Slashdot Mirror
Major 'Net Players Mulling IPv6 Whitelist
netbuzz writes "From this week's IETF meeting in Anaheim comes word that leading Web content providers are talking about creating a shared list of customers who can access their Web sites via IPv6. The DNS Whitelist for IPv6 would be used to serve content to these IP addresses via IPv6 rather than through IPv4. David Temkin, network engineering manager with Netflix, says: 'We're looking into the same service that Google has, where we will try to track what connectivity the user has. We're in discussions with Google, Yahoo, Netflix and Microsoft to see whether it makes sense to have a shared, open source DNS whitelist service.' ISPs are not wild about the idea."
IE6, Windows XP Pro, and IPv4!
http://www.networkworld.com/cgi-bin/mailto/x.cgi?pagetosend=/news/2010/032610-dns-ipv6-whitelist.html&pagename=/news/2010/032610-dns-ipv6-whitelist.html&pageurl=http://www.networkworld.com/news/2010/032610-dns-ipv6-whitelist.html&site=printpage
If ISPs would get their heads out of their asses "this idea" would not be needed.
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
This is the mother of all cookies.
Nice idea
But
1) When are ISP's going to get off their Fat backsides and implement IPV6? Most in my part of the world have no plans to do this for 1-2 years.
2) When are the DSL Modem makers going to implement IPV6 in the devices that are sold to the majority of us?
Shame that it ain't going to get a lot of use outside the corporate world.
Any ISP that's not "wild" about the idea should step up and work with the community on actually getting IPv6 connectivity as functional as IPv4. I can see Google/Netflix perspective here. If they don't have some sort of white list they will get a black eye for having poor service when it's not even a result of something they control. Hopefully this will be something very short lived but I can imaging if service providers don't step up and start taking IPv6 seriously it's just going to prolong the issue.
I don't know everything.
The article doesn't make it particularly clear what that might be though. The closest I found was:
Which seems like a no-brainer to me: Fix the tunnel. I don't even understand how the whitelist might help that -- if the whitelist says "This user has IPv6 connectivity" and you have a broken tunnel either you don't get the content at all, or you still only see the content after a 30-second wait.
The real 'island' problem is that IPv6 routing is kind of a mess. If you're on the east coast of North America and want to connect to western Europe, depending on who your provider is it may well decide to send all of your traffic through Korea, if it even makes it to your target at all. I imagine that's a problem that will solve itself as more routes come online.
Why is a whitelist needed? If you do not have IPv6 connectivity then why do a DNS lookup for AAAA records? If a service has IPv6 connectivity, why not let anyone who also has IPv6 connectivity connect to it? There should be no need for a whitelist.
...to plug it back in again, you get "a bad experience". Seriously, whitelisting just because people smart enough to set up a tunnel forget that it doesn't work any more? Stop being so damn dishonest and come out and admit why you want this whitelist.
Is Google making their new 1Gbps IPv6 only.
I suspect one significant impediment to implementation of IPv6 on the part of most ISPs is that it would take wholesale replacement of significant amounts of hardware.
Sure, the latest model of a router may support IPv6, but the 200 or so that an ISP has may not and there may be no upgrade path for it. Just like there is no Windows Vista driver for some hardware - too old to bother with - there is plenty of hardware out there that will never support IPv6. Until this is replaced, IPv6 isn't going to happen.
I think we have finally reached the point where new hardware supports IPv6, almost universally. So now we are just waiting until the older hardware is replaced. I suspect larger ISPs are somewhat reluctant to move out millions (and possibly tens of millions) of dollars worth of hardware before they have to.
Of course, they could just raise the rates for everyone to cover it.
Seriously, whitelisting just because people smart enough to set up a tunnel forget that it doesn't work any more?
Huh? What the hell are you talking about? The reason this whitelist is necessary is because many people are victims of routers that send out v6 router advertisements despite not having v6 connectivity, or are on a network that claims to have v6 connectivity, but that connectivity as actually broken. As a result, these people get v6 IPs, and then when software tries to connect to websites that advertise AAAA records, they get long delays while their browser times out attempting to connect over v6, at which point it falls back to v4.
Hell, all you have to do is Google for "ubuntu disable IPv6" to see how many people are suffering with this problem.
So, please, quit being a paranoid jackass. There are *very* good reasons to set up this whitelist, and TBH, I think it may be the only way to start getting sites to advertise AAAA records (right now they don't because they're afraid of impacting the user experience due to this very issue).
Okay, I'm looking at the wikipedia page of IPv6 addresses in the Domain Name System.
The A-record is simply: something.example.com. IN AAAA fdda:5cc1:23:4::1f
But why is the PTR so damn verbose? For example: f.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.4.0.0.0.3.2.0.0.1.c.c.5.a.d.d.f IN PTR derrick.example.com.
Is it some indexing thing?
The DNS Whitelist for IPv6 would be used to serve content to these IP addresses via IPv6 rather than through IPv4.
Let me guess, those would be IPv6 addresses? ;)
That obvious joke being made, I will now go read the article as the news blurb is useless, yet sounds interesting.
Maybe nothing but the IP address is stored on the list, but any additional data stored on the list is essentially a cross-site cookie.
Huh? What the hell are you talking about?
Well, to start off with I made the mistake of reading the fine article:
"There's a pretty key reason for whitelisting," Temkin explains. "It's really, really easy for anyone using, for example, Hurricane Electric's tunneling to find that the IPv6 network becomes an island and that it is broken because they didn't update a tunnelYou end up with the customer having a bad experience. They never see the content or they only see the content after a 30-second wait."
The reason this whitelist is necessary is because many people are victims of routers that send out v6 router advertisements despite not having v6 connectivity
Which routers are these, and why is the correct procedure to maintain a massive whitelist (requiring ISP cooperation) rather than negotiating with ISPs to stop breaking IPv6 (requiring ISP cooperation)? What globally routable prefix are these routers advertising exactly, when they're not being assigned one?
Hell, all you have to do is Google for "ubuntu disable IPv6" to see how many people are suffering with this problem.
The problem of hundreds of sites advertising AAAA records which timeout? As someone who has had IPv6 connectivity for several years, I can tell you that hardly any sites offer AAAA records, so your reason doesn't wash - did you mean something else? Are you sure Ubuntu isn't suffering some problem?
So, please, quit being a paranoid jackass.
If you think I'm wrong, you could have said all that you've said without that sentence.
There are *very* good reasons to set up this whitelist, and TBH, I think it may be the only way to start getting sites to advertise AAAA records
Or, since we're breaking the universality of DNS, why don't we only respond with AAAA records if a nameserver's talking over IPv6?
Which routers are these, and why is the correct procedure to maintain a massive whitelist (requiring ISP cooperation) rather than negotiating with ISPs to stop breaking IPv6 (requiring ISP cooperation)?
I'm afraid I can't give you specific model numbers, but this is a very well known problem amongst content providers mulling the idea of rolling out v6. And we're talking home routers, here, not ISP core routers.
And the whitelist *is* "negotiating with ISPs"... ie, they negotiate, the ISP sets up v6, and voila, they're on the whitelist. Problem solved.
The problem of hundreds of sites advertising AAAA records which timeout?
There are enough that it's noticeable, yes. Did you do the Google search? I bet you didn't. Maybe you should research the issue before dismissing it out of hand, eh?
If you think I'm wrong, you could have said all that you've said without that sentence.
You suggested that these provides had some ulterior motive for wanting this whitelist, and that the whole v6 thing was a coverup. That sounds pretty paranoid to me.
Or, since we're breaking the universality of DNS, why don't we only respond with AAAA records if a nameserver's talking over IPv6?
Because the *vast* majority of DNS traffic is, and will continue to be for the near future, performed over v4, even if the client is v6 enabled. Hell, I have an HE tunnel right now, and I use v4 to resolve DNS records.
Honestly, if you don't agree with the solution to this problem, fine, so be it. But at least do a little research. This is a very real problem requiring a real solution. Or do you *really* think Google and NetFlix are just too stupid to realize how right you are?
but this is a very well known problem amongst content providers mulling the idea of rolling out v6
The problem of ISPs distributing broken routers which manage to advertise a prefix which they aren't ever issued with? Perhaps you aren't sure yourself, since you haven't been able to name one router which exhibits the problem, but you're not making it clear what actually goes wrong and why the solution isn't to fix the problem (of distributing broken routers) rather than one huge bureaucratic bandaid.
And the whitelist *is* "negotiating with ISPs"...
Erm, yes, that's what I meant by, "negotiating with ISPs to stop breaking IPv6".
ie, they negotiate, the ISP sets up v6, and voila, they're on the whitelist. Problem solved.
If you regard negotiating with every ISP as "voila... problem solved", you are more engineer than the real world will allow for.
There are enough that it's noticeable, yes. Did you do the Google search? I bet you didn't. Maybe you should research the issue before dismissing it out of hand, eh?
I've already heard many people whine about IPv6 slowing down their machine. It's usually to do with a small amount of time wasted by failing at looking up an AAAA record before moving onto the A record, and nothing to do with finding an AAAA record and trying to access it. The AAAA lookup, as far as I can recally, happens when the system supports IPv6 rather than only when the system has a routable IPv6 address, which is daft.
(But, yes, I did a search about half an hour ago on my preferred search engine in case some new issue had exploded recently. Nope.)
You suggested that these provides had some ulterior motive for wanting this whitelist, and that the whole v6 thing was a coverup. That sounds pretty paranoid to me.
I suggested that the ISPs aren't being honest about why they want the whitelist. The fact that neither the guy interviewed in TFA (as I've shown) nor you (as I've shown) are giving a fully comprehensible explanation for the whitelist - even if there is one - suggests that there is not clarity about the reason for the whitelist.
Because the *vast* majority of DNS traffic is, and will continue to be for the near future, performed over v4, even if the client is v6 enabled.
If I'm Joe provider, I can return AAAA records if you're using my DNS server via IPv6, or A records if you're using it via IPv4. And, if I'm an ISP, I'll send the customer appropriate A-sending or AAAA-sending server addresses depending on how you're connecting, without you having to worry. Why will this not happen, unless you don't want it to? I need more information.
Or do you *really* think Google and NetFlix are just too stupid to realize how right you are?
I don't think Google or NetFlix are stupid - I think they're top performing businesses. Why would I therefore assume that their solution to a problem is the best solution for anyone but Google or NetFlix? "You must be wrong - Google has a solution and it's not the same as yours!" is fallacious, as I'm sure you can see.
Great explanation. I would mod you up if I had mod points today.
Hopefully someone else will.
The problem of ISPs distributing broken routers which manage to advertise a prefix which they aren't ever issued with? Perhaps you aren't sure yourself, since you haven't been able to name one router which exhibits the problem, but you're not making it clear what actually goes wrong and why the solution isn't to fix the problem (of distributing broken routers) rather than one huge bureaucratic bandaid.
Because the whitelist is feasible? The alternative is to break connectivity for (according to these folks) .8% of users while those broken routers are fixed/replaced.
Besides which, without v6 content, there is no reason to fix broken hardware. And if the broke hardware isn't fixed, content providers won't roll out v6. It's the same chicken-and-egg problem v6 has been stalled over for years. The difference is, this whitelist solution actually has a chance of fixing it.
If you regard negotiating with every ISP as "voila... problem solved", you are more engineer than the real world will allow for.
If the guys running the whitelist are willing to go through that effort, who cares? Does it solve the problem? Yes. Is it complicated? Certainly. But at least it has a chance of succeeding.
I've already heard many people whine about IPv6 slowing down their machine. It's usually to do with a small amount of time wasted by failing at looking up an AAAA record before moving onto the A record, and nothing to do with finding an AAAA record and trying to access it. The AAAA lookup, as far as I can recally, happens when the system supports IPv6 rather than only when the system has a routable IPv6 address, which is daft.
Yeah, agreed, that's definitely an issue. In fact, glibc used to do that for a long time (fortunately that issue is fixed... I believe now it only attempts AAAA resolution if the host has a routable v6 address).
And I certainly agree with you that there are likely *many* reasons why advertising AAAA records has caused headaches for end hosts, not the least of which is broken v6 stacks (as previously alluded to). But broken routing is, at least as far as I can tell, a well known issue with v6, and I really can't blame the content providers for attempting to search for a solution to this issue.
I suggested that the ISPs aren't being honest about why they want the whitelist.
So what do you think the real reason is? Either it's to fix v6 connectivity issues, or there's some other reason. Why do you propose that reason is?
If I'm Joe provider, I can return AAAA records if you're using my DNS server via IPv6, or A records if you're using it via IPv4. And, if I'm an ISP, I'll send the customer appropriate A-sending or AAAA-sending server addresses depending on how you're connecting, without you having to worry. Why will this not happen, unless you don't want it to? I need more information.
Probably because there's *still* some OSes that don't support DNS resolution over IPv6? Heck, even glibc is known to have issues with this configuration.
I don't think Google or NetFlix are stupid - I think they're top performing businesses. Why would I therefore assume that their solution to a problem is the best solution for anyone but Google or NetFlix?
Well, if you have a better idea, let's hear it.
The alternative is to break connectivity for (according to these folks) .8% of users while those broken routers are fixed/replaced.
The Internet is regularly broken for .8% of users for a multitude of reasons. Expecting all ISPs on the planet to end up cooperating with a huge Google-borne list is more of a political and administrative burden than inconveniencing .8% of users.
In the next 3 or 4 years every site transitioning to IPv6 will need to do more than just add an IPv6 address one day and remove an IPv4 address at some point down the line. It's not just the issue the article seems to get its panties in a bother over, it's the more fundamental problem that bandwidth and routing for IPv6 is still fairly lame, and most people have to use tunnels. As such, even people (like myself) with working IPv6 connectivity end up with a shittier service when a site is IPv6 enabled. Regardless, even people with good IPv6 service from their ISPs might be using a router which breaks IPv6, and how will the ISP know about that? So a transition must occur in stages for any significant hoster:
1. Simultaneously run www.ipv6.site.com and www.site.com, where the latter of these has A records only. Advertise it for geeks, etc.
2. Watch feedback for your own and other sites, encourage manufacturers to fix their firmware, etc.
3. When it appears that IPv6 performance is decent for a good number of people, push people to try out the IPv6 version of the site.
4. Repeat 2 at some critical mass.
5. Create www.ipv4.site.com and add AAAA records to www.site.com. Give links to www.helponipv6orsomething.org for people having troubles, plus the well-advertised alternative of www.ipv4.site.com.
6. At some point in the future, remove www.ipv4.site.com.
7. At some point in the long distant future, remove A records.
Besides which, without v6 content, there is no reason to fix broken hardware.
The problem is people who think IPv6 is a waste of time (the crisis managers) vs technocrats who want to push it on people via some huge magic scheme which involves EVERYONE. All that's needed is a few bigger players to offer two alternative sites, as above, and to perhaps give perks for IPv6 - hopefully /using/ the advantages of IPv6, such as working multicasting for bandwidth-efficient live media streaming, or IPv6sec, or any number of things that are easier without NAT.
If the guys running the whitelist are willing to go through that effort, who cares? Does it solve the problem? Yes.
The problem is not the dearth of people willing to get paid to do Google's bidding - the problem is expecting every ISP on the planet to want to cooperate, and for such an administrative effort to scale that well.
So what do you think the real reason is? Either it's to fix v6 connectivity issues, or there's some other reason.
Information and control. I mean, if it's no bother, I'll volunteer to be the guy who aims to get a list of every ISP on the planet, an accurate database of addresses actually used by its customers, and an implied statement of willingness to submit data to my database (and to comply with various conditions) in return for me to provide Internet services. In fact, now I have all this information, it seems I'm duplicating a lot of the work of the IP registries... I'd sure be happy to help out with that too!
Probably because there's *still* some [sixxs.net] OSes that don't support DNS resolution over IPv6?
Irrelevant. The local router/gateway does the requesting - it could be an IPv6 DNS client and an IPv4 DNS server (although tbh I'm not quiet sure what's being whitelisted anyway here, as it's the ISP's DNS server that's going to be seen by the content provider). For tunneled machines, you're already requiring people to install special software, so you can also install an appropriate local proxy.
The Internet is regularly broken for .8% of users for a multitude of reasons.
That's a BS argument, though. The "internet" isn't broken for these people. IPv6 is broken for these people. If a content provider deploys IPv6, suddenly a *new* 0.8% of internet users will be highly annoyed trying to access their site. So, from a content provider's perspective, they can either inconvenience that .8% of users for no real appreciable gain in the short term, or they could just not bother.
The third option is this one: selectively make v6 available to ISPs who guarantee connectivity.
All that's needed is a few bigger players to offer two alternative sites, as above, and to perhaps give perks for IPv6 - hopefully /using/ the advantages of IPv6, such as working multicasting for bandwidth-efficient live media streaming, or IPv6sec, or any number of things that are easier without NAT.
But that's already been tried! Hell, Google's been running ipv6.google.com for *years*. But IPv6 adoption *still* isn't happening. So, yes, we could keep going with your plan, ensuring that v6 will never get out the door, or we can finally admit that transition scheme simply doesn't work, and try something different.
Information and control. I mean, if it's no bother, I'll volunteer to be the guy who aims to get a list of every ISP on the planet, an accurate database of addresses actually used by its customers, and an implied statement of willingness to submit data to my database
Umm, what the fuck are you talking about? Do you even understand how this scheme works? Apparently not.
Here, let me explain how Google does it (presumably this larger-scale whitelist will work the same way): ISP goes to Google and says "I'm v6 ready!". Google says to ISP "aight, sweet, let's test it out." Google verifies it works. Now Google configures their DNS servers to return AAAA records to the ISP DNS server. Now anyone in the ISP's network using the ISP's DNS servers will get AAAA records for Google's services.
Nowhere in this scheme does Google need a list of IP addresses from the ISP.
Seriously, where'd you get the idea that they'd need a IP list?
Irrelevant. The local router/gateway does the requesting - it could be an IPv6 DNS client and an IPv4 DNS server (although tbh I'm not quiet sure what's being whitelisted anyway here, as it's the ISP's DNS server that's going to be seen by the content provider).
Oh come on, you and I both know that most people don't have a local DNS cache that can submit the requests over v6. We're talking about your grandma, here, not a computer geek running their own FreeBSD firewall.
That's a BS argument, though. The "internet" isn't broken for these people.
No. I was stating that 0.8% of people being bothered isn't a reason to create some massive scheme - 0.8% is a typical proportion of people bothered by some upgrade/issue on the Internet at any one time
If a content provider deploys IPv6, suddenly a *new* 0.8% of internet users will be highly annoyed trying to access their site.
Only if your idea of deployment is "add AAAA records then go home", which is a crap approach and not at all like the one I suggested. There are so many issues outside the ISP granularity level, such as people buying their own routers or variable routing/bandwidth performance, that to yes/no for all IPv6 sites on an ISP level is not likely to help.
So, yes, we could keep going with your plan, ensuring that v6 will never get out the door, or we can finally admit that transition scheme simply doesn't work, and try something different.
Really? Because ipv6.google.co.uk doesn't exist for me, only the US-localised ipv6.google.com. And what special IPv6 features are content providers exploiting? That's right, nothing much, because it's a half assed job and everyone's surprised that it's not being received with open arms.
Now anyone in the ISP's network using the ISP's DNS servers will get AAAA records for Google's services.
That's how I implied was the only way I could see it working ("although tbh I'm not quiet sure what's being whitelisted anyway here, as it's the ISP's DNS server that's going to be seen by the content provider"), yet the article implies finer granularity. But if the method you describe is that implemented, it's still awful: you're expecting every ISP to submit DNS server details to Google and be at the mercy of *their* testing service to enable the ability of all their users to make use of an Internet protocol. That's a horrible precedent.
Also, what about people who use OpenDNS or any other number of DNS servers, such as Google's own? Run their own servers without necessarily forwarding to ISP? The ISP I use practically made it official policy to recommend OpenDNS for a while for people with DNS problems, and it seems typical for some otherwise very good British ISPs to have crap in-house DNS.
Oh come on, you and I both know that most people don't have a local DNS cache that can submit the requests over v6. We're talking about your grandma, here, not a computer geek running their own FreeBSD firewall.
Sigh. The IPv6-ready home router would do that for you. If you were tunneling, the tunneling setup software you install would do it for you.
I was stating that 0.8% of people being bothered isn't a reason to create some massive scheme
Clearly the content providers who'd be losing those users completely disagree with you. And given it's their money and their content, and given their reluctance to deploy v6 is one of the primary reasons v6 is going nowhere, it probably makes sense to listen to their needs and attempt to address them. This scheme does that.
Only if your idea of deployment is "add AAAA records then go home", which is a crap approach and not at all like the one I suggested.
Yeah, but again, your scheme has been considered. It's been found wanting.
So, yes, you could cover your ears, keep yelling "la la la, my idea is better", or you could just admit that something new is needed, as v6 is clearly stuck.
you're expecting every ISP to submit DNS server details to Google and be at the mercy of *their* testing service to enable the ability of all their users to make use of an Internet protocol. That's a horrible precedent.
Yes. Tough. Honestly, I just don't care if it's inconvenient for the ISPs. They've already proven they are unwilling to roll out v6 in any sort of meaningful way. So if they can't be trusted, well, then Google and the other content providers are gonna have to start babysitting them until they can get their shit in gear.
Also, what about people who use OpenDNS or any other number of DNS servers, such as Google's own?
Tough. Either that or OpenDNS needs to talk to the whitelist management to get an exemption for their service (odds are people who are using OpenDNS are a minority, and so they might not care if a few OpenDNS users with b0rked v6 connections suddenly see major slowdowns). Or you just live with browsing the v4 web. *shrug*
Sigh. The IPv6-ready home router would do that for you. If you were tunneling, the tunneling setup software you install would do it for you.
So you want to fix this issue by... having everyone affected go out and buy new routers?
Now who's thinking like an engineer?
The *entire point* is that broken hardware is out there and there's no impetus to get it replaced, as the content providers refuse to advertise AAAA records... because there's all that broken hardware out there. So, yeah, if you could magically fix all the broken gear and get IPV6-ready routers in everyone's houses, the problem would go away. But, of course, that ain't gonna happen.
Clearly the content providers who'd be losing those users completely disagree with you.
No, it's just a few loud providers who made little effort deploying IPv6 in the first place.
something new is needed, as v6 is clearly stuck.
If content providers want to make IPv6 appealing, the correct method is to provide feature parity via IPv6 (which Google haven't) then extra features using the advantages of IPv6 (which Google haven't), not to use their clout to annoy ISPs.
Yes. Tough. Honestly, I just don't care if it's inconvenient for the ISPs.
Google: We have a proposal...
ISP: Proceed.
Google: You do X...
ISP: And our customers get...
Google: IPv6 access to sites...
ISP: And our customers care because...
Google: They get IPv6 access!
ISP: So we have to do X, and they get switched over to more experimental alternatives, rather than having a choice?
Google: Bingo!
ISP: HAND.
So you want to fix this issue by... having everyone affected go out and buy new routers?
What are you talking about? They'll have to do that to get native IPv6. Might as well have firmware which handles the transition smoothly for legacy clients.
The *entire point* is that broken hardware is out there and there's no impetus to get it replaced, as the content providers refuse to advertise AAAA records... because there's all that broken hardware out there.
They (I) refuse to advertise AAAA records for www.site.com because there are any number of problems which may occur with IPv6, from bad ISP-provided routers (small problem) to bad homemade setups (over 0.8% aftermarket) to the fact that IPv6 routing/bandwidth is plain shitter as packets travel across the Interweb (serious problem affecting most users). Google's scheme tackles one of these problems badly, with a more reliable and no less useful result coming from simply refusing their offer entirely.
No, it's just a few loud providers who made little effort deploying IPv6 in the first place.
Good lord, you've *got* to be kidding. Google has done more to push v6 than virtually any other content provider out there. And I'm actually a little shocked NetFlix is on board.
Do you have any *better* examples of content providers getting onboard? 'cuz god knows I don't, specifically because of issues like this.
So we have to do X, and they get switched over to more experimental alternatives, rather than having a choice?
Buh? If the users want access to the v6 network, then this is what the ISPs need to do. What is this "choice" you're referring to? Because last I checked, users would have a choice: run dual-stack or don't.
What are you talking about? They'll have to do that to get native IPv6.
But these users that are affected by this issue have *no idea* how they're connected to the internet. They didn't seek out v6 connectivity. That wasn't on their list of shit to deploy this week. The whole point is that mom happens to be running a v6-capable router ('cuz that's what they sold at Best Buy), and it turns out that that the router or ISP is broken in some way. Mom didn't go out to *get* v6 connectivity. It just happened.
So now you're saying that, to fix this problem, we should expect those consumers to go upgrade their routers? It's just not gonna happen (outside the normal obsolescence cycle).
Google's scheme tackles one of these problems badly, with a more reliable and no less useful result coming from simply refusing their offer entirely.
I disagree. This scheme at least makes it possible for content providers to start deploying v6 right now, without adversely affecting their existing customer base, while simultaneously transparently enabling v6 for those users who have an ISP that's on the ball (thanks to Google's agreement with HE, for example, www.google.com has AAAA records if you're connected to my network, so anyone using my wifi can transparently access Google's services over the v6 web, and they have *no idea it's even happening*).
Now, don't get me wrong, I agree, it's not a perfect solution. But, let's face it, v6 is horribly stalled out right now, and unless content providers start populating the v6 web, it'll continue to go nowhere fast, and content providers won't get on the ball as long as v6 connectivity is broken for a financially significant fraction of their userbase.
Incidentally, I strongly suspect this is also very temporary. After all, I really doubt the providers *want* to have to run this fucking thing, as there is non-trivial administrative overhead. But for now, at least it allows content providers to start providing v6 content to users without expecting them to use silly domain name hacks (come on, an ipv6-specific subdomain? There's a great way to ensure no one hits your v6-enabled site).
As an aside, I do appreciate this (incredibly extended) conversation... it's an interesting subject, and you've certainly got a valid set of points. I just honestly don't believe that your transition scheme can actually work in the real world (god knows it hasn't over the last, what, 10 years?), which leaves few options for moving forward (although, hey, if you can think of something else, I'd be curious to hear it).
I am concerned that this idea, if implemented, would stick around for way too long and would actually impede the progress of IPv6 adoption. I would be much more comfortable with an idea like this if it had an expiration date from the start, e.g. "this listing mechanism will be considered deprecated after 2 years, and will become unavailable on ." Without this, I can see it being hard-coded into and depended on by way too many apps, tools, companies, sites etc etc for years to come, and actually inhibiting IPv6 adoption and causing connectivity issues.
There are loads of issues with outdated blacklists for spam-fighting, for example, and issues with companies and other bodies using their own out-of-date copies/instances of such lists. What would keep problems like that from plaguing this idea, if it was implemented?
Without an expiration date, what would urge these companies to stop using this, or urge others to stop using this instead of offering up content natively on v6 to all?
For the record, I have hosted a large variety of sites (including the official sites for the game Soldat, its related projects, communities, etc) for a few years, including fully dual-stacked DNS and mail infrastructure for over two years with *zero* connectivity issues from any users whatsoever, and that has even been all through a Hurricane Electric tunnel, pushing a significant amount of content over IPv6.
How does multicase require intelligence in the network? Multi-Cast works like this:
How is this any more intelligence than that already built into the network?
Over-the-top Response Guy! Giving "Over-the-Top Responses" since 1970.
Good lord, you've *got* to be kidding. Google has done more to push v6 than virtually any other content provider out there.
What has Google done to push IPv6, i.e. in what way has it demonstrated feature parity with IPv4 or benefits over IPv4? The fact that Google is considered at the forefront is a sign of how little /anyone/ has done in the public space - and it hasn't done more than any number of content providers, smaller ISPs (that's the way to do it!), etc which already are involved in IPv6.
But, to answer your question, why not start with the sixxs coolstuff? Note in particular that multicast is demonstrated, and that promotional IPv6 services are offered (newsgroups) even when the service could be provided as easily with IPv4. It's a very minor marketing effort, but it's still got substance to it much greater in proportion to size than Google has (hitherto) demonstrated.
What is this "choice" you're referring to? Because last I checked, users would have a choice: run dual-stack or don't.
The choice to use IPv4 or IPv6 (with extra features, where IPv6 can be so exploited) sites.
So now you're saying that, to fix this problem, we should expect those consumers to go upgrade their routers? It's just not gonna happen (outside the normal obsolescence cycle).
And how exactly are ISPs going to get Approved[tm] by Google if most of their customers have broken routers which ruin the fun once AAAA records are sent?
while simultaneously transparently enabling v6 for those users who have an ISP that's on the ball
But this will just mean a decrease in performance until *end-to-end* routing/bandwidth for IPv6 is as good as for IPv4. You might not get the n second timeout - the nature of the lameness just changes. An ISP doesn't either have good or bad IPv6 connectivity to the whole world!
unless content providers start populating the v6 web, it'll continue to go nowhere fast,
Unless they start populating it with something users want. Even if it's just feature parity combined with the vanity stage I mentioned a few posts up, where you're visiting either www.blah.com or www.legacy-ipv4.blah.com. But making it up to Google rather than the customers whether services in general are good enough or better on IPv6 is daft.
In the video as linked to in my other post, note in particular around 32 min, when this guy - whose business provides the best native consumer IPv6 connectivity in the UK - points out how awkward Google were with him.
What about it? That video just illustrates precisely what this coalition is trying to deploy, as Google has been doing this for a while now. Again, is it annoying for the ISP? Yeah. I just don't care, that's all.
Frankly, I find it funny that guy doesn't understand why Google is being so cautious. Then again, he isn't in the business of making money based on eyeballs. Google, meanwhile, stands to lose real dollars if someone decides to, say, switch to Bing because Google's AAAA records cause that person's network connection to seemingly slow to a crawl while they're trying to perform a search.
What about it? That video just illustrates precisely what this coalition is trying to deploy,
Sorry, what? The video illustrates how an ISP arrived at the stage of providing good native consumer IPv6. Yet Google, which has done no such thing for any consumer, thought his efforts not good enough when he tried to get whitelisted.
as Google has been doing this for a while now.
Google has done less for IPv6 than this guy's ISP has. They have:
1. Provided native IPv6 to all their clients, with a level of consumer IPv6 support unrivalled in the UK;
2. Got the biggest ISP wholesaler in the UK to fix their systems to make that possible, and to commit to future support of IPv6;
3. Ensured all mail, hosting, etc services provided by the ISP are IPv6-capable;
4. Gone around evangelising IPv6.
Again, is it annoying for the ISP? Yeah. I just don't care, that's all.
It's annoying for the ISP not only because it's a waste of time but because, as he commented, Google don't seem interested in actually deploying IPv6, and reject businesses such as his which are at the forefront of consumer IPv6 deployment. He did not speculate on what Google are actually up to, though I'm sure he has a much better idea than I do.
Frankly, I find it funny that guy doesn't understand why Google is being so cautious.
His business (and, as seems to the extent I've spoken to him, his passion) is in providing cutting edge Internet connectivity. He accepts the challenge of customers who are more demanding and less tolerant of failure than the Average User. Sometimes they fuck up - for example, they had fairly shitty custom written mail services for quite a while - but on IPv6, they have it just right. Google, in its control freakery, should not step so cautiously, and absolutely must not encourage the rest of the Internet world to do so.
Then again, he isn't in the business of making money based on eyeballs. Google, meanwhile, stands to lose real dollars if someone decides to, say, switch to Bing because Google's AAAA records cause
This comes back to the point I made ages ago that Google in its pedestrian businessman role (as an ad broker) is not appropriate as any sort of authority/organiser of the IPv6 transition.
If Google really wanted to make a difference, it would follow JANET's lead into properly documenting and cooperating with ISPs in implementing IPv6 multicast, and use its resources to showcase other IPv6 goodies. If Google really wanted to make a difference it could add AAAA records at some stage with a notice passing people to a legacy.google.com for people with fucked up IPv6 connectivity (which could be for any number of reasons /other than a nasty ISP-provided router/).
Let's make this quite clear: there is no clear advantage to the average consumer to making the average web site available on IPv6 rather than IPv4. Telling ISPs that, if they jump through more hoops than the best consumer IPv6 ISP in the UK had to, they might just get whitelisted by Google so that the consumer gets at best exactly the same experience as before, is a waste of everyone's time. "Being able to visit IPv6 versions of IPv4 web sites" is barely an advantage of IPv6. Adding some dumb hurdle to achieve it is of no use.
Anyway, if so many people avoid Google because of the broken router Abomination, a similar proportion will avoid this guy's ISP when his web site loads too slowly. They've taken the risk and used their extremely limited (vs Google) technical resources to identify and fix barriers to IPv6 deployment. Google are slow.
Sorry, what? The video illustrates how an ISP arrived at the stage of providing good native consumer IPv6. Yet Google, which has done no such thing for any consumer, thought his efforts not good enough when he tried to get whitelisted.
Yup, I understand that. Google treated them the same way they treat every random ISP on the street, with suspicion, because so many ISPs have gotten IPv6 wrong.
Again, the ISPs have made this bed. This guy may be one of the shining lights, but he's in an industry that's just barely competent enough to keep a regular v4 network up and alive. You can hardly blame Google for doing their diligence.
Google has done less for IPv6 than this guy's ISP has. They have:
And yet, v6 has still gone nowhere, despite all his evangelizing. Which is, I'm sure, quite frustrating. But the simple fact is, v6 ain't goin' nowhere unless there's content. And that guy isn't providing content. So while I applaud his efforts, him, and people like him, aren't going to be the sole reason v6 finally gets real adoption. It's gonna be a concerted effort between ISPs *and* content providers, and this scheme finally has a chance of getting content providers onboard.
Google don't seem interested in actually deploying IPv6, and reject businesses such as his which are at the forefront of consumer IPv6 deployment.
Oh come on, quit being so dramatic. Google never rejected anyone. Did they make those guys go through a bunch of hoops? Yes, they did. But the guy flat out stated that he expects to close a peering agreement with Google.
And as for claiming Google "don't seem interested in actually deploying IPv6", that's just bullshit. Clearly they are, otherwise they wouldn't have bothered rolling out YouTube and all their other services over v6, nor would they have set up peering arrangements with HE, this ISP you cited, and I'm sure others. And they wouldn't be working on this whitelisting scheme now.
But what they're *not* interested in is adversely affecting their massive, existing customer base. And can you really blame them? I can't.
No, you just don't like how Google is going about it. And that's fine. But don't attribute malice or incompetence to an approach you simply disagree with.
Google, in its control freakery, should not step so cautiously, and absolutely must not encourage the rest of the Internet world to do so.
Dude, the rest of the Internet world is *already are being that cautious*! Don't you see? Content providers *already* refuse to deploy v6 because of these issues. They're *already* too scared of the customer backlash. The only way to get them past those fears is to provide some kind of guarantee that their end users won't be impacted. The proposed scheme has a chance of doing that.
If Google really wanted to make a difference, it would follow JANET's lead into properly documenting and cooperating with ISPs in implementing IPv6 multicast, and use its resources to showcase other IPv6 goodies. If Google really wanted to make a difference it could add AAAA records at some stage with a notice passing people to a legacy.google.com for people with fucked up IPv6 connectivity (which could be for any number of reasons /other than a nasty ISP-provided router/).
Bah, that's just totally unrealistic.
If I understand you correctly, the "proper" way to finally get v6 deployed is to find a way to showcase technologies that take advantage of unique v6 features (of which multicast and end-to-end connectivity are really the only ones that would concern the end user). But, once again, this is a chicken-and-egg problem. People won't build new, exciting applications on top of v6 technology if there's no one out there to use those damned applications in the first place.
Still, you make a legitimate point. It is certainly true that Google could probably do more to evangelize v6. Simply deploying it isn't enough to really get users interested in the topic. I'm
Again, the ISPs have made this bed. This guy may be one of the shining lights, but he's in an industry that's just barely competent enough to keep a regular v4 network up and alive. You can hardly blame Google for doing their diligence.
Their diligence? Google are irrelevant when it comes to pioneering either development or deployment of network layer technology. Yet instead you're telling off ISPs for not somehow not providing IPv4 properly, when they've managed to help grow the consumer Internet in the past 10 years at a rate unrivalled by probably any other consumer tech?
Google are FUDing, because it's in Google's interest to spread FUD as a precursor to the "but if you just put all the information/control in our hands, we'll make it all better..." which forms the basis of every single business decision they make.
Oh come on, quit being so dramatic. Google never rejected anyone. Did they make those guys go through a bunch of hoops? Yes, they did. But the guy flat out stated that he expects to close a peering agreement with Google.
This is because he is stubborn and persistent. Most ISPs would just stop caring before they'd even started.
It's gonna be a concerted effort between ISPs *and* content providers, and this scheme finally has a chance of getting content providers onboard.
All it does is give content providers a chance to reduce the inconvenience for under 0.8% of users once or twice (until they figure out the problem or choose the legacy URL) in the event that providers believe simply adding AAAA records is correct migration procedure. Since adding AAAA records with the current reliability of global IPv6 connectivity is a shit idea anyway - i.e. the problem is as likely to be bad IPv6 setup/connectivity on the content provider's end, or somewhere in the middle - you're trying to solve a problem by an initiative which implies a poor method.
Indeed, Google still doesn't provide usable IPv6 search for anyone outside the US, because its ipv6.google.com won't localise, and ipv6.google.co.uk doesn't resolve. It's pathetic, and comes under the "bad IPv6 setup/connectivity on the content provider's end" category. Google are the problem in my enjoyment of Google over IPv6 - not the ISP/tunnel (depending on where I'm at), and not transit. And yet now they have the audacity to tell the world how backward everyone else is.
And as for claiming Google "don't seem interested in actually deploying IPv6", that's just bullshit. Clearly they are, otherwise they wouldn't have bothered rolling out YouTube and all their other services over v6, nor would they have set up peering arrangements with HE, this ISP you cited, and I'm sure others. And they wouldn't be working on this whitelisting scheme now.
They have experimented with reduced feature IPv6 service provision, and now they're trying to set up a huge whitelist as a means to some other end - the fact that their ostensible aim is IPv6 deployment is overshadowed by their dominating, bureaucratic approach.
Dude, the rest of the Internet world is *already are being that cautious*! Don't you see? Content providers *already* refuse to deploy v6 because of these issues.
Content providers refuse to deploy IPv6 because they do not see themselves or their customers benefitting from it. Even if there weren't some sub-1% figure of customers who it was believed it would affect negatively, there'd still be no perceived benefit. It's unnecessary effort for no reward, and with risks far more significant than the problem of potentially pissing off your sub-1%.
But, once again, this is a chicken-and-egg problem. People won't build new, exciting applications on top of v6 technology if there's no one out there to use those damned applications in the first place.
So what's Google labs for? The A&A ISP managed to find enough people interested
Thinking about it, since Microsoft has been onboard with IPv6 before anyone had even heard of Google, they'd be better poised to ensure a smooth transition by pushing an update which regularly checks for good IPv6 connectivity and temporarily disables attempts to resolve AAAA records if such a check fails. A simple registry/UI change should disable this service, of course.
As for where the servers are which respond to the connectivity checks - well, MS can host them and rejoice in the data it collects by hearing the IPv6 pings. They already get to phone home in their EULA for antipiracy and update checks, and the world seems to be happier with these potentially much greater intrusions.
The Linux community could produce a similar daemon. Hell, cooperate with Microsoft so you can use their ping collectors if you want, as otherwise angry rival newspaper publishers cooperate on technologies for the common good such as environmental measures. However, already having the resources to provide updates, I'm sure the Linux community can muster up the bandwidth to hear a ping every so often.
*snicker* Well, we'll agree to disagree. :) But on this point:
Well, you're still assuming the ostensible motive...
Again... quit being a paranoid jackass. Seriously. Just because you don't like the approach, and evidentally don't like Google, doesn't mean this scheme must necessarily be motivated by some secret, nefarious secondary purpose.
Honestly, I've never understood why people, when faced with an idea they don't like or can't understand, just fall back to deriding the source of the idea. You sound like a Republican attacking healthcare reform. It can't be that they simply disagree. No no. It must be an evil socialist plot to take over the lives of every American.
It's totally absurd, and you really need to try and back up and get a little perspective. Honestly.
Honestly, I've never understood why people, when faced with an idea they don't like or can't understand, just fall back to deriding the source of the idea.
I dislike the idea, *and* I don't trust the source of the idea. These two intertwined issues. Even if the idea was proposed by an entity I felt confident dealing with, I still wouldn't like the idea. Even when Google pushes good ideas, I still don't want Google implementing those ideas if they affect others on too large a scale because I don't feel confident dealing with Google. But, in this case, we have a bad idea from an entity which would be expected to propose this sort of solution (because it fits in with its modus operandi) rather than something better for the Internet as a whole.
It is perfectly legitimate to attack both the idea and its proposer's motives, just as people are free to attack both the idea/implementation of Obama's healthcare plan and question his motives. For motives will reveal any gotchas and affect the implementer's future direction. No action is performed in an altruistic vacuum, and you're regrettably naive if you think Google's final aim is "bringing IPv6 to the masses". Its final aim is to make money, and if we can't clearly see how it's doing that by pushing IPv6 as it is, it's because we lack the knowledge, not because Google are altruistic. Who knows, maybe they're negotiating with big ISPs to do something fancy with multicast? Either way, I'd like to know if they expect me to cooperate.
As a parting note, I want you to consider the difference between reasonable and Google's method in encouraging the casual enthusiast to adopt IPv6 (and every technological take-off begins with the casual enthusiast).
Expected:
1. Set up IPv6 tunnel, receive feature parity Google service via IPv6.
Experience:
1. Set up IPv6 tunnel;
2. Be surprised that you're not getting any Google IPv6 connectivity;
3. Find out that www.google.com isn't providing AAAA records;
4. Check with your tunnel provider, and find that they have signed up to some Google whitelist;
5. Assume that this means you have to make DNS requests from an IP address in their range, so get your local forwarding DNS server working on IPv6;
6. Find out that www.google.com isn't providing AAAA records;
7. Read up further, and find that the whitelist is actually a specific list of their DNS servers;
8. Find out what these DNS servers are, which involves a dig to list all the AAAA records for the local list of five or six caching DNS servers;
9. Add all the records to bind;
10. Find that you're finally getting IPv6 addresses (woohoo!), but that resolution is intermittently slow;
11. Ping each DNS server to find out which is lowest latency - they're all at least double the latency of your ISP's local DNS server, but whittle down to two;
12. After more experimentation, find that one of these servers takes around 5 seconds to respond to half the requests;
13. Whittle down to one server of reasonable speed;
(14. For end-to-end IPv6, send IPv6 address for your local DNS server via RDNSS, the recent extension to the router advertisement protocol, but find that Windows 7 ignores this extension entirely. Not a great problem for me, but a barrier to those who might want to advertise the IPv6-only DNS server found in 13 directly, as they'll have to set up DHCPv6. And, if you have XP, you're SoL.)
The ironic thing here is that this describes an experience with a service not only whitelisted by Google but with administrative input from Google employees. If Google wasn't such a control freak, the user would be done at step (1).