Mailing List Archive

On 2016-05-18 15:23, Phil Mayers wrote:
> Broken over IPv6:
>
> https://webcast.ec.europa.eu/281715cafa675bf359ebaa42cb44fa17
>
> (Webserver has AAAA, returns 404 over v6, fine over v4)
>
> And yet:
>
> https://ec.europa.eu/digital-single-market/en/blog/ipv6-more-than-a-reality-a-necessity
>

You are aware that the EU "launched" IPv6 in 2004 right:

http://www.global-ipv6.org/index.htm

Not that many of their sites/locations actually have even remotely heard
of IPv6.

Problems like this are simply still existent because they do not care,
and they will not.

See also the comments in this little wiki page:
https://www.sixxs.net/wiki/?title=Call_Your_ISP_for_IPv6

and unfortunately there are many more of even employees at ISPs who are
unable to convince their ISP that they really should be doing IPv6.

I wonder when the first large companies are going to ask for some kind
of 'fund' for getting IPv6 deployed....


Really, you cannot keep on telling people to finally deploy IPv6, it
does not have any effect whatsoever, only their pocket books care and
those will only notice when it is too late...

Greets,
Jeroen

> On 18 May 2016, at 14:23, Phil Mayers <p.mayers@imperial.ac.uk> wrote:
>
> Broken over IPv6:
>
> https://webcast.ec.europa.eu/281715cafa675bf359ebaa42cb44fa17
>
> (Webserver has AAAA, returns 404 over v6, fine over v4)

Many moons ago, europa.eu IPv6 ‘service’ was a reverse-proxy operated by BT. I have no idea what the current kludge is.

Mat

Hi!

> > Broken over IPv6:
> >
> > https://webcast.ec.europa.eu/281715cafa675bf359ebaa42cb44fa17
> >
> > (Webserver has AAAA, returns 404 over v6, fine over v4)

The tech-c seems to be:

otman.dahel@ec.europa.eu

--
pi@opsec.eu +49 171 3101372 4 years to go !

On 18/05/16 14:29, Jeroen Massar wrote:

> Really, you cannot keep on telling people to finally deploy IPv6, it
> does not have any effect whatsoever, only their pocket books care and
> those will only notice when it is too late...

So it's hopeless and we should just give up?

That doesn't seem like the most encouraging advice ever, but thanks for
the reply.

Anyone else got thoughts on how to discourage half-working/half-broken
setups which create negative externalities?

I'm specifically not asking about encouraging people who haven't
deployed; rather people who have and who have broken or abandoned their
efforts.

On 18/05/16 14:45, Matthew Ford wrote:

> Many moons ago, europa.eu IPv6 ‘service’ was a reverse-proxy operated
> by BT. I have no idea what the current kludge is.

Ah, BT. The obvious choice of provider for an IPv6 implementation /sarcasm

Whoever runs it, they've broken it a bunch of times before.

I've "fixed" it at our end on this and previous occasions using bind RPZ
to convert AAAA replies containing their /48 to NODATA.

This makes me feel dirty :o(

On 2016-05-18 15:52, Phil Mayers wrote:
> On 18/05/16 14:29, Jeroen Massar wrote:
>
>> Really, you cannot keep on telling people to finally deploy IPv6, it
>> does not have any effect whatsoever, only their pocket books care and
>> those will only notice when it is too late...
>
> So it's hopeless and we should just give up?

You can keep on trying to fix OTHER people's networks.... but you'll end
up in an abyss at one point...

> That doesn't seem like the most encouraging advice ever, but thanks for
> the reply.

The best advice for getting IPv6 fixed is for a large well used network
(google, facebook) to stop providing IPv4. Then suddenly people will fix
things as they won't have working "Internet" and their users will
complain really really loud.

Till that happens do not hold your breath.

> Anyone else got thoughts on how to discourage half-working/half-broken
> setups which create negative externalities?

Public shaming does not work, that has been tried for a long long time
already.

Contacting people who do not care about their own network does not work
either.

> I'm specifically not asking about encouraging people who haven't
> deployed; rather people who have and who have broken or abandoned their
> efforts.

Understand it this way: they officially claimed 12 years ago to be
launching IPv6 and they have not noticed their own network to be broken...

Technical contacts are badly published and likely won't reply.

Thus... little chance to fix a network that does not want to be reached.

Yes, that is unfortunate, but that is the way it seems to be.


I'll add to that that in the cases of Viruses/Bots and Spam many
networks are already big blackholes for getting these resolved. Either
you do not find a contact or they won't fix it even when they have read
the message. IPv6 is not on these network's priority lists at all...

Greets,
Jeroen

Hi,

On Wed, May 18, 2016 at 03:29:34PM +0200, Jeroen Massar wrote:
> I wonder when the first large companies are going to ask for some kind
> of 'fund' for getting IPv6 deployed....

*want*

(of course, only those would get the funding that have not done
anything yet... "because it is so hard")

gert
--
have you enabled IPv6 on something today...?

SpaceNet AG Vorstand: Sebastian v. Bomhard
Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279

Hi Phil,

> On 18 May 2016, at 14:52, Phil Mayers <p.mayers@imperial.ac.uk> wrote:
>
> On 18/05/16 14:29, Jeroen Massar wrote:
>
>> Really, you cannot keep on telling people to finally deploy IPv6, it
>> does not have any effect whatsoever, only their pocket books care and
>> those will only notice when it is too late...
>
> So it's hopeless and we should just give up?
>
> That doesn't seem like the most encouraging advice ever, but thanks for the reply.
>
> Anyone else got thoughts on how to discourage half-working/half-broken setups which create negative externalities?
>
> I'm specifically not asking about encouraging people who haven't deployed; rather people who have and who have broken or abandoned their efforts.

Well, a not uncommon approach to discourage bad behaviour is to create an appropriate blacklist where offenders are added when such behaviour is observed, so that people can choose to use the blacklist, if they trust its contents. Who would run such a thing is another question, and is whether it blacklisted the broken v6 site version or both protocols. But perhaps some public ‘wall of shame’ might be a step towards that. The first question is how/whether you would detect / report such offenders in the first place; I would also hope cases are very rare.

I would expect many of the general v6 connectivity problems to go unnoticed due to happy eyeballs, but your example is obviously more nuanced because you do get something returned, but it’s junk, and I agree very frustrating.

Tim

On 18/05/16 15:03, Jeroen Massar wrote:

> The best advice for getting IPv6 fixed is for a large well used network
> (google, facebook) to stop providing IPv4. Then suddenly people will fix
> things as they won't have working "Internet" and their users will
> complain really really loud.

Ok so basically, if more/most access networks were IPv6-enabled (because
big or vital providers are IPv6 only) then all service networks would
have to get it working?

Not unreasonable, but that's a very long term prospect I guess.

I'd be curious to know if people have suggestions that work shorter term.

I'm in agreement that shaming is not effective; but I'm frustrated and
it just seemed so ironic that their public claims were so pro-v6.

Question for any access network providers: if/when you run into these
issues, how do you plan to proceed? Leave the site broken and force the
site owner to fix, or work around at your end and hide the problem?

No judgement either way, just curious.

Regards,
Phil

Hi,

On Wed, May 18, 2016 at 02:06:57PM +0000, Tim Chown wrote:
> > I'm specifically not asking about encouraging people who haven't deployed; rather people who have and who have broken or abandoned their efforts.
>
> Well, a not uncommon approach to discourage bad behaviour is to
> create an appropriate blacklist where offenders are added when such
> behaviour is observed, so that people can choose to use the blacklist,

That would be akin to the mentioned RPZ zone - which helps your local
users (good!) but effectively hides the real problem (bad).

Maybe just add such offendors to an RPZ zone that suppresses their IPv4
record, so it's "fix your IPv6 or die"? Not really serious...

> But perhaps some public ???wall of shame??? might
> be a step towards that. The first question is how/whether you would
> detect / report such offenders in the first place; I would also
> hope cases are very rare.

And whether enough people care to actually get things fixed, then.

frustrated,

Gert Doering
-- NetMaster
--
have you enabled IPv6 on something today...?

SpaceNet AG Vorstand: Sebastian v. Bomhard
Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279

On 2016-05-18 16:10, Phil Mayers wrote:
> On 18/05/16 15:03, Jeroen Massar wrote:
>
>> The best advice for getting IPv6 fixed is for a large well used network
>> (google, facebook) to stop providing IPv4. Then suddenly people will fix
>> things as they won't have working "Internet" and their users will
>> complain really really loud.
>
> Ok so basically, if more/most access networks were IPv6-enabled (because
> big or vital providers are IPv6 only) then all service networks would
> have to get it working?

Then they have a REAL reason: complaining users who cannot Google/Facebook.

And that is for many ISPs what it will take for them to even remotely
think of IPv6, see again:
https://www.sixxs.net/wiki/?title=Call_Your_ISP_for_IPv6

> Not unreasonable, but that's a very long term prospect I guess.

It *IS* unreasonable.

As when such an event happens, it will have to be done in 1 day instead
of the 20 years that they already knew this was going to happen.

Also, likely such an event will not happen, as the establish "big"
players have more than enough IPv4 to last their lifetimes putting up
big load balancer farms.

The BIG problem there is newcomers to the market, they won't be able to
enter as they won't get any IPv4.

> I'd be curious to know if people have suggestions that work shorter term.

Please read through every IPv6-related list from the last 20 years.

People have been trying to convince folks for a while already...

> I'm in agreement that shaming is not effective; but I'm frustrated and
> it just seemed so ironic that their public claims were so pro-v6.

I've never been frustrated about this. I only see that folks doing
consulting on the subject will have a lot of work at one point.

> Question for any access network providers: if/when you run into these
> issues, how do you plan to proceed? Leave the site broken and force the
> site owner to fix, or work around at your end and hide the problem?

They will likely set up a big HTTP proxy and then tunnel IPv6 from
somewhere...

Please note that this list is the wrong audience, and so is any other
list where folks know about IPv6. These folks already have IPv6.

If they do not have IPv6 it is because of some "C-level" "business
decision" to not look into it.

You cannot fix those folks unfortunately. The only thing one can do is
"I told you so" and laugh very very hard when they turn over their cash
to the consultants and companies taking over their networks...

Greets,
Jeroen

On Wed, 18 May 2016, Phil Mayers wrote:

>
> Ok so basically, if more/most access networks were IPv6-enabled (because
> big or vital providers are IPv6 only) then all service networks would
> have to get it working?

Yes, if it's broken from one network but works from the rest, then the
problem to fix is for that broken network.

If it's broken for everybody, then it's the one who has the broken end
that needs to fix.

This is the same thing with IPv6, DNSSEC and all such new technologies. If
there is only one ISP that does DNSSEC validation and it's broken because
the zone is signed wrong, then that ISP gets blamed. In Sweden, where 85%
of customers sit behind a DNSSEC validating resolver, nobody gets away
with screwing up their zone signing because now it's their problem.

It's all about critical mass.

--
Mikael Abrahamsson email: swmike@swm.pp.se

> On 18 May 2016, at 15:11, Gert Doering <gert@space.net> wrote:
>
> Hi,
>
> On Wed, May 18, 2016 at 02:06:57PM +0000, Tim Chown wrote:
>>> I'm specifically not asking about encouraging people who haven't deployed; rather people who have and who have broken or abandoned their efforts.
>>
>> Well, a not uncommon approach to discourage bad behaviour is to
>> create an appropriate blacklist where offenders are added when such
>> behaviour is observed, so that people can choose to use the blacklist,
>
> That would be akin to the mentioned RPZ zone - which helps your local
> users (good!) but effectively hides the real problem (bad).

Well, that’s basically the same model as happy eyeballs.

> Maybe just add such offendors to an RPZ zone that suppresses their IPv4
> record, so it's "fix your IPv6 or die"? Not really serious…

:) But agree...

>> But perhaps some public ???wall of shame??? might
>> be a step towards that. The first question is how/whether you would
>> detect / report such offenders in the first place; I would also
>> hope cases are very rare.
>
> And whether enough people care to actually get things fixed, then.

The flip side is what evidence do we have that its a problem that is common enough to care about?

The last instance I recall is a vague memory of xbox.com doing something similar a couple of years ago.

Tim

>
> frustrated,
>
> Gert Doering
> -- NetMaster
> --
> have you enabled IPv6 on something today...?
>
> SpaceNet AG Vorstand: Sebastian v. Bomhard
> Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann
> D-80807 Muenchen HRB: 136055 (AG Muenchen)
> Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
>

On 18/05/16 15:32, Tim Chown wrote:

> The flip side is what evidence do we have that its a problem that is
> common enough to care about?

This is a fair point. Perhaps I'm overreacting - we don't get too many
of these.

Hi,

On Wed, May 18, 2016 at 03:33:45PM +0100, Phil Mayers wrote:
> This is a fair point. Perhaps I'm overreacting - we don't get too many
> of these.

Still annoying. Organizations that make (or "use to make") a big hubbub
about IPv6 should be able to then actually *use* it. Like, use it on
their internal networks, provide it in their guest WiFi, have all external
facing services (web, mail, DNS, ...) dual-stacked, etc.

I could start a rant about "IPv6 task forces" around the world now...

Gert Doering
-- NetMaster
--
have you enabled IPv6 on something today...?

SpaceNet AG Vorstand: Sebastian v. Bomhard
Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279

--- jeroen@massar.ch wrote:
From: Jeroen Massar <jeroen@massar.ch>

If they do not have IPv6 it is because of some
"C-level" "business decision" to not look into
it.

You cannot fix those folks unfortunately.
--------------------------------------------


That. And not even C-level, rather mid-level mgmt
that won't even allow it to get into conversations
above their level. I have been saying it so much
that I'm actually getting in trouble. They refuse
to listen. I'm sure I'm not alone in this. :-(

scott

I had the opportunity to set up a (small) ISP from scratch, so I just
did it, and made everything native Ipv4 and IPv6 from day one.

'Greenfields' is a lot easier than retro-fitting an entire network though

Mike


Mike Taylor
The Total Team

On 19/05/16 13:19, Scott Weeks wrote:
>
> --- jeroen@massar.ch wrote:
> From: Jeroen Massar <jeroen@massar.ch>
>
> If they do not have IPv6 it is because of some
> "C-level" "business decision" to not look into
> it.
>
> You cannot fix those folks unfortunately.
> --------------------------------------------
>
>
> That. And not even C-level, rather mid-level mgmt
> that won't even allow it to get into conversations
> above their level. I have been saying it so much
> that I'm actually getting in trouble. They refuse
> to listen. I'm sure I'm not alone in this. :-(
>
> scott
>

--- mtaylor@totalteam.co.nz wrote:
From: Mike Taylor <mtaylor@totalteam.co.nz>

'Greenfields' is a lot easier than retro-fitting
an entire network though
------------------------------------------


And both of those're easier than bashing one's
head against the "management brick wall". All
a person gets from that is bloody... :-)

scott

> On 19/05/2016, at 2:10 pm, Mike Taylor <mtaylor@totalteam.co.nz> wrote:
>
> I had the opportunity to set up a (small) ISP from scratch, so I just
> did it, and made everything native Ipv4 and IPv6 from day one.
>

You get credit for your website having a quad A :)

But what about DNS?

workstation:~ $ dig ns totalteam.co.nz +short
ns3.discountdomains.co.nz.
ns2.discountdomains.co.nz.
ns1.discountdomains.co.nz.

workstation:~ $ dig aaaa ns1.discountdomains.co.nz +short

workstation:~ $ dig aaaa ns2.discountdomains.co.nz +short

workstation:~ $ dig aaaa ns3.discountdomains.co.nz +short

:(

On 19/05/2016 15:46, Pete Mundy wrote:
>> On 19/05/2016, at 2:10 pm, Mike Taylor <mtaylor@totalteam.co.nz> wrote:
>>
>> I had the opportunity to set up a (small) ISP from scratch, so I just
>> did it, and made everything native Ipv4 and IPv6 from day one.
>>
>
> You get credit for your website having a quad A :)
>
> But what about DNS?
>
> workstation:~ $ dig ns totalteam.co.nz +short
> ns3.discountdomains.co.nz.
> ns2.discountdomains.co.nz.
> ns1.discountdomains.co.nz.
>
> workstation:~ $ dig aaaa ns1.discountdomains.co.nz +short
>
> workstation:~ $ dig aaaa ns2.discountdomains.co.nz +short
>
> workstation:~ $ dig aaaa ns3.discountdomains.co.nz +short
>
> :(

Give him a break. Probably that's why they sell him a "discounted" DNS service ;-).

(Cheap, fast, dual-stack, pick any two?)

Brian

On 19/05/16 16:39, Brian E Carpenter wrote:
> On 19/05/2016 15:46, Pete Mundy wrote:
>>> On 19/05/2016, at 2:10 pm, Mike Taylor <mtaylor@totalteam.co.nz> wrote:
>>>
>>> I had the opportunity to set up a (small) ISP from scratch, so I just
>>> did it, and made everything native Ipv4 and IPv6 from day one.
>>>
>> You get credit for your website having a quad A :)
>>
>> But what about DNS?
>>
>> workstation:~ $ dig ns totalteam.co.nz +short
>> ns3.discountdomains.co.nz.
>> ns2.discountdomains.co.nz.
>> ns1.discountdomains.co.nz.
>>
>> workstation:~ $ dig aaaa ns1.discountdomains.co.nz +short
>>
>> workstation:~ $ dig aaaa ns2.discountdomains.co.nz +short
>>
>> workstation:~ $ dig aaaa ns3.discountdomains.co.nz +short
>>
>> :(
> Give him a break. Probably that's why they sell him a "discounted" DNS service ;-).
>
> (Cheap, fast, dual-stack, pick any two?)
>
> Brian
>
lol, yeah, something like that :-)

> On 18 May 2016, at 16:33, Phil Mayers <p.mayers@imperial.ac.uk> wrote:
>
> On 18/05/16 15:32, Tim Chown wrote:
>
>> The flip side is what evidence do we have that its a problem that is
>> common enough to care about?
>
> This is a fair point. Perhaps I'm overreacting - we don't get too
> many of these.

I am going to present some data showing the scale of this problem in
10 minutes from now at the RIPE meeting. Stay tuned!

Measuring Webpage Similarity from Dual-Stacked Hosts
https://ripe72.ripe.net/programme/meeting-plan/plenary

Best, Vaibhav

===================================
Vaibhav Bajpai
www.vaibhavbajpai.com

Room 91, Research I
School of Engineering and Sciences
Jacobs University Bremen, Germany
===================================

> On 24 May 2016, at 12:05, Bajpai, Vaibhav <v.bajpai@jacobs-university.de> wrote:
>
>> On 18 May 2016, at 16:33, Phil Mayers <p.mayers@imperial.ac.uk> wrote:
>>
>> On 18/05/16 15:32, Tim Chown wrote:
>>
>>> The flip side is what evidence do we have that its a problem that is
>>> common enough to care about?
>>
>> This is a fair point. Perhaps I'm overreacting - we don't get too
>> many of these.
>
> I am going to present some data showing the scale of this problem in
> 10 minutes from now at the RIPE meeting. Stay tuned!
>
> Measuring Webpage Similarity from Dual-Stacked Hosts
> https://ripe72.ripe.net/programme/meeting-plan/plenary

Here is the video:
https://ripe72.ripe.net/archives/video/126

Best, Vaibhav

===================================
Vaibhav Bajpai
www.vaibhavbajpai.com

Room 91, Research I
School of Engineering and Sciences
Jacobs University Bremen, Germany
===================================

Hi,





On 18/05/2016, 14:45, Matthew Ford <ford@isoc.org> wrote:

>Many moons ago, europa.eu IPv6 ‘service’ was a reverse-proxy operated by BT. I have no idea what the current kludge is.

I just wanted to briefly follow up in defence of the reverse-proxy as a good design for a HTTP application’s dual stacking model. Just as in the 4-only world a reverse proxy was a valid deployment model to provide load sharing/performance/tcp session offloading from the back end, etc.,etc.

My personal website today, whilst of course not a major web asset, utilises a reverse proxy to offer service to suffering people on a legacy 4-only connection. The back end is hosted on a v6 only network, and a reverse proxy is dual stacked. It’s a perfectly OK model.

Andy