But then I read what is happening, and well, WTF?
It seems several major internet services (Google, Facebook, Yahoo!, Akamai and Limelight Networks) will be turning on IPv6 access for 24 hours. Other organisations are encouraged to do the same.
So lets get this straight...
- Deliberately do not set up IPv6 access now, wait until 8th June 2011
- Deliberately turn *OFF* IPv6 access on 9th June 2011
So what it will mean as an ISP? Well, Google for example is already IPv6 for all of their services for our customers because of their ISP specific DNS, so no change there on world IPv6 day. In fact, for us, the whole thing will be a non event. We could not "participate" if we wanted to, as we did this last decade.
So, 10/10 for publicity stunt, but why are people not simply turning on IPv6 now, or 10 years ago? Why wait until 8th June, and why turn it off again on the 9th?
One nice thing is a test site for IPv6 access.
Turning it off after IPv6 day does seem insane; the event itself (and that test site) is a great idea because it might prompt people to look at it (or, in my case, look at it yet again...)
ReplyDeleteMy main problem is that I've got a handful of computers all necessarily NATed (sorry) off the single IPv4 address I have. From what I can make out of from the (frankly bemusing) information online, there's no easy way to step into the IPv6 world - my router doesn't talk IPv6, I can't (I think?) tunnel from behind NAT so my only option will be to stick another box in as an unNATed gateway (which is fine, but it's another box I have to get around to building...)
IPv6 is, I suspect, largely being held back because it's currently a significant amount of work to enable at the consumer end, in many instances.
The answers are obvious I suppose, but kind of scary:
ReplyDelete(i) They are not turning on IPv6 now because they aren't ready.
(ii) They think their systems could fall over in a heap on the 8th. So they aren't offline for a long period, they're planning on turning IPv6 off again on the 9th.
There is a potential pitfall for a large website, I suppose. If you serve an AAAA record to someone with misconfigured IPv6, they will get a very poor service. Every time they attempt to connect, there will be a delay while the IPv6 side times out, and it falls back to IPv4. It's difficult to know how common this is, without doing the kind of test being discussed.
The panic will actually start long before June anyway, IMO. When IANA assign their last /8s, people will realise that IPv6 is something they have to do now, rather than 'sometime'.
Well, consumer routers are starting to happen, so soon it will be a simple matter of a router replacement for £20 or something. Router PSUs go bang after a year or two anyway :-)
ReplyDeleteThe issue with trying the AAAA first only really applies if you have an IPv6 set up and no IPv6 routing. That should not happen, but does. It is a tiny fraction of people and the only way they will ever fix their set up (typically just applying those o/s patches that they have been nagged about for the last couple of years by their PC) is by making this happen. If you say you can't do IPv6 because 0.1% of people will have problems, then they will always exist and you will never do IPv6. Previous experiences (linked from that site) suggest it is a non-problem.
ReplyDeleteDo you know any consumer routers we can buy yet?
ReplyDelete(the firebrick is not consumer!)
The FireBrick is nice and just works, but fair point on the price.
ReplyDeleteBillion claim to - with a wifi router.
Zyxel say real soon now and want a meeting.
Fritz do one as well, again wifi.
Not got cheap / give-away DSL routers doing IPv6 yet.
Maybe they will be world IPv6 day :-)
Some of the really big sites are still afraid of that last 0.1% (or so) which will have problems reaching them when they turn on the AAAA records because that will translate into a number of missed sales / ad impressions.
ReplyDeleteSome systems still seem to use b0rken ways to access ipv6 like 6to4 prefixes announced locally by broken internet connection sharing.
Yes, in somewhat over 10 years (remember the .com boom) major websites have gone from "Let's do this new stuff and see what happens" to "don't try anything which might affect even a tiny portion of our visitors".
Doing it all on one day what heise.de and others did before will show the people affected that it is not just that one site being slow but it is their computer being misconfigured.
Yes, agreed. What makes no sense is turning it off the day after. Leave it on. You have to do it one day. People will not fix their systems if they do not see them as broken.
ReplyDeleteWikimedia's English language IPv6 compatibility testing (http://ipv6and4.labs.wikimedia.org/) reckons it's around 0.34% will get broken. I can see it's hard to make a business case as facebook/yahoo/google for turning it on if you're going to lose a bunch of users to your competitors for doing so. From the point of view of risk adverse management this seems like a less risky "dipping the toe in the water" strategy.
ReplyDeleteThe heise.de similar experiment that Koos mentioned was apparently so successful that they were persuaded to go live with AAAA records permanently (http://www.h-online.com/features/The-big-IPv6-experiment-1165042.html)
The publicity that this generates hopefully will be sufficient that people who discover it breaks things for them will be motivated to fix things and presumably more permanent deployments will follow shortly, especially with positive feedback. Radio 4, for example, ran a piece today apparently (the world is “running out of numbers") so I'm awaiting the phone call from my Dad+Sister this evening.
So conflicting reports - but it will always be some small percentage until you force those people to sort their network and you do that by starting to use IPv6.
ReplyDelete"Google for example is already IPv6 for all of their services for our customers because of their ISP specific DNS".. are they really ?
ReplyDeleteSo you can give me an AAAA for talk.google.com or imap.gmail.com ?? Your recursive resolvers can't ! www.google.com is only a tiny part of what needs to be IPv6 enabled.
Interesting - I was mistaken then. I'll have to check that. I was going on what I was told by someone and not what I checked, which is bad. Should verify facts...
ReplyDeleteNote www.gmail.com is IPv6, so I suspect they have turned on web sites, and the web based access to things... I wonder which services they will turn on for world IPv6 day?
ReplyDeleteWhen you're the size of Google or Facebook, 0.1% isn't a small percentage.
ReplyDeleteThe Facebook statistics page says they have 500 million active users. So, 0.1% is 500,000 users.
Some changes have been improving this. I think the most recent presentation I've seen on this topic is:
http://ripe61.ripe.net/presentations/162-ripe61.pdf
I can see why "breaking" things for a day is a good way to start to wake people up, without upsetting lots of users too much.
Possibly a another thing for these sites to start doing immediately would be to use the techniques that detect IPv6-brokenness and alert users that they have a problem.
It's a bit pointless enabling the www parts without the rest. Oh look, I can get to www.gmail.com, but can't actually send any email since smtp.gmail.com is IPv4 only...
ReplyDeleteGoing through my bookmarks there's maybe 1-2% of them have IPv6, and apart from aaisp or things like he.net most of the stuff with IPv6 are the small places.
iPlayer over IPv6 anyone ?
Interestingly the test-ipv6.com page you linked to doesn't have an IPv6 address either :)
I agree that enabling www only is rather odd, and I think we ll ask google what they are playing at there.
ReplyDeleteObviously test-ipv6.com only has an IPv4 address. The idea is that it is to test your connection - if you have a bad config and cannot get top the test page to tell you that it would be a bit daft.
The other problem is that you don't know which of your users fall into the 0.1%. For example, Mac OS X has had issues in the past where it prefers non-working 6to4 connectivity over working IPv4. If users of affected versions of Mac OS X are important to you, you can't switch to dual stack until the affected users have native IPv6.
ReplyDeleteGranted, this is more NAT induced brokenness, but it's still commercial reality for Google et al.
Pete Favelle said...
ReplyDeleteI can't (I think?) tunnel from behind NAT
infact the good news is you CAN! :D
I have done this quite a few times while in PL
you use one of your (existing) boxes as an ipv6 tunnel end and thus ipv6 gw for your network
and depending on your router's capabilities either put that box in a dmz or allow proto 41 through to it
I've done this with a MacBook and it works fine via a £30 router where I was forced to put the MacBook into a dmz and arrange for its own ipfw firewalling and ip6fw too :)
what is more my tunnel end was on my own aaisp home network back in the UK thus part of my aaisp ipv6 subnet
theres a good Hurricane Electric howto exactly for ppl behind NAT
If I find it I'll post the link
as for ipv6 day .... what a lame thing to do ... turn it off the next day
why not just turn it on and leave it on and force ppl to fix their broken stacks
LOOKING AT YOU APPLE ^^^^ ;P
MikroTik Routerboard 750 or 750G is ideal for running IPv6 can use any old ADSL modem/router in bridge mode, cheap too !
ReplyDeletezawim: "you use one of your (existing) boxes as an ipv6 tunnel end and thus ipv6 gw for your network"
ReplyDeleteWell yes, but that requires the designated box to always be on; I suppose I could route the whole LAN via my desktop but that seems ... icky.
Nick: funnily enough, the 750/G is pretty much the route I'm going to take. Does it need the modem to be in bridge mode though?
I have to admit this is the biggest problem I personally have around IPv6. I *know* IPv4 and can confidently build my network any way I want. IPv6 largely bemuses me...
I think the reasoning for announcing it as a single day is (a) if something goes wrong for someone, hopefully they will have heard the hype and connect it with fixing their ipv6, rather than just going 'oh, that's odd, site X is down today' and (b) they aren't committing themselves to any more than a day. Clearly the idea is to enable ipv6 long term, and if nothing goes wrong on the first day, maybe they will just leave it on, but they need (or, at least, legal/management need) an out in case there are problems.
ReplyDeleteDo you have any stats about what percentage of traffic through A&A is ipv4/ipv6. it would be interesting to see if there is a trend, or if ipv6 day makes any difference.
ReplyDelete@ Pete Favelle
ReplyDeleteyoure right some _other_ box needs to be on
one way or another
at the mo we dont have native handling adsl routers
so yes there'd have to be a modem in bridged mode and something to run pppoe on ... personally I'd go for an alix, mind is a 2d3 LX800
you can run off cf card or with a small adapter cable you can use a 2.5" pata laptop drive
the advantage of the alix is that YOU choose what you install be it embedded (suitable for usb or cf install) or not embedded debian bsd obsd or m0n0wall or what ever that supports ipv4 and ipv6
apart from initial purchase at 5W the alix is wonderfully low on power consumption
re ipv6 its essential bits its very very similar to ipv4
iptables - ip6tables
pf --- just works !
routes
additinal ips on interfaces
etc
go for it you know you want to ;)
for more info
http://www.aa-asterisk.org.uk/index.php/Connecting_to_AAISP_using_PPPoE
hope this helsp
@ Pete Favelle
ReplyDeleteforgot to mention the routerboard / routeros doesnt do pppoe ipv6 too well at the mo - its very much in beta, unless someone knows different
though some users are using it successfully
imho the alix or indeed anything even like an old wrt54gs running openwrt will do very nicely
hope this helps
I'd go for OpenWRT on an existing router too (if you have a supported one).
ReplyDeleteInteresting info - thanks. Sadly I'm not sure my various routers are up to bridging and I certainly don't have any boxes which play nicely with OpenWRT (been there before!)
ReplyDeleteStill, might have to bite the bullet and explore the tunnelling side of things - that, at least, should be possible with my various bits of hardware!