GLIF: Re: [SURFnet6-noc] www.glif.is and IPv6 problems

Subject	Re: [SURFnet6-noc] www.glif.is and IPv6 problems
From	Pieter de Boer <pieter@xxxxxxx>
Date	Mon, 23 Feb 2009 09:41:24 +0100 (CET)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

All,

As promised earlier the outcome of the IPv6 trouble with www.glif.is.
After debugging with Max gigapop and Cable&Wireless a problem was found in
the IPv6 advertisements from Max gigapop to NLR. This has been corrected
and all is working now.

If for anybody an IPv6 problem remains, please contact me offlist. We'll
be happy to work with you in debugging this. For SURFnet IPv6 is a full
production services and we'll certainly threat it as such.

Pieter

On Thu, 19 Feb 2009, Pieter de Boer wrote:
> On Wed, 18 Feb 2009, Chris Tracy wrote:
> > I'm not sure who would be the best person to report this to,
>
> SURFnet NOC as Terena relies for all connectivity on SURFnet and
> www.glif.is has an IPv6 adres out of the SURFnet /32
>
> > but we noticed that DNS for www.glif.is returns both A and AAAA records,
> > and there appear to be some problems beyond cw.net when trying to access
> > the GLIF website from some sites within the US.
> >
> > For example, from MAX (and anybody connected to us), if your host has
> > an IPv6 address and you try to reach www.glif.is, it seems to cross
> > the Atlantic but then gets stuck beyond cw.net:
> >
> > # traceroute6 www.glif.is
> > traceroute to www.glif.is (2001:610:148:dead::6), 30 hops max, 80 byte packets
> >  1  2001:468:c00:6::1 (2001:468:c00:6::1)  0.432 ms  0.542 ms  0.634 ms
> >  2  2001:468:c00:5::2 (2001:468:c00:5::2)  1.581 ms  1.674 ms  1.765 ms
> >  3  equinix.ash.cw.net (2001:504:0:2::1273:1)  3.077 ms  3.663 ms  3.077 ms
> >  4  xe-11-0-0.xcr1.ash.cw.net (2001:5000:0:145::2)  95.519 ms  95.496 ms  95.507 ms
> >  5  * * *
> >  [...]
>
> I don't know what your IPv6 prefix is, I presume 2001:0468:0C00::/40 which
> we prefer routing wise over NLR. But since I don't have any host which has
> an IPv6 adres it's difficult for me to traceroute.
> ---
> pieter@kahn:~$ /usr/sbin/traceroute6 2001:0468:0C00::
> traceroute to 2001:0468:0C00:: (2001:468:c00::) from
> 2001:610:108:49:20b:dbff:fe92:fe35, 30 hops max, 16 byte packets
>  1  * 2001:610:108:49::1 (2001:610:108:49::1)  0.996 ms  0.289 ms
>  2  GE1-1-0.1068.JNR01.Asd001A.surf.net (2001:610:f01:9096::97)  0.751 ms
> 0.389 ms  0.343 ms
>  3  AE0.500.JNR02.Asd001A.surf.net (2001:610:e08:76::77)  0.422 ms  0.411
> ms  0.392 ms
>  4  packetnet-router.Customer.surf.net (2001:610:f16:6016::18)  75.987 ms
> 75.395 ms  75.894 ms
>  5  wash-newy-98.layer3.nlr.net (2001:4880:1:e::)  81.468 ms  80.804 ms
> 80.797 ms
>  6  * * *
> ---
>
> As far as I get stuff out of the NLR routerproxy the next hop should be
> the MAX gigapop router connected to the Washington NLR router.
>
> Can you provide a beter adres to traceroute to. In the mean time we will
> contact Cable & Wireless to check with them. This should be pretty
> straight forward as we buy transit from them.
>
> > We will do whatever we can at MAX to work around this, but I suspect
> > this might be a problem for other sites as well.
>
> Same here I opened ticket ARS-S#016340 and will contact you offlist to
> debug this further. I'll let the list know of the outcome.
>
> > My experience with IPv6 is that most big websites (e.g. Google) do not
> > double-up their DNS entries like this.  Instead, they return the A
> > record for www.google.com and the AAAA for ipv6.google.com.
> > Unfortunately, that seems to be the state of things...
>
> Not completly, Google will only return an AAAA recored if you asked them
> to do so, they are convinced your IPv6 reacability is okay and your big
> enough. In my oppinion hosts should be dual homed if possible, that you as
> an enduser don't have to think whetever you're using IPv6 or IPv4, in both
> cases it should just work. And brings us to where we are something seems
> broken between SURFnet and Max atleast for IPv6
>
> > Replicating this for www.glif.is and ipv6.glif.is might be a good
> > idea, to make sure that people do not have trouble accessing the GLIF
> > website.
> >
> > Fortunately, this does not seem to be a problem from
> > Internet2-connected sites, as I can ping/traceroute to
> > 2001:610:148:dead::6 from the Internet2 router proxy.
>
> Pieter
>
>
> _______________________________________________
> SURFnet6-noc mailing list
> SURFnet6-noc@xxxxxxxxxxxxx
> https://horus.sara.nl/mailman/listinfo/surfnet6-noc
> ------------ Output from gpg ------------
> gpg: Signature made Thu Feb 19 13:01:56 2009 CET using DSA key ID 5D4D2049
> gpg: Good signature from "Pieter de Boer <pieter@xxxxxxx>"
> gpg:                 aka "P.G.C. de Boer (Pieter) <pieter@xxxxxxx>"
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Made with pgp4pine 1.76

iD8DBQFJomFF5fqj9F1NIEkRAkGSAJ94jzTE3B5boXBjVKfVD2A2/tpx+gCgnnjC
Pq2wMU979klWvsezuzyo1Qg=
=EPIl
-----END PGP SIGNATURE-----

References:
- www.glif.is and IPv6 problems
  - From: Chris Tracy
- Re: www.glif.is and IPv6 problems
  - From: Pieter de Boer

Prev by Date: Re: Re: www.glif.is and IPv6 problems
Next by Date: RE: Global Identifiers Naming Convention
Previous by thread: Re: www.glif.is and IPv6 problems
Next by thread: Policy for Dynamic GOLEs 14:30Thursday
Index(es):
- Date
- Thread