|
Subject |
Re: www.glif.is and IPv6 problems |
|
From |
Pieter de Boer <pieter@xxxxxxx> |
|
Date |
Thu, 19 Feb 2009 13:01:39 +0100 (CET) |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Chris,
On Wed, 18 Feb 2009, Chris Tracy wrote:
> I'm not sure who would be the best person to report this to,
SURFnet NOC as Terena relies for all connectivity on SURFnet and
www.glif.is has an IPv6 adres out of the SURFnet /32
> but we noticed that DNS for www.glif.is returns both A and AAAA records,
> and there appear to be some problems beyond cw.net when trying to access
> the GLIF website from some sites within the US.
>
> For example, from MAX (and anybody connected to us), if your host has
> an IPv6 address and you try to reach www.glif.is, it seems to cross
> the Atlantic but then gets stuck beyond cw.net:
>
> # traceroute6 www.glif.is
> traceroute to www.glif.is (2001:610:148:dead::6), 30 hops max, 80 byte packets
> 1 2001:468:c00:6::1 (2001:468:c00:6::1) 0.432 ms 0.542 ms 0.634 ms
> 2 2001:468:c00:5::2 (2001:468:c00:5::2) 1.581 ms 1.674 ms 1.765 ms
> 3 equinix.ash.cw.net (2001:504:0:2::1273:1) 3.077 ms 3.663 ms 3.077 ms
> 4 xe-11-0-0.xcr1.ash.cw.net (2001:5000:0:145::2) 95.519 ms 95.496 ms 95.507 ms
> 5 * * *
> [...]
I don't know what your IPv6 prefix is, I presume 2001:0468:0C00::/40 which
we prefer routing wise over NLR. But since I don't have any host which has
an IPv6 adres it's difficult for me to traceroute.
- ---
pieter@kahn:~$ /usr/sbin/traceroute6 2001:0468:0C00::
traceroute to 2001:0468:0C00:: (2001:468:c00::) from
2001:610:108:49:20b:dbff:fe92:fe35, 30 hops max, 16 byte packets
1 * 2001:610:108:49::1 (2001:610:108:49::1) 0.996 ms 0.289 ms
2 GE1-1-0.1068.JNR01.Asd001A.surf.net (2001:610:f01:9096::97) 0.751 ms
0.389 ms 0.343 ms
3 AE0.500.JNR02.Asd001A.surf.net (2001:610:e08:76::77) 0.422 ms 0.411
ms 0.392 ms
4 packetnet-router.Customer.surf.net (2001:610:f16:6016::18) 75.987 ms
75.395 ms 75.894 ms
5 wash-newy-98.layer3.nlr.net (2001:4880:1:e::) 81.468 ms 80.804 ms
80.797 ms
6 * * *
- ---
As far as I get stuff out of the NLR routerproxy the next hop should be
the MAX gigapop router connected to the Washington NLR router.
Can you provide a beter adres to traceroute to. In the mean time we will
contact Cable & Wireless to check with them. This should be pretty
straight forward as we buy transit from them.
> We will do whatever we can at MAX to work around this, but I suspect
> this might be a problem for other sites as well.
Same here I opened ticket ARS-S#016340 and will contact you offlist to
debug this further. I'll let the list know of the outcome.
> My experience with IPv6 is that most big websites (e.g. Google) do not
> double-up their DNS entries like this. Instead, they return the A
> record for www.google.com and the AAAA for ipv6.google.com.
> Unfortunately, that seems to be the state of things...
Not completly, Google will only return an AAAA recored if you asked them
to do so, they are convinced your IPv6 reacability is okay and your big
enough. In my oppinion hosts should be dual homed if possible, that you as
an enduser don't have to think whetever you're using IPv6 or IPv4, in both
cases it should just work. And brings us to where we are something seems
broken between SURFnet and Max atleast for IPv6
> Replicating this for www.glif.is and ipv6.glif.is might be a good
> idea, to make sure that people do not have trouble accessing the GLIF
> website.
>
> Fortunately, this does not seem to be a problem from
> Internet2-connected sites, as I can ping/traceroute to
> 2001:610:148:dead::6 from the Internet2 router proxy.
Pieter
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Made with pgp4pine 1.76
iD8DBQFJnUo05fqj9F1NIEkRAuhaAKCStrYYd6mFJFD+hI5jVkUzaAtDRgCfRrK6
LOHs9qolMDr5lxEvCN8qQTE=
=ZtE2
-----END PGP SIGNATURE-----
