Random IPv6 complaint of the day: redirects from FCC.gov to pay.gov fail when clients have IPv6 enabled. Work fine if IPv6 is off. One more set of client computers that should be dual-stacked are now relegated to IPv4-only until someone remembers to turn it back on for each of them... sigh.
Matthew Kaufman
No Happy Eyeballs?
Perhaps also time to ditch XP and IE for something new as well.
-as
Windows 8 running Google Chrome as the browser.
Matthew Kaufman
No issues for me over IPv6 on Comcast.
Perhaps some local network issue? Any reported issues if you try to visit http://www.test-ipv6.com/ ?
- Jared
One more (498?) set(s) of data points:
I used RIPE ATLAS probes to check the SSL certificate over IPv6 (a nice way to check reachability)..
Measurement# 1584700
You can look through the data to determine where it's not reachable from, but it seems to be "generally reachable" without issue from nearly all the probes.
JSON link as well:
https://atlas.ripe.net/api/v1/measurement/1584700/result/
- Jared
It was reachable by hand-typed URL, but the machines trying to follow a redirect from the FCC site during payment flow failed. Had to be brought back online, so once it was determined that turning v6 off was sufficient, that was the end if the debugging.
Matthew Kaufman
HE should work then, perhaps another problem + IPv6.
-as
www.eda.gov has been broken since January.
It has a AAAA record but when clients connect via IPv6 they see "Bad Request (Invalid Hostname)” rather than the web site.
Still broken, 7 months later. And again, I was too busy trying to pay to try to pull a full set of logs. But if you do something on the FCC site that requires payment, the redirection flow dies halfway through if you're coming from IPv6 and works fine if you turn it off... so yet another computer in the house has IPv6 disabled until manually turned back on.
Matthew Kaufman
Why not just use a browser plugin that allow you to disable v6 selectively on a per site/domain basis? Most of them just display v4/v6 information, but 4or6 allows you to quickly set a domain/site as v4 only. Ref https://addons.mozilla.org/en-US/firefox/addon/4or6/?src=search
FWIW, eftps.gov is also unreachable via ipv6. I tried all of miredo,
and my home Sixxs tunnel, and a HE tunnel from somewhere else. I used
the 4or6 plugin to temporarily disable ipv6 and both sites loaded
straight away.
eftps.gov and pay.gov appear to be managed separately since both their
ipv4 and ipv6 netblocks are not in the same netblocks, and my path to
them is not the same:
eftps.gov has IPv6 address 2620:10f:400e:a::13
mtr to eftps.gov via Sixxs:
Host Loss% Snt Last
Avg Best Wrst StDev
1. 2604:8800:100:82bc:ddcb:ae62:e3da:c91f 0.0% 16 0.9
0.9 0.9 1.6 0.2
2. gw-701.chi-03.us.sixxs.net 0.0% 16 71.6
72.4 68.6 78.3 2.4
3. uschi03.sixxs.net 0.0% 16 70.2
71.8 69.2 78.8 2.4
4. 2620:0:6b0:a::1 0.0% 15 67.3
73.3 67.3 79.7 3.2
5. tge3-1.fr3.ord4.ipv6.llnw.net 0.0% 15 73.6
75.4 70.1 85.4 4.9
6. ve8.fr3.ord.ipv6.llnw.net 0.0% 15 73.5
79.7 72.9 90.4 5.7
7. 2600:805:41f::5 0.0% 15 104.4
81.9 74.2 104.4 9.0
8. 2600:806::12 0.0% 15 105.2
104.0 100.6 109.8 2.9
9. 2600:806:12f::2e 0.0% 15 134.5
135.7 131.4 147.4 4.1
10. 2620:10f:400e:1::4004 0.0% 15 161.5
145.9 131.5 163.8 9.9
11. ???
pay.gov has IPv6 address 2605:3100:fffd:100::15
mtr to pay.gov via Sixxs:
Host Loss% Snt Last
Avg Best Wrst StDev
1. 2604:8800:100:82bc:ddcb:ae62:e3da:c91f 0.0% 11 0.9
0.9 0.7 1.1 0.1
2. gw-701.chi-03.us.sixxs.net 0.0% 11 70.8
70.9 67.0 74.4 2.2
3. uschi03.sixxs.net 0.0% 11 73.7
73.7 69.8 90.1 5.6
4. 2620:0:6b0:a::1 0.0% 11 70.6
73.7 70.4 86.2 5.0
5. tge3-1.fr3.ord4.ipv6.llnw.net 0.0% 11 72.4
75.6 71.5 82.6 3.2
6. ve8.fr3.ord.ipv6.llnw.net 0.0% 11 76.1
79.3 74.7 87.9 4.0
7. tge32-3.fr3.dal.ipv6.llnw.net 0.0% 11 99.1
100.1 96.4 106.2 2.7
8. sl-st30-dal-te0-14-0-1.v6.sprintlink.net 0.0% 11 98.2
102.0 98.2 111.0 4.4
9. sl-crs1-fw-be40.v6.sprintlink.net 0.0% 11 99.5
100.5 96.2 105.5 2.5
10. sl-gw38-fw-po0-0.v6.sprintlink.net 0.0% 11 96.4
98.8 96.4 105.1 2.6
11. 2600:4:2000:4::9 0.0% 11 100.2
102.0 99.0 107.0 2.7
12. ???
I was hoping an eftps.gov or pay.gov employee was casting an eye this
way, but it doesn't look like anybody from there is subscribed to
NANOG.
...Todd
>>
>> Random IPv6 complaint of the day: redirects from FCC.gov to pay.gov fail
>> when clients have IPv6 enabled. Work fine if IPv6 is off. One more set of
> Still broken, 7 months later. And again, I was too busy trying to pay to tr
y
> to pull a full set of logs. But if you do something on the FCC site that
> requires payment, the redirection flow dies halfway through if you're comin
g
> from IPv6 and works fine if you turn it off... so yet another computer in
> the house has IPv6 disabled until manually turned back on.FWIW, eftps.gov is also unreachable via ipv6. I tried all of miredo,
and my home Sixxs tunnel, and a HE tunnel from somewhere else. I used
the 4or6 plugin to temporarily disable ipv6 and both sites loaded
straight away.
If a site is unreachable your client should switch to IPv4 unless
a IPv6 literal has been used.
If your client take ages to switch over report a bug to the client
vendor.
It should not take ages to switch between multiple server addresses.
IPv4 + IPv6 is just a example of multiple server addresses.
This is why I need to pull logs the next time I need to pay the FCC. There are several rounds of redirects involved from clicking the payment button on the FCC site to the final landing at pay.gov, and one of the last steps never connects if IPv6 is enabled.
Matthew Kaufman
