Slashdot Mirror

← Back to Stories (view on slashdot.org)

Major 'Net Players Mulling IPv6 Whitelist

Posted by Soulskill on from the transition-period dept.

netbuzz writes "From this week's IETF meeting in Anaheim comes word that leading Web content providers are talking about creating a shared list of customers who can access their Web sites via IPv6. The DNS Whitelist for IPv6 would be used to serve content to these IP addresses via IPv6 rather than through IPv4. David Temkin, network engineering manager with Netflix, says: 'We're looking into the same service that Google has, where we will try to track what connectivity the user has. We're in discussions with Google, Yahoo, Netflix and Microsoft to see whether it makes sense to have a shared, open source DNS whitelist service.' ISPs are not wild about the idea."

27 of 158 comments (clear)

  1. Single page story link by Anonymous Coward · · Score: 2, Interesting

    http://www.networkworld.com/cgi-bin/mailto/x.cgi?pagetosend=/news/2010/032610-dns-ipv6-whitelist.html&pagename=/news/2010/032610-dns-ipv6-whitelist.html&pageurl=http://www.networkworld.com/news/2010/032610-dns-ipv6-whitelist.html&site=printpage

  2. ISPs are not wild about the idea. by John+Hasler · · Score: 4, Insightful

    If ISPs would get their heads out of their asses "this idea" would not be needed.

    --
    Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
    1. Re:ISPs are not wild about the idea. by snowraver1 · · Score: 2, Interesting

      How so? I think that this is a good idea. It can solve the chicken & egg problem we have right now with the Internet and IPv6. By starting to point equipped web traffic to IPv6 services, there is an incentive to start creating IPv6 services with the hope that one day, everything will be reachable by IPv6.

      I'm not sure what you mean by the ISPs having their heads in their asses... Maybe you are referring to the lack of IPv6 availability. If so, at this point in the game, there is no point in offering IPv6 because there is nowhere to go. This may solve this. If there is something else that ISP could/should be doing, I would love to hear your ideas.

      --
      Copyright 2010. All rights reserved. This comment may not be copied in any way including, but not limited to caching.
    2. Re:ISPs are not wild about the idea. by mellon · · Score: 5, Insightful

      Actually it's not the ISPs they're referring to who have their heads in their asses. Indeed, I don't think anybody has their heads in their asses on this one--each side of the discussion has legitimate points. From the perspective of IPv6 deployment, the whitelists suck, because mostly they prevent people who are trying to use IPv6 from using it--you have to be on the whitelist before you can get AAAA records from these online services. It's very hard to get on the whitelist, and very easy to get knocked off of it.

      ISPs who are deploying IPv6 want to just get the AAAA records, and not have to jump through hoops to get on a whitelist. But the providers worry about people who have crappy home gateways that fall over and die when they get AAAA records, and also about people who have devices on their networks advertising IPv6 connectivity, when they don't actually have it. One presentation in that meeting set the number at about .8% of users, which they felt was too many.

      Personally, I think they should just turn on the AAAA records and let the customers who have broken routers see that their routers are broken and fix them. But it's a rough tradeoff--IPv6 has at times gotten a bad rep for being the cause of network problems, and so network no-nothings tend to tell you "IPv6 is the problem" when in fact it's bad code on embedded devices that's the problem. Since disabling IPv6 "fixes" it, IPv6 gets the blame. That's the rationale for the whitelists, and as much as I hate them, I can't say that this rationale is completely wrong.

    3. Re:ISPs are not wild about the idea. by Abcd1234 · · Score: 2, Interesting

      How so?

      If ISPs rolled out proper v6 connectivity, this whitelist simply wouldn't be necessary. That's "how so".

      Maybe you are referring to the lack of IPv6 availability. If so, at this point in the game, there is no point in offering IPv6 because there is nowhere to go.

      Then they shouldn't grumble and whine because people decide to workaround their broken networks, should they?

    4. Re:ISPs are not wild about the idea. by Abcd1234 · · Score: 2, Insightful

      Actually it's not the ISPs they're referring to who have their heads in their asses. Indeed, I don't think anybody has their heads in their asses on this one--each side of the discussion has legitimate points. From the perspective of IPv6 deployment, the whitelists suck, because mostly they prevent people who are trying to use IPv6 from using it--you have to be on the whitelist before you can get AAAA records from these online services. It's very hard to get on the whitelist, and very easy to get knocked off of it.

      Meh, I dunno, I don't personally see the problem with this. Making it difficult to get on the whitelist ensures that customers are getting decent v6 connectivity, and in the end, that's a good thing. And I've not heard of a case of some ISP being unilaterally dropped from the whitelist... perhaps you have anecdotes to support that assertion?

      Meanwhile, the providers have a very real reason to be concerned. As you say, there's some very broken equipment out there that ends up creating a real impact on the user experience. Yeah, that gear should be scrapped, but in many cases we're talking home routers that people don't even realize are broken. But if the ISPs just provided v6 connectivity, many of those issues would disappear (as those routers would then have v6 connectivity, so the broken routes they previously advertised would now work).

      In the end, I honestly don't see any other way to deal with this issue. Providers aren't going to advertise AAAA records until they can be confident that the userbase won't be impacted by onerous delays and connection timeouts. And ISPs won't roll out v6 until there's customer demand for it. The solution solves the issues on the content provider side, and once that happens, that might clear the logjam that's currently stopping v6 from being deployed on a larger scale.

    5. Re:ISPs are not wild about the idea. by trapnest · · Score: 3, Funny

      I want to use ipv6 because it's cool and new.

  3. Not a "whitelist" by pem · · Score: 3, Insightful
    This is not a whitelist proposal.

    This is the mother of all cookies.

    1. Re:Not a "whitelist" by marcansoft · · Score: 2, Interesting

      Just wait until the tinfoil hatters realize that by default IPv6 stateless autoconfiguration puts your globally unique MAC address in the second half of your IPv6 address...

    2. Re:Not a "whitelist" by Abcd1234 · · Score: 4, Interesting

      LOLFR, "globally unique MAC address"... riiight. No manufacturer has *ever* reused a MAC address... *snicker*

    3. Re:Not a "whitelist" by mellon · · Score: 3, Funny

      Yes, a cookie that says you get your connectivity through an ISP that's on the whitelist. Ooh, scary! :')

    4. Re:Not a "whitelist" by Airw0lf · · Score: 2, Informative

      LOLFR, "globally unique MAC address"... riiight. No manufacturer has *ever* reused a MAC address... *snicker*

      Not to mention a lot of NIC drivers let you specify your own MAC address.

  4. This doesn't have to last long by Xipher · · Score: 3, Insightful

    Any ISP that's not "wild" about the idea should step up and work with the community on actually getting IPv6 connectivity as functional as IPv4. I can see Google/Netflix perspective here. If they don't have some sort of white list they will get a black eye for having poor service when it's not even a result of something they control. Hopefully this will be something very short lived but I can imaging if service providers don't step up and start taking IPv6 seriously it's just going to prolong the issue.

    --
    I don't know everything.
  5. I'm sure they have a reason for it... by pathological+liar · · Score: 4, Insightful

    The article doesn't make it particularly clear what that might be though. The closest I found was:

    "There's a pretty key reason for whitelisting," Temkin explains. "It's really, really easy for anyone using, for example, Hurricane Electric's tunneling to find that the IPv6 network becomes an island and that it is broken because they didn't update a tunnel...You end up with the customer having a bad experience. They never see the content or they only see the content after a 30-second wait."

    Which seems like a no-brainer to me: Fix the tunnel. I don't even understand how the whitelist might help that -- if the whitelist says "This user has IPv6 connectivity" and you have a broken tunnel either you don't get the content at all, or you still only see the content after a 30-second wait.

    The real 'island' problem is that IPv6 routing is kind of a mess. If you're on the east coast of North America and want to connect to western Europe, depending on who your provider is it may well decide to send all of your traffic through Korea, if it even makes it to your target at all. I imagine that's a problem that will solve itself as more routes come online.

    1. Re:I'm sure they have a reason for it... by Abcd1234 · · Score: 3, Informative

      The real 'island' problem is that IPv6 routing is kind of a mess. If you're on the east coast of North America and want to connect to western Europe, depending on who your provider is it may well decide to send all of your traffic through Korea, if it even makes it to your target at all. I imagine that's a problem that will solve itself as more routes come online.

      It's actually worse than that. Currently many people have routers at home that send out v6 router advertisements despite not actually having IPv6 connectivity. The result is that many people end up with v6 addresses, and when those machines then try to connect to websites that advertise AAAA records, they end up with long delays as the browser first attempts a v6 connection, times out, and falls back to v4.

      Honestly, try googling for "Ubuntu disable ipv6" some time... it's amazing how many people are struggling with this issue. Which is why so many sites are reluctant to roll out v6 connectivity and AAAA records (even Google doesn't do external AAAA resolution unless your ISP has arranged a special agreement with Google which guarantees proper v6 connectivity (luckily Hurricane Electric has such an agreement, so as long as I use their DNS servers, I get v6 connectivity to all of Google's services)).

  6. yeah also if you unplug your modem and forget... by FuckingNickName · · Score: 2, Interesting

    ...to plug it back in again, you get "a bad experience". Seriously, whitelisting just because people smart enough to set up a tunnel forget that it doesn't work any more? Stop being so damn dishonest and come out and admit why you want this whitelist.

  7. How much IPv6 Hardware is there? by cdrguru · · Score: 2, Interesting

    I suspect one significant impediment to implementation of IPv6 on the part of most ISPs is that it would take wholesale replacement of significant amounts of hardware.

    Sure, the latest model of a router may support IPv6, but the 200 or so that an ISP has may not and there may be no upgrade path for it. Just like there is no Windows Vista driver for some hardware - too old to bother with - there is plenty of hardware out there that will never support IPv6. Until this is replaced, IPv6 isn't going to happen.

    I think we have finally reached the point where new hardware supports IPv6, almost universally. So now we are just waiting until the older hardware is replaced. I suspect larger ISPs are somewhat reluctant to move out millions (and possibly tens of millions) of dollars worth of hardware before they have to.

    Of course, they could just raise the rates for everyone to cover it.

  8. Re:Why do they need a whitelist by TheRaven64 · · Score: 2, Insightful

    Part of the problem is that you may have local network IPv6 connectivity but not Internet IPv6 connectivity. Your application looks up an AAAA record, tries to connect, and fails. Hopefully it will then try the A record (if you use gethostent() then you will do this automatically), but it will have to wait for the connection to fail before doing this, which may take a while.

    --
    I am TheRaven on Soylent News
  9. Re:Nice Try but... by Kjella · · Score: 3, Insightful

    The real issue I think is, who wants an IP6-only Internet connection? NOBODY. Because despite everything, there's millions of applications and shit that won't work because they assume there's nothing but IPv4. You can pry my IPv4 address from my cold dead hands, being on IPv6 would be very close to being permanently behind NAT - you get out, nothing gets in. And if you're handing out a IPv4 address as well, you've gained nothing. I'm guessing someone at the bottom of some barrel somewhere end up taking it anyway because that's all there is, but it won't be in the first world countries. That is the only way it'll really happen beyond nice bullet points on how we should all go IPv6.

    --
    Live today, because you never know what tomorrow brings
  10. Re:yeah also if you unplug your modem and forget.. by Abcd1234 · · Score: 3, Informative

    Seriously, whitelisting just because people smart enough to set up a tunnel forget that it doesn't work any more?

    Huh? What the hell are you talking about? The reason this whitelist is necessary is because many people are victims of routers that send out v6 router advertisements despite not having v6 connectivity, or are on a network that claims to have v6 connectivity, but that connectivity as actually broken. As a result, these people get v6 IPs, and then when software tries to connect to websites that advertise AAAA records, they get long delays while their browser times out attempting to connect over v6, at which point it falls back to v4.

    Hell, all you have to do is Google for "ubuntu disable IPv6" to see how many people are suffering with this problem.

    So, please, quit being a paranoid jackass. There are *very* good reasons to set up this whitelist, and TBH, I think it may be the only way to start getting sites to advertise AAAA records (right now they don't because they're afraid of impacting the user experience due to this very issue).

  11. Re:Nice Try but... by mellon · · Score: 4, Interesting

    I want an IPv6-only connection. I want one that works. Because then I can have a global IP address that's reachable, and then I can do peer-to-peer protocols. This is much better than IPv4, where mostly my devices are behind a NAT, and peer-to-peer requires clever device-specific hacks to punch holes in the NAT. This reduces reliability, and in a lot of cases makes simple protocols that ought to work fail. I can't do iChat video with my dad because he's on the far side of two layers of ISP-inflicted NATting. And no, he can't change providers - what they have now is orders of magnitude better than what they had before my mom and several other members of the selectboard in her small town organized a local wireless ISP using an antenna at the top of a local mountain. If they had IPv6 that worked, it would be *much* better.

    The problem is that right now IPv6-only connections don't work, because not enough stuff on the network is reachable. That's changing, and this is part of the change. At the recent IETF, there was a v6-only network with a 6to4 NAT, and it worked pretty well, although it turned up a few bugs in a certain vendor's IPv6 stack.

  12. Re:Nice Try but... by mellon · · Score: 2, Informative

    Comcast is doing an IPv6 trial right now. Freenet in France has had IPv6 running using 6RD for quite a long time now. You can get IPv6 tunnels from Hurricane Internet and Sixxs. If you are interested in IPv6, go start using it. Don't just sit there on your (no doubt svelte) ass! :')

  13. Re:DNS (AAAA and PTR -record) syntax, why? by Shimbo · · Score: 2, Informative

    But why is the PTR so damn verbose?

    Delegation without a hack like RFC 2317.

  14. Re:Nice Try but... by Abcd1234 · · Score: 2, Informative

    Indeed! After the recent 1.3 release of m0n0wall, which now supports v6, I rolled out v6 on my home network using Hurricane Electric as my tunnel broker. It was dead easy to set up and works extremely well (particularly when combined with a AAAA-capable free DNS hosting service like Afraid.org... goodbye dynamic DNS, it was great knowing ya). Though I did have to manually set up a script to update HE when my v4 IP changes...

    Meanwhile, on the road, I just fire up Miredo (a Teredo tunnel client for Linux and presumably other Unixes), and voila, I get v6 connectivity that I can use to access my home network.

  15. Re:Nice Try but... by trapnest · · Score: 2

    You missunderstand. That's how it would work if the internet wasn't largely ip4 only. If the OP was on an ip6 only network, he'd need to use a 6to4 tunnel to access the ip4 internet, and would be no better off then being behind a restrictive NAT.

  16. Re:The issue is metadata by Abcd1234 · · Score: 3, Informative

    How do you get on this whitelist?

    *You* don't get on the whitelist. Your ISP gets on the whitelist, by demonstrating they have functional v6 network connectivity. Once that's done, the ISP is added to the whitelist, and thereafter, any DNS records resolved using the ISPs DNS servers will include AAAA records from participating content providers.

    For example, Hurricane Electric entered just this sort of agreement with Google. As such, anyone using HE's DNS servers get Google's AAAA records, and so because I use HE as my tunnel broker, I get access to Google via v6. However, Google knows nothing about me in particular.

  17. Re:Why do they need a whitelist by Fastolfe · · Score: 3, Insightful

    This is to deal with cases where an ISP sets up "trial" or "beta" IPv6 services for their users, and they don't support it as well as their existing IPv4 service. They might have an IPv6 outage for hours or days, but nobody cares because it's just a trial, right? Meanwhile, the user is having an awful experience trying to pull up www.google.com, and they don't know why, and since every other web site seems to come up without a problem (because they're all still on IPv4), they conclude that it's a problem with Google.

    You can avoid much of this by whitelisting ISPs that have demonstrated that they actually care about IPv6.