[AusNOG] My Predictions for the ISP Industry

Geoff Huston gih at apnic.net
Fri Mar 16 14:52:49 EST 2012


On 16/03/2012, at 2:23 PM, Paul Brooks wrote:

> On 16/03/2012 1:59 PM, Mark Newton wrote:
>> On Fri, Mar 16, 2012 at 01:55:20PM +1100, Paul Brooks wrote:
>> 
>>> Which means the HE figures are conservative, and there are likely to
>>> be a whole pile more people using mechanisms like 6to4 above and
>>> beyond the real tunnel figures.
>> 
>> Yeah, but a counterpoint is that 6to4 often doesn't work.
>> 
>> Check Geoff's presso at APNIC31 for the lowdown.
> 
> Yeah, but a counterpoint is that 6to4 works better than nothing at all, which is what
> most users have while their providers have native IPv6 disabled - plus as native IPv6
> is progressively enabled the use of 6to4 progressively reduces to nothing
> automatically. I'll take 'often doesn't work - but seems to work good enough for me'
> in the interim over 'guaranteed fail' every day.
> 


Actually, no - in serial-based system where the algorithm is: try a connection with IPv6, wait for failure then fallback to Ipv4, a broken 6to4 setup is disastrous, and certainly far worse than nothing at all.

The problem is that 6to4 is, in a word, shitty. 

It does not appear to be 6to4 per se, or even the fact that sometimes your closest outbound 6to4 relay is some poor system located on the other side of the world. These are bad, but whats worse is that for about 15% to 20% of users they sit behind a local firewall / filter that blocks incoming IPv4 protocol 41 packets. So your local system will see it has an active 6to4 interface, look up the DNS for AAAA records, and then send off the SYN in IPv6 using 6to4 and wait. The wait trakes 20 seconds on Windows XT (the most popular platform still supporting 6to4) and 75 seconds if you use Linux. Only then will it figure out that the protracted silence withou a SYN+ACK means to try Ipv4.

So no, 6to4 really is worse than nothing.

Little wonder that Microsoft have altered their local preference rules in 7 (and I think in Vista) to place 6to4 at a lower preference than Ipv4. i.e. you will only use 6to4 if thats all you have and there is no A record coming back from the DNS.

Frankly a service with a 15% to 20% failure rate on connections is not a service at all - in this case nothing is preferable!

And if you think 6to4 is bad, the story about Teredo is frightening. It seems that Teredo, which is a relatively simply NAT traversal mechanism fails around 30% - 40% of the time. And it fails because there are just so many broken forms of NATs out there and Teredo just gets terminally confused about a third of the time. It's so bad that Microsoft in 7 have Teredo effectively disabled! What does this tell us? That a moderately well engineered NAT traversal protocol that tries to create symmetric paths through a NAT fails a third of the time because NATs in IPv4 are just completely crud for anything other than the most simple http fetch. Fair enough. And what do ISPs think will save their bacon in the coming years if they won't do V6? Well, NATs of course. All I can say in response is: "Good luck!" In fact you are going to need more than luck. You'll need a minor miracle to get out of this hole! Either that or embrace the New Internet where we are going to be forced to tunnel absolutely everything over 1:1 http sessions. Now why does this sound so reminiscent of the 1980's? :-)

  Geoff








More information about the AusNOG mailing list