[nycbug-talk] IPv6 NY-US Roll Call

alex at pilosoft.com alex at pilosoft.com
Thu Mar 22 21:48:26 EDT 2007

On Thu, 22 Mar 2007, Miles Nordin wrote:

> >>>>> "a" == alex  <alex at pilosoft.com> writes:
> >>>>> "il" == Isaac Levy <ike at lesmuug.org> writes:
>     il> Does anyone on this list, in NY or America in general run IPv6
>     il> services?
> I did for about two years, until OCCAID cut me off.  They used to give
> tunnels to v6 experimenters, but now they've gone ISP-club-only.  And
> James at TowardEX is now actually charging his colo customers *extra* if
> they want v6 in addition to v4 (used to be included free for TowardEX
> colocators, but was mad flakey).  OCCAID shut down their ewr2 pop (and
> moved to some kind of ewr2a pop), and ditched all the old members
> connected there.
Hahah. If you are still interested, I'm on good terms with james, and can 
probably get it hooked up again or something.

> The alternative now is SixXS, which gets transit from OCCAID but has
> lots of automation for serving Interweb users.  Unfortunately they also
> have fewer pops.
> OCCAID had great connectivity (rtt usually matching or beating v4 from
> Alex), and they did BGP so I got to look at a full view of all 600 - 700
> routes in the IPv6 default-free zone.  very fun, very reliable.
more fun than reliable, i think.

> OCCAID, and their new partners SixXS, seem to be generally technically
> competent, but they have crippling layer 10 issues.  It is stuffed full
> of those people who claim they want to be ``apolitical'' and then run
> their organization like some kind of pathetic nerd mafia. problems like:
It *IS* the nerd mafia. The definition of nerd mafia. :)

>  o SixXS problems
>    o AUP forbids irc clients
>    o AUP forbids irc servers
>    o AUP forbids shell servers even when not used for irc
Funny, actually irc is probably the only thing I see v6 being used for, 
actively. Mostly for the cool origin addresses!

Of course, the reason behind the policy is the ddos avoidance. anything 
irc related = painting a big TARGET sign.

>    o a series of kiddie-heuristic harassment tests when you sign up
>      (``the ten easy steps to ipv6!'')
>    o horror stories from many people who try to use them.  If they cut
>      you off, they always cut you off first and ``inform'' you later
>      or not at all.  One guy said they kept deleting his account
>      because they didn't believe the name he gave sounded real enough
>      (it was his real name).

>  o OCCAID/SixXS problems I've had in the past
>    o putting mailing lists under ``emergency moderation'' when they
>      feel embarassed by the discussion
>    o offering better support to ``insiders'' on an unpublished irc
>      channel and worse support to people on the mailing list, then
>      banning and klining people from that channel if they're
>      insufficiently sycophantic
>    o AUP forbids so-called ``DNS spam'' which is any DNS reverse
>      lookup that spells an English phrase or sounds excessively cute.
>      I guess this is another anti-irc thing, but I'm not happy about
>      indignities like this and don't think it's in the spirit of the
>      Internet, and I really bristle at the idea of passing on a
>      restriction like that to _my_ users.
I think all of that above are signs of trying to keep the children away 

Its a free service. If you want no restrictions, pay for proper v6 
transit. :) If there's customer demand, I can probably sell v6 transit...

> so, if you can live with that, SixXS is the way to go.  I can't stand
> them, but I will probably sign up soon to get back some kind of censored
> politicized v6 (albeit without BGP now).  We'll see how long it takes
> them to find an excuse to boot some guy who posts on public mailing
> lists that he has major problems with their attitude.
> A year ago I reported the ``DNS spam'' to Declan's politech list. Once
> Declan's report came out, they hurriedly 404'd all the URLs on their
> site in Declan's message, reversed their policy, and whistled ``nothing
> to see here'' for a few months.  Then they put the policy back.
> Hurricane Electric tunnels are, for me, not even worth looking at,
> because they block irc.  I'm not spending $600/mo on Internet so I can
> put up with this T-Online/Verizon port blocking bullshit.  I *will* pay
> for IPv6, but this second-class interweb crap completely defeats the
> purpose of an experimental protocol.
Why are you so in love with irc? ;)

irc is a waste of time at best, and ddos target at worst...

> There's another huge problem with Hurricane Electric.
> If you set up v6 at your site, it is really, really important that your
> v6 access be almost as fast and reliable as your v4 access.  It should
> have similar bandwidth and rtt.  It should be very, very seldom that v4
> is up but v6 is down.
> At every site I've seen (aside from my own before I was cut off), this
> is *not* the case.  I've even seen sites promoting ipv6 that advertise a
> broken AAAA for their web server, but work fine over v4.  I've had to
> nag my secondary DNS guy to remove his nameserver's AAAA record when
> TowardEX's colo v6 has gone down again.
You are paying for v4 transit but getting v6 for free, what do you expect?

>      a> If you want your *glue* to be AAAA - well, its
>      a> a bad idea - nobody could get to anything in your domain if
>      a> you have only AAAA glue.
> but chia.arin.net and a.gtld-servers.net both have AAAA records.  so, if
> you are going to configure your nameserver with v6 _connectivity_ as
> well as just v6 records, be damn sure your v6 is good, or you will get
> 4sec delays resolving ~everything.
I see, you want both A and AAAA. I guess that make sense. Yeah, I googled 
a bit and I dont see registrar that supports v6 either. Funny, because SRS 
(registry) does support v6 since 02.

>      a> There's no demand, cause, well, why'd you *want* ipv6.
> I'll pay you $50 extra per month for v6 right now.  I want it so I can
> reach and be reached by v6-centric friends in Germany (and apparently
> also Japan).
Eh, that doesn't quite bump it in the priorities list, but I might look at
it sometime soon. Technically, I think I can get v6 routes from as4436 (or
at worst, occaid), if I wanted to, and my core is v6-capable (but probably
not v6 enabled).

> Not having stable v6 connectivity is a huge problem for me.  I use v6
> on my LAN, and it's a major pain-in-the-ass to renumber, to remove or
> add back the v6.  And if you have the v6 without a working default
> route, just to use locally, it makes problems for some OS's (like
> Solaris).
> v6 /32's are free from ARIN as long as you are (1) an ISP, (2) an ARIN
> ``member'' (have v4 blocks from ARIN, or pay $500/yr), and (3) have a
> plan to assign 200 /48's within 5 years.  I think several tier 1 ISP's
> already to v6.  Cisco IOS is much less of a flakey piece of shit on v6
> now.  so it may be mostly a matter of your time to set it up.
> I'm intensely frustrated with all these crappy flash-in-the-pan high-rtt
> port-blocked tunnels and layer 10 bullshit.  and, in general, basically
> with people who have Alex's attitude, which I think is both wrong and
> pervasive.
I think all you said above pretty much proves my point - 
a) ipv6 not ready for prime time
b) nobody gives a damn about v6


More information about the talk mailing list