[nycbug-talk] IPv6 NY-US Roll Call

Isaac Levy ike at lesmuug.org
Fri Mar 23 14:11:59 EDT 2007


Wordup Miles,

On Mar 22, 2007, at 7:15 PM, Miles Nordin wrote:

>>>>>> "a" == alex  <alex at pilosoft.com> writes:
>>>>>> "il" == Isaac Levy <ike at lesmuug.org> writes:
>
>     il> Does anyone on this list, in NY or America in general run IPv6
>     il> services?
>
> I did for about two years, until OCCAID cut me off.

<snip>


--
> The second phase of user response to IPv6-crappyness is to learn about
> these -4 options to all commands.  Sometimes sysadmins do this,
> too---like they will start bind with '-4' and cut off access to any
> subdomain that has v6-only DNS servers, to make regular resolving
> faster with their crappy v6.  Sysadmins may get into the action by
> putting stuff in /etc that makes each program prefer v4 instead of v6.

Hrm.  I wonder how many *BSD apps have implementation details all  
cleaned up?  I honestly haven't thought through this, but this makes  
perfect sense.

> The third phase of response to v6 crappyness is, sadly, well underway.
> It's the _developer_ response to crappy v6 tunnels.  We've got all
> these short-sighted Windows refugee developers working on free
> software now, who just bang away and hurl feces at problems until they
> sorta work.  irssi's wrapped getaddrinfo() to make it prefer v4 for a
> while, unless you set it back to v6 in the template config file as I
> do, and even then it won't effect users who started irssi before you
> realized the problem and set it back because they'll all have local
> .irssi/config files.  Firefox, on some ``distros'' of Linux anyway,
> now ships prefering v4 over v6.  meaning you will actually have v6, go
> to kame.net and NOT see the dancing kame.  You have to go into some
> arcane Javascript file to undo their brain damage.  Firefox on Solaris
> still works right, but I guess it's an old version.

Yikes.  Ok- so this is another issue to address- making sure apps  
work sanely, (by making sure they are written correctly).

> getaddrinfo() is actually v4/v6-agnostic---it could work with ISO CLNP
> or IPv2000 or whatever comes next, with no modification to programs
> that call it in the most generic way possible, once DNS rules for the
> new protocol were invented.

> so these new programs are making their
> calls to getaddrinfo() less portable by hardcoding in an understanding
> of v4 and v6 address families.  The right way to do the third phase
> is, well, not at all.  But the less wrong way is to have a v6 stack
> that sorts the results of getaddrinfo based on a system-wide config
> file like /etc/netconfig or /etc/inet/ipaddrsel.conf.  but NetBSD
> doesn't have these files, and on Solaris they don't seem to do what
> the documentation says.

Sounds simply like folks just haven't gotten enough experience  
deploying and using the systems yet- Solaris makes sense, NetBSD as  
well, that they'd have rough edges... (Sun being an American company,  
but NetBSD?  I guess we all have details to work out as systems get  
deployed...)

>
> These phases are the Hidden Obstinance to IPv6, aside from
> uncooperative ISP's or heads-in-the-sand American ``businesses.''
> Some of the things that can make your v6 crappy:
>
> 1. using a high-rtt tunnel.  HE's tunnel endpoint is in Fremont, so to
>    connect to another site here in NYC, your packets cross the US
>    twice, adding 40 - 100ms latency.  This is enough for ssh users to
>    notice that v6 sucks and type 'ssh -4'.  Hurricane has presence in
>    NYC, but they won't give tunnels from here, and they won't do
>    colocation here so you can make your own tunnel, either.

Holy moses you know the tunnel scene well man.

>
>    besides he.net, xs26.net in Europe has this problem, too, since
>    your tunnel endpoint is 100ms away.  (also, their web site seems
>    down right now, so I dunno if they can meet the ``up almost as
>    often as v4'' criteria)
>
>    some people make a big deal about ``native'' v6, meaning v6 over
>    the Ethernet cable.  Not having tunnels definitely makes routing
>    problems easier to track down, but I really don't think it's faster
>    or intangibly ``better'' somehow.  The problem is when the two ends
>    of the tunnel are far apart.  The tunnel should only be a couple ms
>    long, not spanning countries or oceans, so routing is still close
>    to optimal.  It's the rtt, not the tunnel itself, that sucks.
>
> 2. bad neighbor ISP's (cough *Abliene* cough) that up the v6
>    routing table.  with OCCAID I had packets crossing the Atlantic
>    twice to get to Hurricane Electric.  stupid.  OCCAID blamed HE and
>    said they were doing something wrong and ignoring OCCAID's
>    complaints.  Who knows what the real story is.
>
> 3. not maintaining your v6 well.  If your site depends on some
>    ``tunnel broker'' with a dynamic address on your end, then
>    inevitably the broker machine gets rebooted a couple times a month
>    and loses your site's state.  If your tunnel broker client is buggy
>    and crashes, or isn't running at all, then your v6 goes down for
>    weeks until someone notices.
>
> so, that covers almost every v6 deployment I've seen.  not good.
>
>
>      a> If you wantyour *glue* to be AAAA - well, its
>      a> a bad idea - nobody could get to anything in your domain if
>      a> you have only AAAA glue.
>
> but chia.arin.net and a.gtld-servers.net both have AAAA records.  so,
> if you are going to configure your nameserver with v6 _connectivity_
> as well as just v6 record s, be damn sure your v6 is good, or you will
> get 4sec delays resolving ~everything.

Noted!  This seems like another problem for adoption/growth, if the  
networks suck, why use them?

>
> Not having stable v6 connectivity is a huge problem for me.  I use v6
> on my LAN, and it's a major pain-in-the-ass to renumber, to remove or
> add back the v6.  And if you have the v6 without a working default
> route, just to use locally, it makes problems for some OS's (like
> Solaris).

Gah- makes sense.  This seems like a really tough stumbling block for  
everybody.
If we all are constantly rebuilding networks, it's hard to move  
foreword and *use* them...

>
> v6 /32's are free from ARIN as long as you are (1) an ISP, (2) an ARIN
> ``member'' (have v4 blocks from ARIN, or pay $500/yr), and (3) have a
> plan to assign 200 /48's within 5 years.  I think several tier 1 ISP's
> already to v6.  Cisco IOS is much less of a flakey piece of shit on v6
> now.  so it may be mostly a matter of your time to set it up.

What are ARIN's definition of 'ISP'?  I mean, I'm provisioned one  
IPv4 /24 for my Colo operations, but I'm by no means a commercial  
ISP- (even though I do host systems for my clients).  (I've never  
thought about it, but I think I realistically don't count...)

Rocket- and thanks for sharing all of this!
.ike





More information about the talk mailing list