Connectivity to an IPv6-only site

This is a no-brainer, because I know that everyone who reads this will
visit the link. All I request is an off-list message stating if you
could get there or not (it won't be possible to parse my weblogs for
those who can't):

http://onlyv6.com

Operationally, I want to personally take a very rough inventory on the
number of people who can get to the site, and who can't.

The purpose of this is so that I can gain deeper insight into troubles
that the inevitable v6 only networks are going to face, and what impact
will occur to an ISP that is currently thinking that v6 is not for them.

All findings will be publicly posted.

Steve

Hi,
   What is your method to discover who cannot connect to your webserver?
   Regards,

Janos Mohacsi
Head of HBONE+ project
Network Engineer, Deputy Director of Network Planning and Projects
NIIF/HUNGARNET, HUNGARY
Key 70EF9882: DEC2 C685 1ED4 C95A 145F 4300 6F64 7B00 70EF 9882

Even though this is the middle of the night, I am being inundated with
responses (which is fantastic by the way).

Let me expand on my request quickly, and I'll post a 'why I think it's
breaking for some of you' immediately after.

If you could, if you have an IPv6 address, include that in your message,
and if possible, your AS as well.

This information will not be made public, but will help tremendously
with my personal research.

Thanks,

Steve

knows the site.

I should point out that I am really stupid about v6--I don't know if I
should be able to find a nameserver or not.

No. It's not *who* but *why*.

This is a personal research project. I'm trying to identify where
breakage happens when trying to connect to an IPv6-only network.

There are so many places within the Internet that this could happen, I
just thought that I'd test it for myself, and then try to attract
traffic to the site from across the globe so I could identify edge-cases
that I hadn't thought about.

This blog post describes the basics of why most sites won't be able to
traverse the IPv6 network, even if they are v6 enabled locally:

http://ipv6canada.com/?p=92

I'd be glad to get into much deeper detail than this... I'm just a bit
caught up at 0400 hrs est when I need to be up in two hours. Reminds me
a bit of the ARIN meeting

Keep the feedback coming...please.

Steve

ps. During the time I was setting up this test case, I somehow broke my
email server (even though that is a completely different box), so some
of my email isn't going out (from what I can tell, this might have
included some that were destined for someone on the ARIN BoT. If you
have seen weird gaps in conversation, this is likely why).

Has nothing to do about being stupid... let's rephrase your statement
and put a positive spin on it as such:

"I've heard about IPv6, but don't know very much about it. I think that
I should know more, but am a bit confused as to where to begin. What do
I do first?".

Then I'd say:

"As a start, go to http://www.getipv6.info/index.php/Main_Page . If that
doesn't get you going, then let the rest of the community start posting
the resources that they know about, ranging from beginner up to the
advanced.".

Steve

Go get an airport express, install it get your Internet then click ipv6 enable box and that's it. Seriously!

Toute connaissance est une réponse à une question

Hmm. Then why did I just replace my airport and my ISP to get functioning IPv6? Hint: 6to4 != IPv6.

Mat

Larry... let me explain why. Although you might not understand, others
will, and you may remember this as something when you do use IPv6.

Believe me, nobody can remember everything, and what I'm trying to
achieve here is isolating easy-to-document issues.

It may be above your head at this time, but my objective is to find out
the rough edges, that net ops will be able to identify quickly when
problems arise... much like looking for reckless filtering of ICMP on an
IPv6 network.

Why you can't get a name server... because this is how the domain is
configured:

- in WHOIS, I have ns1 and ns2.onlyv6.com listed as the authoritative
name servers

- both of these servers *only* have IPv6 addresses

- the domain registry translates my authoritative name server names into
IPv6 addresses, so:

   Domain servers in listed order:
      NS1.ONLYV6.COM
      NS2.ONLYV6.COM

- effectively is:

ns1.onlyv6.com. 172602 IN AAAA 2607:f118:8c0:800::64
ns2.onlyv6.com. 172591 IN AAAA 2001:470:b086:1::53

- there is absolutely no way that these servers can be contacted over
v4. There is no v4 A record available...anywhere.

There are two obvious causes of why you can't see me:

- you (your ISP) is not v6 enabled
- the DNS box that you use for recursion is not properly v6 connected

There is a middle ground that I've seen that I believe is as scary as
not having IPv6 at all. I've been in environments where an ISP is
claiming to be v6 enabled, but only have it geared up toward their
clients and to the Internet. Their DNS servers (and other services) are
not v6 enabled, so the access clients run into a situation eerily
similar to one that I'm trying to document.

This is a personal research project, in which I want to learn about the
health of connectivity, and about other situations that causes breakage
that I haven't considered before.

I'd be absolutely pleased to provide IPv6 learning resources, and
discuss this further with you off list.

Steve

even bridged mode broadband service != broadband service (i.e:airport express 6to4 not working on PPPoE)

Earlier, in haste, I mistook your "What" for 'why' the first time I read
your question.

My method to discover is very clear cut... either you can get to the
site, or you can't.

Just like when the situation happens in practice, I'll need to be
notified via email (unlikely if all of my services are on v6) or phone
if you can't reach the website.

This is why I requested off-list feedback.

Steve

...email me with your v6 addr/AS whether you can/can't get to that site.

I want to thank everyone thus far for all of the feedback. I've received
at least four dozen off list replies, and expect many more after the
actual North American people wake up.

This is, after all, an ops group, so I did expect a somewhat high
success rate, but without counting, so far it's about 60%.

I'd like to see at least 300 hits.

I'm off today to be concerned about something other than being close to
email, so I'll just hopefully have lots to read when I get back.

The most productive part of this project so far, has been that I've
suckered in three people that mailed me privately out of the ARIN lists
that I believe are now convinced that v6 is the right way to proceed,
and one or two more who emailed on-list

One network at a time. Thanks all,

Steve

Which seems a bit far afield from reality to me. Yes, there are lots
of folks with IPv6 connectivity and v4-only recursive DNS servers. I
don't think ISPs will have problems setting aside a handful of IPv4
addresses for authoritative DNS infrastructure to work around this
until v6 transport in recursive DNS servers is common enough.

Cheers,
Dave Hart

Which seems a bit far afield from reality to me. Yes, there are lots
of folks with IPv6 connectivity and v4-only recursive DNS servers. I
don't think ISPs will have problems setting aside a handful of IPv4
addresses for authoritative DNS infrastructure to work around this
until v6 transport in recursive DNS servers is common enough.

Assuming your ISP is providing your DNS. What if I, as a new start-up in the IPv4-exhausted world, want to buy pure bit-pipes from my ISP, and be responsible for *everything* further up the stack? I don't believe this is entirely uncommon.

Regards,
Tim.

Then you're going to either accept the hit to reachability, or you're
going to use at least one third-party authoritative DNS service
provider who can slave your zone over v6 and serve it over v4.
puck.nether.net likely fits the bill and is free of charge.

Cheers,
Dave Hart

1- http://onlyv6.com is not resolving .....
2- why would anyone be interested in buying "bit-pipes" from you if you don't own fiber or ports in a switch?
3- why would anyone be interested in buying ip address space if they can do it from SP's themselfs or apply for that ripe allocation?
4- ICIN 2009 highlighted the fact the SP#s are interested in rolling out new ethernet services - that has been happening for the past years!
5- http://www.potaroo.net/tools/ipv4/index.html shows the V4 exhaustion - the depletion of the IPv4 allocation pool has been a concern however is still in use. Understanding the v6 migration is driving the change.
http://www.usipv6.com/6sense/2006/mar/pdf/UnderstandingIPv4AddressExhaustion.pdf
just seems that it follows the switchover to digital (2012)
http://www.eurescom.eu/Public/Projects/P1900-series/P1952/default.asp

Godzilla vs. the Smog Monster

Its a shame there is not a pair of images on this site - one originated from a v4 only box, one a v6 only box. The img src= could point to the image with a query string that was an automatically incrementing counter. Then you could have demonstrated statistics about v4 only, v6 only, and dual stack visitors. Alas, it looks like a neat bit of research in any case, hope it helps some folk debug their v6 into a working state too.

Andy

Not really, having your nameservers be IPv6 enabled is a reasonable thing to do.

FYI: on comcast I see SERVFAIL, meaning their recursives do not have IPv6 transport.

(I know we have that at my employer on our customer-facing recursives).

; <<>> DiG 9.6.0-APPLE-P2 <<>> any www.onlyv6.com.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 54773
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.onlyv6.com. IN ANY

;; Query time: 1605 msec
;; SERVER: 68.87.72.130#53(68.87.72.130)
;; WHEN: Fri Apr 23 08:41:08 2010
;; MSG SIZE rcvd: 32