
> get 4sec delays resolving ~everything.
Noted! This seems like another problem for adoption/growth, if the
networks suck, why use them?
> Not having stable v6 connectivity is a huge problem for me. I use v6
> on my LAN, and it's a major pain-in-the-ass to renumber, to remove or
> add back the v6. And if you have the v6 without a working default
> route, just to use locally, it makes problems for some OS's (like
Gah- makes sense. This seems like a really tough stumbling block for
If we all are constantly rebuilding networks, it's hard to move
foreword and *use* them...
> v6 /32's are free from ARIN as long as you are (1) an ISP, (2) an ARIN
> ``member'' (have v4 blocks from ARIN, or pay $500/yr), and (3) have a
> plan to assign 200 /48's within 5 years. I think several tier 1 ISP's
> already to v6. Cisco IOS is much less of a flakey piece of shit on v6
> now. so it may be mostly a matter of your time to set it up.
What are ARIN's definition of 'ISP'? I mean, I'm provisioned one
IPv4 /24 for my Colo operations, but I'm by no means a commercial
ISP- (even though I do host systems for my clients). (I've never
thought about it, but I think I realistically don't count...)
Rocket- and thanks for sharing all of this!
More information about the talk