Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Major 'Net Players Mulling IPv6 Whitelist

Soulskill posted more than 4 years ago | from the transition-period dept.

Networking 158

netbuzz writes "From this week's IETF meeting in Anaheim comes word that leading Web content providers are talking about creating a shared list of customers who can access their Web sites via IPv6. The DNS Whitelist for IPv6 would be used to serve content to these IP addresses via IPv6 rather than through IPv4. David Temkin, network engineering manager with Netflix, says: 'We're looking into the same service that Google has, where we will try to track what connectivity the user has. We're in discussions with Google, Yahoo, Netflix and Microsoft to see whether it makes sense to have a shared, open source DNS whitelist service.' ISPs are not wild about the idea."

cancel ×

158 comments

Sorry! There are no comments related to the filter you selected.

Long live... (1, Funny)

Anonymous Coward | more than 4 years ago | (#31640890)

IE6, Windows XP Pro, and IPv4!

Re:Long live... (1)

MrEricSir (398214) | more than 4 years ago | (#31641104)

You and your fancy technology... I'm sticking with Windows 98 and IE 2.

Re:Long live... (0)

Anonymous Coward | more than 4 years ago | (#31641164)

and I am sticking with my 2 position switch

Re:Long live... (1)

bennomatic (691188) | more than 4 years ago | (#31641392)

I am sticking with my abacus.

Re:Long live... (0)

Anonymous Coward | more than 4 years ago | (#31641290)

Win98 ships with IE4 (IE5 in SE)

IE2 comes with Microsoft Plus!

Re:Long live... (1)

tagno25 (1518033) | more than 4 years ago | (#31641172)

IE6 and Windows XP both support IPv6

Re:Long live... (0)

Anonymous Coward | more than 4 years ago | (#31641406)

Yeah, apparently you're right. Just performed a Google search, and apparently IPv6 will work on XP Pro SP1. Yes, SP1. And as I said before, Long Live IE6!

Re:Long live... (1)

thsths (31372) | more than 4 years ago | (#31641936)

> apparently IPv6 will work on XP Pro SP1

Maybe so, but it seem to recall that it also included a fatal flaw for IPv6 - something along the line of not supporting DHCP for IPV6 or so. Can you imagine having to type in the local IPv6 address, the gateway and the DNS server? That would take a while!

Re:Long live... (1)

Anpheus (908711) | more than 4 years ago | (#31642150)

DHCPv6 still isn't entirely standardized and lacks many of the features DHCPv4 does still. In practice, I've found DHCPv6 to be a total mess for both Linux and Windows clients, whereas router advertisement (whether from Linux or Windows) works much better and the autoconfigured IPs work fine. Even Windows 2000 supports router advertisement messages if you enable the IPv6 stack I believe.

I really wish there was a better way to combine the two into one service, and why is it not possible for me to broadcast a third party route to clients through radvd or DHCPv6? I can't say "Hey guys if you want to reach fd:dead:beef::/48, go through fd:123:456:789::1." The only way I can do that is if I run radvd on 123:456:789::1, seems a little ridiculous to me.

I swear the networking specialists have totally taken over on IPv6 and left IT and developers and real world users out of the discussion. It's an utter pain to switch to IPv6 because it lacks that sort of central management. Maybe Cisco doesn't have a problem with it because their switches and routers can do all of it in one box, but it's ridiculous for small business.

Re:Long live... (1)

BlueBlade (123303) | more than 4 years ago | (#31642364)

Erm, maybe my certifications are out of date, but how exactly can DHCPv4 advertise routing information (such as your example?). The only routing info you can set through DHCP is the default gateway, which works well even with IPv6. If you need dynamic routing, you'll have to use a routing protocol, and AFAIK, OSPF, RIP, EIGRP and BGP all support IPv6 just fine.

Re:Long live... (1)

Anpheus (908711) | more than 4 years ago | (#31642396)

You tell me how to deploy OSPF, RIP, EIGRP, or BGP in a small business network with branch office VPNs and I'll give you a gold star.

That said, about DHCPv4:
http://www.debian-administration.org/article/Supplying_routing_information_using_DHCP [debian-adm...ration.org]

Defined in RFC3442.

Keep in mind we don't have professional router boxes, there's no room in our budget for a few thousand to drop on Cisco or anything more than a few cheap smoothwall boxes.

Again, this is what I see every time small business networking is involved. There's a huge disconnect between what Cisco or even the IETF think is needed in small business and what actually is.

Re:Long live... (1)

Vancorps (746090) | more than 4 years ago | (#31641848)

This of course depends on your definition of supports as there is no DHCP client for IPv6. In a lot of setups this is however unnecessary.

ISPs are not wild about the idea. (4, Insightful)

John Hasler (414242) | more than 4 years ago | (#31640930)

If ISPs would get their heads out of their asses "this idea" would not be needed.

Re:ISPs are not wild about the idea. (2, Interesting)

snowraver1 (1052510) | more than 4 years ago | (#31641086)

How so? I think that this is a good idea. It can solve the chicken & egg problem we have right now with the Internet and IPv6. By starting to point equipped web traffic to IPv6 services, there is an incentive to start creating IPv6 services with the hope that one day, everything will be reachable by IPv6.

I'm not sure what you mean by the ISPs having their heads in their asses... Maybe you are referring to the lack of IPv6 availability. If so, at this point in the game, there is no point in offering IPv6 because there is nowhere to go. This may solve this. If there is something else that ISP could/should be doing, I would love to hear your ideas.

Re:ISPs are not wild about the idea. (2, Interesting)

Abcd1234 (188840) | more than 4 years ago | (#31641310)

How so?

If ISPs rolled out proper v6 connectivity, this whitelist simply wouldn't be necessary. That's "how so".

Maybe you are referring to the lack of IPv6 availability. If so, at this point in the game, there is no point in offering IPv6 because there is nowhere to go.

Then they shouldn't grumble and whine because people decide to workaround their broken networks, should they?

Re:ISPs are not wild about the idea. (1)

grumbel (592662) | more than 4 years ago | (#31641396)

If so, at this point in the game, there is no point in offering IPv6 because there is nowhere to go.

The main reason why you want IPv6 is so that you could communicate client to client (VoIP, P2P, gaming, etc.). IPv6 provides basically no real advantage if all you want to do is communicate with a big service (youtube, google, etc.), as NAT and proxies mostly work just fine for those cases.

So yeah, ISPs could provide the benifits of IPv6 right now, even when all the big services are still running IPv4 only.

Re:ISPs are not wild about the idea. (3, Funny)

trapnest (1608791) | more than 4 years ago | (#31641454)

I want to use ipv6 because it's cool and new.

Re:ISPs are not wild about the idea. (0)

Anonymous Coward | more than 4 years ago | (#31642276)

There's nothing wrong with that.

Re:ISPs are not wild about the idea. (1)

Sir_Lewk (967686) | more than 4 years ago | (#31641944)

What makes you think people won't still use stateful firewalls with IPv6?

Re:ISPs are not wild about the idea. (1)

Dan Ost (415913) | more than 4 years ago | (#31642872)

Please correct me if I'm wrong, but with IPv6, deep inspection of the packets at the firewall should be impossible because of IPSec.

Re:ISPs are not wild about the idea. (1)

pv2b (231846) | more than 4 years ago | (#31642990)

You're wrong. A compliant IPv6 stack must support IPsec as a mandatory feature. That doesn't mean that all IPv6 traffic is IPsec encrypted.

Deep inspection of IPv6 packets is still possible.

Re:ISPs are not wild about the idea. (1)

FireFury03 (653718) | more than 4 years ago | (#31642078)

The main reason why you want IPv6 is so that you could communicate client to client (VoIP, P2P, gaming, etc.). IPv6 provides basically no real advantage if all you want to do is communicate with a big service (youtube, google, etc.), as NAT and proxies mostly work just fine for those cases.

Multicast...

Re:ISPs are not wild about the idea. (1)

amorsen (7485) | more than 4 years ago | (#31642602)

Multicast doesn't automatically get deployed with IPv6.

Multicast across providers is an unsolved problem, quite possibly an unsolvable problem. Just forget about it, it's putting intelligence in the network and the whole point of the Internet is that the routers are stupid.

Re:ISPs are not wild about the idea. (0, Redundant)

Anonymous Coward | more than 4 years ago | (#31641514)

Copyright 2010. All rights reserved. This comment may not be copied in any way including, but not limited to, caching.

Your comment has been copied to my browser's cache, through no fault of my own. Please don't sue me!

Re:ISPs are not wild about the idea. (5, Insightful)

mellon (7048) | more than 4 years ago | (#31641260)

Actually it's not the ISPs they're referring to who have their heads in their asses. Indeed, I don't think anybody has their heads in their asses on this one--each side of the discussion has legitimate points. From the perspective of IPv6 deployment, the whitelists suck, because mostly they prevent people who are trying to use IPv6 from using it--you have to be on the whitelist before you can get AAAA records from these online services. It's very hard to get on the whitelist, and very easy to get knocked off of it.

ISPs who are deploying IPv6 want to just get the AAAA records, and not have to jump through hoops to get on a whitelist. But the providers worry about people who have crappy home gateways that fall over and die when they get AAAA records, and also about people who have devices on their networks advertising IPv6 connectivity, when they don't actually have it. One presentation in that meeting set the number at about .8% of users, which they felt was too many.

Personally, I think they should just turn on the AAAA records and let the customers who have broken routers see that their routers are broken and fix them. But it's a rough tradeoff--IPv6 has at times gotten a bad rep for being the cause of network problems, and so network no-nothings tend to tell you "IPv6 is the problem" when in fact it's bad code on embedded devices that's the problem. Since disabling IPv6 "fixes" it, IPv6 gets the blame. That's the rationale for the whitelists, and as much as I hate them, I can't say that this rationale is completely wrong.

Re:ISPs are not wild about the idea. (2, Insightful)

Abcd1234 (188840) | more than 4 years ago | (#31641384)

Actually it's not the ISPs they're referring to who have their heads in their asses. Indeed, I don't think anybody has their heads in their asses on this one--each side of the discussion has legitimate points. From the perspective of IPv6 deployment, the whitelists suck, because mostly they prevent people who are trying to use IPv6 from using it--you have to be on the whitelist before you can get AAAA records from these online services. It's very hard to get on the whitelist, and very easy to get knocked off of it.

Meh, I dunno, I don't personally see the problem with this. Making it difficult to get on the whitelist ensures that customers are getting decent v6 connectivity, and in the end, that's a good thing. And I've not heard of a case of some ISP being unilaterally dropped from the whitelist... perhaps you have anecdotes to support that assertion?

Meanwhile, the providers have a very real reason to be concerned. As you say, there's some very broken equipment out there that ends up creating a real impact on the user experience. Yeah, that gear should be scrapped, but in many cases we're talking home routers that people don't even realize are broken. But if the ISPs just provided v6 connectivity, many of those issues would disappear (as those routers would then have v6 connectivity, so the broken routes they previously advertised would now work).

In the end, I honestly don't see any other way to deal with this issue. Providers aren't going to advertise AAAA records until they can be confident that the userbase won't be impacted by onerous delays and connection timeouts. And ISPs won't roll out v6 until there's customer demand for it. The solution solves the issues on the content provider side, and once that happens, that might clear the logjam that's currently stopping v6 from being deployed on a larger scale.

Re:ISPs are not wild about the idea. (1)

amorsen (7485) | more than 4 years ago | (#31642622)

Personally, I think they should just turn on the AAAA records and let the customers who have broken routers see that their routers are broken and fix them.

If you were Google, would you be willing to sacrifice 0.7% of your users just to be an IPv6 pioneer? They'd be gaining less than 0.01% of users who are IPv6 only.

Re:ISPs are not wild about the idea. (1)

WrongSizeGlass (838941) | more than 4 years ago | (#31642668)

I don't think anybody has their heads in their asses on this one--each side of the discussion has legitimate points.

But IPv6 is coming whether they like it or not. There's no stopping it, and the closer we get to the available IPv4 pool drying up the less time they'll have to implement IPv6.

Sh!t or get off the pot? It's time to do both.

Not a "whitelist" (3, Insightful)

pem (1013437) | more than 4 years ago | (#31640952)

This is not a whitelist proposal.

This is the mother of all cookies.

Re:Not a "whitelist" (2, Interesting)

marcansoft (727665) | more than 4 years ago | (#31641066)

Just wait until the tinfoil hatters realize that by default IPv6 stateless autoconfiguration puts your globally unique MAC address in the second half of your IPv6 address...

Re:Not a "whitelist" (4, Interesting)

Abcd1234 (188840) | more than 4 years ago | (#31641252)

LOLFR, "globally unique MAC address"... riiight. No manufacturer has *ever* reused a MAC address... *snicker*

Re:Not a "whitelist" (1)

nextekcarl (1402899) | more than 4 years ago | (#31641796)

Case in point, about 10 years ago I had a friend who worked for a School for the Blind (they had more than just blind kids there at the time) and they set up a network using off the shelf components from a local (big name) electronics store. Though each machine worked fine on it's own, they couldn't get anything to work on the network. After hours of trying different things out they found out every single network card they bought had exactly the same MAC address. As soon as they returned them and went to a different store for the network cards everything worked perfectly.

And when registering my cable modem through Comcast's strange process which normally uses your MAC address (usually from your router) after I replaced the modem (when it went bad) I had to call support because it wasn't working (and the error wasn't very useful). The problem? The MAC address I was trying to use was already in use by another customer about 25 miles away. So I cloned my other computer's MAC address (now that I knew what the problem was) and had no more issues.

Re:Not a "whitelist" (1)

marcansoft (727665) | more than 4 years ago | (#31641844)

MAC addresses are _mostly_ unique, which is plenty to cause privacy concerns. The fact that some manufacturers use duplicate MACs isn't going to appease the tinfoil hatters.

RFC3041 will, but people have to actually implement it and use it by default.

Re:Not a "whitelist" (2, Informative)

Airw0lf (795770) | more than 4 years ago | (#31642982)

LOLFR, "globally unique MAC address"... riiight. No manufacturer has *ever* reused a MAC address... *snicker*

Not to mention a lot of NIC drivers let you specify your own MAC address.

Re:Not a "whitelist" (3, Funny)

mellon (7048) | more than 4 years ago | (#31641280)

Yes, a cookie that says you get your connectivity through an ISP that's on the whitelist. Ooh, scary! :')

The issue is metadata (1)

pem (1013437) | more than 4 years ago | (#31641470)

How do you get on this whitelist? It may well be that metadata must be supplied for that to happen. Is the metadata also stored with the list? What does the metadata consist of?

Maybe nothing but the IP address is stored on the list, but any additional data stored on the list is essentially a cross-site cookie.

Re:The issue is metadata (3, Informative)

Abcd1234 (188840) | more than 4 years ago | (#31641556)

How do you get on this whitelist?

*You* don't get on the whitelist. Your ISP gets on the whitelist, by demonstrating they have functional v6 network connectivity. Once that's done, the ISP is added to the whitelist, and thereafter, any DNS records resolved using the ISPs DNS servers will include AAAA records from participating content providers.

For example, Hurricane Electric entered just this sort of agreement with Google. As such, anyone using HE's DNS servers get Google's AAAA records, and so because I use HE as my tunnel broker, I get access to Google via v6. However, Google knows nothing about me in particular.

Re:The issue is metadata (1)

FireFury03 (653718) | more than 4 years ago | (#31642140)

Your ISP gets on the whitelist, by demonstrating they have functional v6 network connectivity. Once that's done, the ISP is added to the whitelist, and thereafter, any DNS records resolved using the ISPs DNS servers will include AAAA records from participating content providers.

This all seems completely pointless to me. There is no harm in including the AAAA records in all replies - if you have no IPv6 connectivity then your software will simply fall back to the A record (which would also be supplied).

Sure, if your machine's routing table is screwed so it thinks it can reach the server's IPv6 address when it can't then things will break, but that's just tough shit - if your configuration is completely broken then you shouldn't complain when things break badly.

Re:The issue is metadata (1)

amorsen (7485) | more than 4 years ago | (#31642674)

Sure, if your machine's routing table is screwed so it thinks it can reach the server's IPv6 address when it can't then things will break, but that's just tough shit - if your configuration is completely broken then you shouldn't complain when things break badly.

Google loses about 0.7% of requests if they turn on AAAA's. Sure it's the fault of the customer, but that's real money lost for them.

Nice Try but... (1, Insightful)

Anonymous Coward | more than 4 years ago | (#31640968)

Nice idea

But

1) When are ISP's going to get off their Fat backsides and implement IPV6? Most in my part of the world have no plans to do this for 1-2 years.
2) When are the DSL Modem makers going to implement IPV6 in the devices that are sold to the majority of us?

Shame that it ain't going to get a lot of use outside the corporate world.

Re:Nice Try but... (3, Insightful)

Kjella (173770) | more than 4 years ago | (#31641136)

The real issue I think is, who wants an IP6-only Internet connection? NOBODY. Because despite everything, there's millions of applications and shit that won't work because they assume there's nothing but IPv4. You can pry my IPv4 address from my cold dead hands, being on IPv6 would be very close to being permanently behind NAT - you get out, nothing gets in. And if you're handing out a IPv4 address as well, you've gained nothing. I'm guessing someone at the bottom of some barrel somewhere end up taking it anyway because that's all there is, but it won't be in the first world countries. That is the only way it'll really happen beyond nice bullet points on how we should all go IPv6.

Re:Nice Try but... (4, Interesting)

mellon (7048) | more than 4 years ago | (#31641324)

I want an IPv6-only connection. I want one that works. Because then I can have a global IP address that's reachable, and then I can do peer-to-peer protocols. This is much better than IPv4, where mostly my devices are behind a NAT, and peer-to-peer requires clever device-specific hacks to punch holes in the NAT. This reduces reliability, and in a lot of cases makes simple protocols that ought to work fail. I can't do iChat video with my dad because he's on the far side of two layers of ISP-inflicted NATting. And no, he can't change providers - what they have now is orders of magnitude better than what they had before my mom and several other members of the selectboard in her small town organized a local wireless ISP using an antenna at the top of a local mountain. If they had IPv6 that worked, it would be *much* better.

The problem is that right now IPv6-only connections don't work, because not enough stuff on the network is reachable. That's changing, and this is part of the change. At the recent IETF, there was a v6-only network with a 6to4 NAT, and it worked pretty well, although it turned up a few bugs in a certain vendor's IPv6 stack.

Re:Nice Try but... (1, Interesting)

Anonymous Coward | more than 4 years ago | (#31641366)

But if he can open an openvpn to you, then you two can ichat over that...

All openvpn needs is a path from the client to server on a single udp port.

Just a little anonymous tip

Re:Nice Try but... (1)

mikael_j (106439) | more than 4 years ago | (#31642806)

Oh yeah, because that's totally not a messy workaround to a problem that shouldn't even exist in the first place, right?

Re:Nice Try but... (1)

TheRaven64 (641858) | more than 4 years ago | (#31641376)

If I have an IPv6 subnet and an IPv4 address, and both are routable, then I can play games, share files, and videoconference easily with someone else who has the same setup, from any computer on my home network via IPv6. If we both try to use IPv4 then we need things like STUN servers outside that may or may not work reliably and depend on specific behaviour from our respective routers.

Re:Nice Try but... (1)

MariusBoo (883340) | more than 4 years ago | (#31641438)

you get out, nothing gets in

Can someone explain this? I was under the impression that having an IPv6 address is exactly like having a public IPv4 address now (if your software can handle it). That is everyone can get in/out and you can easily host your own server and stuff..

Re:Nice Try but... (1)

Abcd1234 (188840) | more than 4 years ago | (#31641478)

Can someone explain this?

Short answer: no.

Long answer: no, because it's a completely idiotic statement, as v6 addresses are, as you say, globally routable.

Re:Nice Try but... (2)

trapnest (1608791) | more than 4 years ago | (#31641492)

You missunderstand. That's how it would work if the internet wasn't largely ip4 only. If the OP was on an ip6 only network, he'd need to use a 6to4 tunnel to access the ip4 internet, and would be no better off then being behind a restrictive NAT.

Re:Nice Try but... (0)

Anonymous Coward | more than 4 years ago | (#31641486)

Intermediate solution for some (mobile) devices. They get an IPv6 and then if the user wants to browse they can get an IPv4 address for a short period.
This can work for devices that most of there time are not running a web browser but use internet applications.
Still this assumes a very large portion of net also has IPv6, which may or may not be the case in 2012.

And in some parts of the world, we might see IPv6 used by an ISP with some proxy to access IPv4 sites, instead of NAT.

Or you will see that you can get IPv6 and a NAT IPv4, unless you pay your ISP extra.

Re:Nice Try but... (1)

FireFury03 (653718) | more than 4 years ago | (#31642176)

I don't think you're going to see IPv6 on the mobile networks any time soon - the telcos who are rolling out IMS networks tend to be using IPv4. Yes, it's stupid, they are spending millions of pounds replacing their obsolete SS7 networks with obsolete IPv4 networks, but thats where we are.

Re:Nice Try but... (1)

Schraegstrichpunkt (931443) | more than 4 years ago | (#31641650)

The real issue I think is, who wants an IP6-only Internet connection?

If I could have an IPv6-only network with a SOCKS proxy or NAT-PT for v4 connectivity, I'd love it. IPv4 is such a pain to administer.

Re:Nice Try but... (1)

Sique (173459) | more than 4 years ago | (#31641672)

You know that every IPv4 address is by definition also an IPv6 address as in ::127.0.0.1?

Re:Nice Try but... (1)

paul248 (536459) | more than 4 years ago | (#31642642)

You know that every IPv4 address is by definition also an IPv6 address as in ::127.0.0.1?

That's sort of true, but it doesn't really mean anything. You could use that format to store an IPv4 address locally in an IPv6 data structure, but if you try to put that on the wire, nothing will understand it in any useful way.

Re:Nice Try but... (1)

FireFury03 (653718) | more than 4 years ago | (#31642148)

The real issue I think is, who wants an IP6-only Internet connection?

Who said anything about IPv6-only? You can run IPv6 and IPv4 concurrently just fine.

Re:Nice Try but... (2, Informative)

mellon (7048) | more than 4 years ago | (#31641360)

Comcast is doing an IPv6 trial right now [comcast6.net] . Freenet in France has had IPv6 running using 6RD for quite a long time now. You can get IPv6 tunnels from Hurricane Internet [he.net] and Sixxs [sixxs.net] . If you are interested in IPv6, go start using it. Don't just sit there on your (no doubt svelte) ass! :')

Re:Nice Try but... (2, Informative)

Abcd1234 (188840) | more than 4 years ago | (#31641464)

Indeed! After the recent 1.3 release of m0n0wall, which now supports v6, I rolled out v6 on my home network using Hurricane Electric as my tunnel broker. It was dead easy to set up and works extremely well (particularly when combined with a AAAA-capable free DNS hosting service like Afraid.org... goodbye dynamic DNS, it was great knowing ya). Though I did have to manually set up a script to update HE when my v4 IP changes...

Meanwhile, on the road, I just fire up Miredo (a Teredo tunnel client for Linux and presumably other Unixes), and voila, I get v6 connectivity that I can use to access my home network.

Re:Nice Try but... (1)

ObsessiveMathsFreak (773371) | more than 4 years ago | (#31642204)

1) When are ISP's going to get off their Fat backsides and implement IPV6? Most in my part of the world have no plans to do this for 1-2 years.

Stop blaming the ISPs. The current implementation of IPv6 is for all intents and purposes useless . An IPv6 capable computer cannot talk to an IPv4 capable one. This simple, trivial problem was left totally and utterly unaddressed by the IPv6 designers and as a result, IPv6 is and always will be a downgrade from IPv4 in its current form.

The current "method" of deploying IPv6 is to make the network support two protocols, IPv4 and IPv6, simultaneously. It's complete and utter nonsense, and ISPs are right not to implement it. Poor as it is, even running NAT through multiple layers makes more sense than the travesty that is the current IPv6.

Even video games consoles have realised the benefit of backwards compatibility. Yet we can't have it for our fundamental IP protocols because.... . It's incompetence of the highest order and ISPs cannot be expected to put up with it. The moment someone comes up with a backwards compatible IPv6.4 or the like, then ISPs can safely upgrade without damaging or compromising their existing service; and you can be sure they will. Until then, no upgrade is feasible or appropriate.

Re:Nice Try but... (1)

mikael_j (106439) | more than 4 years ago | (#31642840)

Lots of words but all I got out of it was "I like to complain about how stuff is too hard even though I've never even tried it". Running dual-stack is hardly something that's difficult to do, in fact every desktop OS I'm running right now (Ubuntu, Windows and OS X) implements it without a problem out of the box on my home network (NATed IPv4, public IPv6 (firewalled, of course)).

It's not hard and "utter nonsense" if you at least take ten minutes to read up on it.

Re:Nice Try but... (1)

Matt_R (23461) | more than 4 years ago | (#31642928)

Nice idea

But

1) When are ISP's going to get off their Fat backsides and implement IPV6? Most in my part of the world have no plans to do this for 1-2 years.

Mine already has [on.net] . I get Google and Youtube via IPv6.

2) When are the DSL Modem makers going to implement IPV6 in the devices that are sold to the majority of us?

Shame that it ain't going to get a lot of use outside the corporate world.

I'm running native ipv6 over ADSL PPPoE right now (sure, it's a cisco 877..). But there's an OpenWRT custom build [andy.id.au] that does the exact same thing if you have a modem to run in bridge mode. There seems to be an all-in-one router on the way: http://twitter.com/bigjsl/status/11082108182 [twitter.com]

The only problem I've had so far has been Windows 7 not liking newer versions of Cisco IOS - 12.4-24T and 15.0 both have some issue with route advertisment. Funnily enough, there's no problem with WinXP, Linux, or FreeBSD. Only Win7 (and possibly Vista, which I don't have).

This doesn't have to last long (3, Insightful)

Xipher (868293) | more than 4 years ago | (#31640972)

Any ISP that's not "wild" about the idea should step up and work with the community on actually getting IPv6 connectivity as functional as IPv4. I can see Google/Netflix perspective here. If they don't have some sort of white list they will get a black eye for having poor service when it's not even a result of something they control. Hopefully this will be something very short lived but I can imaging if service providers don't step up and start taking IPv6 seriously it's just going to prolong the issue.

Re:This doesn't have to last long (1)

convolvatron (176505) | more than 4 years ago | (#31641318)

whitelist by prefix instead of endpoint address

I'm sure they have a reason for it... (4, Insightful)

pathological liar (659969) | more than 4 years ago | (#31640986)

The article doesn't make it particularly clear what that might be though. The closest I found was:

"There's a pretty key reason for whitelisting," Temkin explains. "It's really, really easy for anyone using, for example, Hurricane Electric's tunneling to find that the IPv6 network becomes an island and that it is broken because they didn't update a tunnel...You end up with the customer having a bad experience. They never see the content or they only see the content after a 30-second wait."

Which seems like a no-brainer to me: Fix the tunnel. I don't even understand how the whitelist might help that -- if the whitelist says "This user has IPv6 connectivity" and you have a broken tunnel either you don't get the content at all, or you still only see the content after a 30-second wait.

The real 'island' problem is that IPv6 routing is kind of a mess. If you're on the east coast of North America and want to connect to western Europe, depending on who your provider is it may well decide to send all of your traffic through Korea, if it even makes it to your target at all. I imagine that's a problem that will solve itself as more routes come online.

Re:I'm sure they have a reason for it... (3, Informative)

Abcd1234 (188840) | more than 4 years ago | (#31641286)

The real 'island' problem is that IPv6 routing is kind of a mess. If you're on the east coast of North America and want to connect to western Europe, depending on who your provider is it may well decide to send all of your traffic through Korea, if it even makes it to your target at all. I imagine that's a problem that will solve itself as more routes come online.

It's actually worse than that. Currently many people have routers at home that send out v6 router advertisements despite not actually having IPv6 connectivity. The result is that many people end up with v6 addresses, and when those machines then try to connect to websites that advertise AAAA records, they end up with long delays as the browser first attempts a v6 connection, times out, and falls back to v4.

Honestly, try googling for "Ubuntu disable ipv6" some time... it's amazing how many people are struggling with this issue. Which is why so many sites are reluctant to roll out v6 connectivity and AAAA records (even Google doesn't do external AAAA resolution unless your ISP has arranged a special agreement with Google which guarantees proper v6 connectivity (luckily Hurricane Electric has such an agreement, so as long as I use their DNS servers, I get v6 connectivity to all of Google's services)).

Re:I'm sure they have a reason for it... (1)

swillden (191260) | more than 4 years ago | (#31641544)

luckily Hurricane Electric has such an agreement, so as long as I use their DNS servers

Very interesting... I have an IPv6 tunnel from HE and I'd like to get that working as well. Is it as simple as pointing your resolver at HE's DNS servers? If so, what are their addresses?

Re:I'm sure they have a reason for it... (1)

Abcd1234 (188840) | more than 4 years ago | (#31641598)

Very interesting... I have an IPv6 tunnel from HE and I'd like to get that working as well. Is it as simple as pointing your resolver at HE's DNS servers? If so, what are their addresses?

Yup! That's all it takes. Just head to the "Tunnel Details" page for your HE tunnel. On that page is an "Available DNS Resolvers" section, which includes a v4 and a v6 address for their DNS server. Use that as your primary, and voila, you'll get AAAA records for most (all?) of Google's services.

Re:I'm sure they have a reason for it... (1)

swillden (191260) | more than 4 years ago | (#31641974)

I can't believe I never noticed those DNS servers in the tunnel info. I just went to google.com at the address 2001:4860:8002::69. Nifty!

Re:I'm sure they have a reason for it... (1)

Trolan (42526) | more than 4 years ago | (#31641640)

Those addresses should be on your tunnel's detail page.

Re:I'm sure they have a reason for it... (1)

paul248 (536459) | more than 4 years ago | (#31642554)

74.82.42.42

Re:I'm sure they have a reason for it... (1)

grahammm (9083) | more than 4 years ago | (#31641662)

It's actually worse than that. Currently many people have routers at home that send out v6 router advertisements despite not actually having IPv6 connectivity.

What are these home routers which advertise IPv6? The only ADSL routers I know of which support IPv6 are by Cisco, which are not exactly common home routers.

Re:I'm sure they have a reason for it... (1)

Abcd1234 (188840) | more than 4 years ago | (#31641814)

No idea, I don't have one. All I know is that searches like this [google.ca] indicate it's a real problem for some (well, or, at least, they think it is...).

Though, I must admit, the fact that I can't find specific model numbers is rather... suspicious (I assume it was some model(s) of D-Link, Linksys, etc, router). ie, people definitely blame the routers in various discussion forums, but I've never seen any one router pinned down as a problem. So I could be mistaken. Though the conclusion is often the same: they disable v6, and their problems go away.

Unfortunately, there's a lot of noise in this signal that can make it tough to pin down where the real problems lie. For example, one issue that has definitely bitten people was a bug in glibc where it would attempt to resolve to find a AAAA record for a host before falling back to A, even though the box didn't have v6 connectivity. This kind of issue could easily be blamed on a router, when it's actually a software bug (that, thankfully, is fixed, AFAIK).

Re:I'm sure they have a reason for it... (1)

paul248 (536459) | more than 4 years ago | (#31642540)

The problem with Ubuntu is that their patched version of glibc always asks for AAAA records when IPv6 is enabled, regardless of whether the machine has an IPv6 route. Then when a client attempts to connect to an IPv6 host, it times out almost instantly because the kernel reports the lack of route. But that timeout isn't the problem.

The real problem is in the AAAA DNS query itself. This can go wrong in a few ways:

1) The authoritative DNS server is misconfigured, such that it completely drops AAAA queries. The user experiences a long delay connecting to these hostnames.
2) The authoritative DNS server has empty AAAA responses without any TTL field, so the respone is not cacheable. This includes slashdot. If you "dig AAAA www.slashdot.org" repeatedly, you will never see an instant cached response, because the record doesn't have a TTL.
3) The user's router has a poorly-written DNS proxy, such that it drops AAAA queries. This causes a long delay for *every* hostname.

These problems will affect any user with real IPv6 connectivity, but they especially affect Ubuntu because it always asks for AAAA records, even on an IPv4-only connection. I haven't checked within the last couple months to see if they ever fixed the problem.

The reason it's a somewhat difficult problem to fix is that completely disabling AAAA also disables literals, like [::1], and IPv6 entries in the /etc/hosts file, like localhost. They could fix the problem by only allowing *local* AAAA queries when the machine has no IPv6 route, but even if they did that, all the problems would resurface once the machine gets a real IPv6 connection.

Why do they need a whitelist (1)

grahammm (9083) | more than 4 years ago | (#31641010)

Why is a whitelist needed? If you do not have IPv6 connectivity then why do a DNS lookup for AAAA records? If a service has IPv6 connectivity, why not let anyone who also has IPv6 connectivity connect to it? There should be no need for a whitelist.

Re:Why do they need a whitelist (2, Insightful)

TheRaven64 (641858) | more than 4 years ago | (#31641080)

Part of the problem is that you may have local network IPv6 connectivity but not Internet IPv6 connectivity. Your application looks up an AAAA record, tries to connect, and fails. Hopefully it will then try the A record (if you use gethostent() then you will do this automatically), but it will have to wait for the connection to fail before doing this, which may take a while.

Re:Why do they need a whitelist (1)

madbavarian (1316065) | more than 4 years ago | (#31641242)

The question then becomes, why is some isolated ipv6-capable router not sending an ipv6 "host unreachable" message to the host that is attempting the off-site ipv6 connection attempt? Wouldn't a correctly written application see this "host unreachable" and then try an ipv4 connection?

Re:Why do they need a whitelist (1)

FireFury03 (653718) | more than 4 years ago | (#31642220)

Part of the problem is that you may have local network IPv6 connectivity but not Internet IPv6 connectivity. Your application looks up an AAAA record, tries to connect, and fails. Hopefully it will then try the A record (if you use gethostent() then you will do this automatically), but it will have to wait for the connection to fail before doing this, which may take a while.

It shouldn't take a while - your router should be returning network unreachable ICMP6 packets which would cause the connection to fail immediately. If it doesn't, fix your router.

Re:Why do they need a whitelist (3, Insightful)

Fastolfe (1470) | more than 4 years ago | (#31641698)

This is to deal with cases where an ISP sets up "trial" or "beta" IPv6 services for their users, and they don't support it as well as their existing IPv4 service. They might have an IPv6 outage for hours or days, but nobody cares because it's just a trial, right? Meanwhile, the user is having an awful experience trying to pull up www.google.com, and they don't know why, and since every other web site seems to come up without a problem (because they're all still on IPv4), they conclude that it's a problem with Google.

You can avoid much of this by whitelisting ISPs that have demonstrated that they actually care about IPv6.

Thanks (1)

acid06 (917409) | more than 4 years ago | (#31641868)

Great explanation. I would mod you up if I had mod points today.
Hopefully someone else will.

Re:Why do they need a whitelist (1)

FireFury03 (653718) | more than 4 years ago | (#31642316)

This is to deal with cases where an ISP sets up "trial" or "beta" IPv6 services for their users, and they don't support it as well as their existing IPv4 service. They might have an IPv6 outage for hours or days, but nobody cares because it's just a trial, right? Meanwhile, the user is having an awful experience trying to pull up www.google.com, and they don't know why, and since every other web site seems to come up without a problem (because they're all still on IPv4), they conclude that it's a problem with Google.

You can avoid much of this by whitelisting ISPs that have demonstrated that they actually care about IPv6.

The ISP shouldn't be handing out IPv6 addresses to normal end-users unless they plan on dealing with outages like they would for IPv4. If they want to "trial" a service that won't remain stable then they need to make sure they only hand out IPv6 addresses to people who have explicitly said they want to be on the trial (i.e. people who understand that they may get poor service, probably people who understand how to drop the IPv6 routes themselves if there is a prolonged outage).

Rather than this "whitelist" idea, a better solution is simply to make more major services available via IPv6. If everyone on a certain ISP regularly can't access google, youtube, bing and facebook for days at a time, that ISP is either going to get their finger out and treat it more seriously, or they are going to lose all their customers.

yeah also if you unplug your modem and forget... (2, Interesting)

FuckingNickName (1362625) | more than 4 years ago | (#31641028)

...to plug it back in again, you get "a bad experience". Seriously, whitelisting just because people smart enough to set up a tunnel forget that it doesn't work any more? Stop being so damn dishonest and come out and admit why you want this whitelist.

Re:yeah also if you unplug your modem and forget.. (3, Informative)

Abcd1234 (188840) | more than 4 years ago | (#31641222)

Seriously, whitelisting just because people smart enough to set up a tunnel forget that it doesn't work any more?

Huh? What the hell are you talking about? The reason this whitelist is necessary is because many people are victims of routers that send out v6 router advertisements despite not having v6 connectivity, or are on a network that claims to have v6 connectivity, but that connectivity as actually broken. As a result, these people get v6 IPs, and then when software tries to connect to websites that advertise AAAA records, they get long delays while their browser times out attempting to connect over v6, at which point it falls back to v4.

Hell, all you have to do is Google for "ubuntu disable IPv6" to see how many people are suffering with this problem.

So, please, quit being a paranoid jackass. There are *very* good reasons to set up this whitelist, and TBH, I think it may be the only way to start getting sites to advertise AAAA records (right now they don't because they're afraid of impacting the user experience due to this very issue).

Re:yeah also if you unplug your modem and forget.. (1)

FuckingNickName (1362625) | more than 4 years ago | (#31641480)

Huh? What the hell are you talking about?

Well, to start off with I made the mistake of reading the fine article:

"There's a pretty key reason for whitelisting," Temkin explains. "It's really, really easy for anyone using, for example, Hurricane Electric's tunneling to find that the IPv6 network becomes an island and that it is broken because they didn't update a tunnelYou end up with the customer having a bad experience. They never see the content or they only see the content after a 30-second wait."

The reason this whitelist is necessary is because many people are victims of routers that send out v6 router advertisements despite not having v6 connectivity

Which routers are these, and why is the correct procedure to maintain a massive whitelist (requiring ISP cooperation) rather than negotiating with ISPs to stop breaking IPv6 (requiring ISP cooperation)? What globally routable prefix are these routers advertising exactly, when they're not being assigned one?

Hell, all you have to do is Google for "ubuntu disable IPv6" to see how many people are suffering with this problem.

The problem of hundreds of sites advertising AAAA records which timeout? As someone who has had IPv6 connectivity for several years, I can tell you that hardly any sites offer AAAA records, so your reason doesn't wash - did you mean something else? Are you sure Ubuntu isn't suffering some problem?

So, please, quit being a paranoid jackass.

If you think I'm wrong, you could have said all that you've said without that sentence.

There are *very* good reasons to set up this whitelist, and TBH, I think it may be the only way to start getting sites to advertise AAAA records

Or, since we're breaking the universality of DNS, why don't we only respond with AAAA records if a nameserver's talking over IPv6?

Re:yeah also if you unplug your modem and forget.. (1)

Abcd1234 (188840) | more than 4 years ago | (#31641530)

Which routers are these, and why is the correct procedure to maintain a massive whitelist (requiring ISP cooperation) rather than negotiating with ISPs to stop breaking IPv6 (requiring ISP cooperation)?

I'm afraid I can't give you specific model numbers, but this is a very well known problem amongst content providers mulling the idea of rolling out v6. And we're talking home routers, here, not ISP core routers.

And the whitelist *is* "negotiating with ISPs"... ie, they negotiate, the ISP sets up v6, and voila, they're on the whitelist. Problem solved.

The problem of hundreds of sites advertising AAAA records which timeout?

There are enough that it's noticeable, yes. Did you do the Google search? I bet you didn't. Maybe you should research the issue before dismissing it out of hand, eh?

If you think I'm wrong, you could have said all that you've said without that sentence.

You suggested that these provides had some ulterior motive for wanting this whitelist, and that the whole v6 thing was a coverup. That sounds pretty paranoid to me.

Or, since we're breaking the universality of DNS, why don't we only respond with AAAA records if a nameserver's talking over IPv6?

Because the *vast* majority of DNS traffic is, and will continue to be for the near future, performed over v4, even if the client is v6 enabled. Hell, I have an HE tunnel right now, and I use v4 to resolve DNS records.

Honestly, if you don't agree with the solution to this problem, fine, so be it. But at least do a little research. This is a very real problem requiring a real solution. Or do you *really* think Google and NetFlix are just too stupid to realize how right you are?

Re:yeah also if you unplug your modem and forget.. (1)

FuckingNickName (1362625) | more than 4 years ago | (#31641718)

but this is a very well known problem amongst content providers mulling the idea of rolling out v6

The problem of ISPs distributing broken routers which manage to advertise a prefix which they aren't ever issued with? Perhaps you aren't sure yourself, since you haven't been able to name one router which exhibits the problem, but you're not making it clear what actually goes wrong and why the solution isn't to fix the problem (of distributing broken routers) rather than one huge bureaucratic bandaid.

And the whitelist *is* "negotiating with ISPs"...

Erm, yes, that's what I meant by, "negotiating with ISPs to stop breaking IPv6".

ie, they negotiate, the ISP sets up v6, and voila, they're on the whitelist. Problem solved.

If you regard negotiating with every ISP as "voila... problem solved", you are more engineer than the real world will allow for.

There are enough that it's noticeable, yes. Did you do the Google search? I bet you didn't. Maybe you should research the issue before dismissing it out of hand, eh?

I've already heard many people whine about IPv6 slowing down their machine. It's usually to do with a small amount of time wasted by failing at looking up an AAAA record before moving onto the A record, and nothing to do with finding an AAAA record and trying to access it. The AAAA lookup, as far as I can recally, happens when the system supports IPv6 rather than only when the system has a routable IPv6 address, which is daft.

(But, yes, I did a search about half an hour ago on my preferred search engine in case some new issue had exploded recently. Nope.)

You suggested that these provides had some ulterior motive for wanting this whitelist, and that the whole v6 thing was a coverup. That sounds pretty paranoid to me.

I suggested that the ISPs aren't being honest about why they want the whitelist. The fact that neither the guy interviewed in TFA (as I've shown) nor you (as I've shown) are giving a fully comprehensible explanation for the whitelist - even if there is one - suggests that there is not clarity about the reason for the whitelist.

Because the *vast* majority of DNS traffic is, and will continue to be for the near future, performed over v4, even if the client is v6 enabled.

If I'm Joe provider, I can return AAAA records if you're using my DNS server via IPv6, or A records if you're using it via IPv4. And, if I'm an ISP, I'll send the customer appropriate A-sending or AAAA-sending server addresses depending on how you're connecting, without you having to worry. Why will this not happen, unless you don't want it to? I need more information.

Or do you *really* think Google and NetFlix are just too stupid to realize how right you are?

I don't think Google or NetFlix are stupid - I think they're top performing businesses. Why would I therefore assume that their solution to a problem is the best solution for anyone but Google or NetFlix? "You must be wrong - Google has a solution and it's not the same as yours!" is fallacious, as I'm sure you can see.

Re:yeah also if you unplug your modem and forget.. (1)

Abcd1234 (188840) | more than 4 years ago | (#31641912)

The problem of ISPs distributing broken routers which manage to advertise a prefix which they aren't ever issued with? Perhaps you aren't sure yourself, since you haven't been able to name one router which exhibits the problem, but you're not making it clear what actually goes wrong and why the solution isn't to fix the problem (of distributing broken routers) rather than one huge bureaucratic bandaid.

Because the whitelist is feasible? The alternative is to break connectivity for (according to these folks) .8% of users while those broken routers are fixed/replaced.

Besides which, without v6 content, there is no reason to fix broken hardware. And if the broke hardware isn't fixed, content providers won't roll out v6. It's the same chicken-and-egg problem v6 has been stalled over for years. The difference is, this whitelist solution actually has a chance of fixing it.

If you regard negotiating with every ISP as "voila... problem solved", you are more engineer than the real world will allow for.

If the guys running the whitelist are willing to go through that effort, who cares? Does it solve the problem? Yes. Is it complicated? Certainly. But at least it has a chance of succeeding.

I've already heard many people whine about IPv6 slowing down their machine. It's usually to do with a small amount of time wasted by failing at looking up an AAAA record before moving onto the A record, and nothing to do with finding an AAAA record and trying to access it. The AAAA lookup, as far as I can recally, happens when the system supports IPv6 rather than only when the system has a routable IPv6 address, which is daft.

Yeah, agreed, that's definitely an issue. In fact, glibc used to do that for a long time (fortunately that issue is fixed... I believe now it only attempts AAAA resolution if the host has a routable v6 address).

And I certainly agree with you that there are likely *many* reasons why advertising AAAA records has caused headaches for end hosts, not the least of which is broken v6 stacks (as previously alluded to). But broken routing is, at least as far as I can tell, a well known issue with v6, and I really can't blame the content providers for attempting to search for a solution to this issue.

I suggested that the ISPs aren't being honest about why they want the whitelist.

So what do you think the real reason is? Either it's to fix v6 connectivity issues, or there's some other reason. Why do you propose that reason is?

If I'm Joe provider, I can return AAAA records if you're using my DNS server via IPv6, or A records if you're using it via IPv4. And, if I'm an ISP, I'll send the customer appropriate A-sending or AAAA-sending server addresses depending on how you're connecting, without you having to worry. Why will this not happen, unless you don't want it to? I need more information.

Probably because there's *still* some [sixxs.net] OSes that don't support DNS resolution over IPv6? Heck, even glibc is known to have issues [archlinux.org] with this configuration.

I don't think Google or NetFlix are stupid - I think they're top performing businesses. Why would I therefore assume that their solution to a problem is the best solution for anyone but Google or NetFlix?

Well, if you have a better idea, let's hear it.

Re:yeah also if you unplug your modem and forget.. (1)

FuckingNickName (1362625) | more than 4 years ago | (#31642294)

The alternative is to break connectivity for (according to these folks) .8% of users while those broken routers are fixed/replaced.

The Internet is regularly broken for .8% of users for a multitude of reasons. Expecting all ISPs on the planet to end up cooperating with a huge Google-borne list is more of a political and administrative burden than inconveniencing .8% of users.

In the next 3 or 4 years every site transitioning to IPv6 will need to do more than just add an IPv6 address one day and remove an IPv4 address at some point down the line. It's not just the issue the article seems to get its panties in a bother over, it's the more fundamental problem that bandwidth and routing for IPv6 is still fairly lame, and most people have to use tunnels. As such, even people (like myself) with working IPv6 connectivity end up with a shittier service when a site is IPv6 enabled. Regardless, even people with good IPv6 service from their ISPs might be using a router which breaks IPv6, and how will the ISP know about that? So a transition must occur in stages for any significant hoster:

1. Simultaneously run www.ipv6.site.com and www.site.com, where the latter of these has A records only. Advertise it for geeks, etc.

2. Watch feedback for your own and other sites, encourage manufacturers to fix their firmware, etc.

3. When it appears that IPv6 performance is decent for a good number of people, push people to try out the IPv6 version of the site.

4. Repeat 2 at some critical mass.

5. Create www.ipv4.site.com and add AAAA records to www.site.com. Give links to www.helponipv6orsomething.org for people having troubles, plus the well-advertised alternative of www.ipv4.site.com.

6. At some point in the future, remove www.ipv4.site.com.

7. At some point in the long distant future, remove A records.

Besides which, without v6 content, there is no reason to fix broken hardware.

The problem is people who think IPv6 is a waste of time (the crisis managers) vs technocrats who want to push it on people via some huge magic scheme which involves EVERYONE. All that's needed is a few bigger players to offer two alternative sites, as above, and to perhaps give perks for IPv6 - hopefully /using/ the advantages of IPv6, such as working multicasting for bandwidth-efficient live media streaming, or IPv6sec, or any number of things that are easier without NAT.

If the guys running the whitelist are willing to go through that effort, who cares? Does it solve the problem? Yes.

The problem is not the dearth of people willing to get paid to do Google's bidding - the problem is expecting every ISP on the planet to want to cooperate, and for such an administrative effort to scale that well.

So what do you think the real reason is? Either it's to fix v6 connectivity issues, or there's some other reason.

Information and control. I mean, if it's no bother, I'll volunteer to be the guy who aims to get a list of every ISP on the planet, an accurate database of addresses actually used by its customers, and an implied statement of willingness to submit data to my database (and to comply with various conditions) in return for me to provide Internet services. In fact, now I have all this information, it seems I'm duplicating a lot of the work of the IP registries... I'd sure be happy to help out with that too!

Probably because there's *still* some [sixxs.net] OSes that don't support DNS resolution over IPv6?

Irrelevant. The local router/gateway does the requesting - it could be an IPv6 DNS client and an IPv4 DNS server (although tbh I'm not quiet sure what's being whitelisted anyway here, as it's the ISP's DNS server that's going to be seen by the content provider). For tunneled machines, you're already requiring people to install special software, so you can also install an appropriate local proxy.

Re:yeah also if you unplug your modem and forget.. (1)

Abcd1234 (188840) | more than 4 years ago | (#31642860)

The Internet is regularly broken for .8% of users for a multitude of reasons.

That's a BS argument, though. The "internet" isn't broken for these people. IPv6 is broken for these people. If a content provider deploys IPv6, suddenly a *new* 0.8% of internet users will be highly annoyed trying to access their site. So, from a content provider's perspective, they can either inconvenience that .8% of users for no real appreciable gain in the short term, or they could just not bother.

The third option is this one: selectively make v6 available to ISPs who guarantee connectivity.

All that's needed is a few bigger players to offer two alternative sites, as above, and to perhaps give perks for IPv6 - hopefully /using/ the advantages of IPv6, such as working multicasting for bandwidth-efficient live media streaming, or IPv6sec, or any number of things that are easier without NAT.

But that's already been tried! Hell, Google's been running ipv6.google.com for *years*. But IPv6 adoption *still* isn't happening. So, yes, we could keep going with your plan, ensuring that v6 will never get out the door, or we can finally admit that transition scheme simply doesn't work, and try something different.

Information and control. I mean, if it's no bother, I'll volunteer to be the guy who aims to get a list of every ISP on the planet, an accurate database of addresses actually used by its customers, and an implied statement of willingness to submit data to my database

Umm, what the fuck are you talking about? Do you even understand how this scheme works? Apparently not.

Here, let me explain how Google does it (presumably this larger-scale whitelist will work the same way): ISP goes to Google and says "I'm v6 ready!". Google says to ISP "aight, sweet, let's test it out." Google verifies it works. Now Google configures their DNS servers to return AAAA records to the ISP DNS server. Now anyone in the ISP's network using the ISP's DNS servers will get AAAA records for Google's services.

Nowhere in this scheme does Google need a list of IP addresses from the ISP.

Seriously, where'd you get the idea that they'd need a IP list?

Irrelevant. The local router/gateway does the requesting - it could be an IPv6 DNS client and an IPv4 DNS server (although tbh I'm not quiet sure what's being whitelisted anyway here, as it's the ISP's DNS server that's going to be seen by the content provider).

Oh come on, you and I both know that most people don't have a local DNS cache that can submit the requests over v6. We're talking about your grandma, here, not a computer geek running their own FreeBSD firewall.

All it will take... (1)

Anonymous Coward | more than 4 years ago | (#31641034)

Is Google making their new 1Gbps IPv6 only.

How much IPv6 Hardware is there? (2, Interesting)

cdrguru (88047) | more than 4 years ago | (#31641060)

I suspect one significant impediment to implementation of IPv6 on the part of most ISPs is that it would take wholesale replacement of significant amounts of hardware.

Sure, the latest model of a router may support IPv6, but the 200 or so that an ISP has may not and there may be no upgrade path for it. Just like there is no Windows Vista driver for some hardware - too old to bother with - there is plenty of hardware out there that will never support IPv6. Until this is replaced, IPv6 isn't going to happen.

I think we have finally reached the point where new hardware supports IPv6, almost universally. So now we are just waiting until the older hardware is replaced. I suspect larger ISPs are somewhat reluctant to move out millions (and possibly tens of millions) of dollars worth of hardware before they have to.

Of course, they could just raise the rates for everyone to cover it.

Re:How much IPv6 Hardware is there? (1)

grahammm (9083) | more than 4 years ago | (#31641216)

I think we have finally reached the point where new hardware supports IPv6, almost universally. So now we are just waiting until the older hardware is replaced.

That may be true of ISP and carrier level hardware, but consumer level routers do not.

Re:How much IPv6 Hardware is there? (1)

John Hasler (414242) | more than 4 years ago | (#31641300)

> That may be true of ISP and carrier level hardware, but consumer level
> routers do not.

Most of which were supplied by the ISPs.

Re:How much IPv6 Hardware is there? (1)

FireFury03 (653718) | more than 4 years ago | (#31642418)

> That may be true of ISP and carrier level hardware, but consumer level
> routers do not.

Most of which were supplied by the ISPs.

However, *everyone* has known that IPv6 support is going to be desirable (or even required) within a reasonably short time-frame for quite a long time.

I guess it makes some business sense for the router manufacturers to wait for as long as possible to implement IPv6 support, since it will increase sales (all those IPv4-only routers being sold today will need to be replaced with ones that support IPv6 quite soon. If they were already shipping IPv6 routers, no replacement would be necessary == less future sales).

But for ISPs who supply "free" routers, you would think they would be interested in replacing those routers as infrequently as possible. So they should have been shipping IPv6 capable routers years ago, to reduce the number of IPv4-only ones that they will need to eventually replace.

Unfortunately, whether you're buying a DSL router yourself or getting it from an ISP, you're almost certainly not going to get anything IPv6 capable today. I imagine most home-users expect their DSL routers to last in excess of 5 years (mine is 8 years old at the moment, and I'm not likely to replace it until the local exchange gets the 21CN upgrade towards the end of next year); but I will be surprised if IPv6 connectivity doesn't become very important within the next 3 years.

Re:How much IPv6 Hardware is there? (1)

John Hasler (414242) | more than 4 years ago | (#31642730)

> Unfortunately, whether you're buying a DSL router yourself or getting it
> from an ISP, you're almost certainly not going to get anything IPv6 capable
> today.

Since the "router" in a DSL modem is crap anyway you're better off putting the damn thing in bridge mode and using a seperate router/firewall such as an old pc.

Re:How much IPv6 Hardware is there? (1)

FireFury03 (653718) | more than 4 years ago | (#31642854)

Since the "router" in a DSL modem is crap anyway you're better off putting the damn thing in bridge mode and using a seperate router/firewall such as an old pc.

Which is exactly what I do - my crappy D-link router periodically loses the default route (the DSL is up and everything, so it won't bother trying to reinitialise, it just doesn't have a default route in the routing table so no traffic can go out over the DSL), so my solution was simply to put it into bridge mode and let my SheevaPlug be the PPP endpoint.

However, the *vast* majority of the public aren't going to want to (or know how to) do this.

Also, using bridge mode requires you to drop the MTU down to 1492 octets, which causes some other problems. There are far too many idiots in charge of routers who think that dropping all ICMP packets is a good idea. For older Windows systems (which were incapable of PMTU discovery) and people with a 1500 octet MTU this isn't a problem, but for the minority who are running on a lower MTU this causes PMTU discovery to break and TCP sessions will spontaneously hang. The only work-around for this is to ensure that the MTU on all your machines (rather than just the router) is set similarly low, which is a pain in the arse.

Re:How much IPv6 Hardware is there? (1)

Vancorps (746090) | more than 4 years ago | (#31642254)

Except that every one of the printers I rented for my event, about 20 or so still don't support IPv6, they are Ricoh multi-function units that would cost thousands the buy. They are supposedly enterprise ready machines.

Re:How much IPv6 Hardware is there? (1)

Hadlock (143607) | more than 4 years ago | (#31642690)

I would imagine most backbone hardware installed since 2002 has ipv6 capability, along with any residential neighborhoods wired up since 2005 or so. That makes up something like 30% of the US population. There are, however, office buildings full of IPv4 fiber equipment that will have to be replaced some day. As the cost comes down, I would imagine the units they replace will have 10x the capacity of those installed in the early-mid 1990s and cost a quarter of the units they are replacing, even adjusting for inflation. There's some math to it, but I would imagine in the next year or two, it will make sense to refit older, lower capacity equipment, rather than lease new space to install the new equipment. We're probably five years away before the beginning of a true transition though, and won't finish until 2020. By that time all new equipment installed in the last 15 years will have been IPv6 compliant, which will probably make up all but the hardiest routers, switches, etc.

DNS (AAAA and PTR -record) syntax, why? (0)

Anonymous Coward | more than 4 years ago | (#31641248)

Okay, I'm looking at the wikipedia page of IPv6 addresses in the Domain Name System [wikipedia.org] .

The A-record is simply: something.example.com. IN AAAA fdda:5cc1:23:4::1f

But why is the PTR so damn verbose? For example: f.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.4.0.0.0.3.2.0.0.1.c.c.5.a.d.d.f IN PTR derrick.example.com.

Is it some indexing thing?

Re:DNS (AAAA and PTR -record) syntax, why? (2, Informative)

Shimbo (100005) | more than 4 years ago | (#31641370)

But why is the PTR so damn verbose?

Delegation without a hack like RFC 2317.

Oh, really? ;) (1)

RichiH (749257) | more than 4 years ago | (#31641412)

The DNS Whitelist for IPv6 would be used to serve content to these IP addresses via IPv6 rather than through IPv4.

Let me guess, those would be IPv6 addresses? ;)

That obvious joke being made, I will now go read the article as the news blurb is useless, yet sounds interesting.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?