On Thu, 2004-07-22 at 11:36, Joao Damas wrote:
On 21 Jul, 2004, at 18:03, Jeroen Massar wrote:
We are trying hard to make F available from our anycast nodes on its IPv6 address. Finding exchange points which (a) will give you v6 addresses and (b) have peers which will peer with you over IPv6 is not trivial, however.
Then I should advise you to come to the AMS-IX, there is no F there and it should not be hard to get IPv6 from the IX nor transit nor peers. Just give them a shout and I am sure people are willing to help out.
F has v6 enabled for peerings at several exchanges, for instance at the SFINX in Paris, the GigaPIX in Lisbon and the Namex in Rome. We will turn it on in any other anycast location where the exchange supports IPv6 traffic directly and there are peers to peer with.
As can be seen under f.root-servers.net at the following url (use "IPv6 well known destinations"): http://www.sixxs.net/misc/latency/latency/ F is at about 100ms in IPv6 for most destinations, ~3ms from ptlis01 though. Then again if I look at f.root-servers.net over IPv4 in that same graph the average is ~150ms... hmmm IPv6 is better as IPv4? :) On Thu, 2004-07-22 at 12:12, Jim Reid wrote:
Have you forgotten the IPv6 migration issues that Johan Ihren and others have mentioned at previous WG meetings? Some IPv6 users will drop DNS over IPv4 as soon as they see AAAAs for TLD name servers.
Then those users doing that are basically stupid. You can't do anything about that and they simply hurt themselves. IPv4 will exist for at least the coming 50 years in one form or another and it will not evaporate. People thinking that they can live without some kind of IPv4 access, well let them live in their small world.
I'd agree with that sentiment if we knew for sure we were talking about informed, knowledgeable users. But I'm not convinced that's the case.
Do 'normal' users know what IPv6 is, or even IPv4 or even IP? They want to type names and generally don't configure their nameservers, DHCP does that. And the few that will break it will hurt themselves and get laughed at. Non issue ;)
Even so this approach brings more problems. Firstly, it highlights the lack of a migration strategy for introducing DNS over IPv6.
DNS over IPv6 gives an extra transport possibility, we cannot currently do without IPv4. If you want a IPv6 only DNS system make sure that you at least have a caching IPv4/IPv6 capable box in front of it. The same goes for proxies, shutdown your IPv4, just keep your proxybox doing both IPv4 and IPv6 and you will be fine.
We still don't know what's going to break, how those failures will manifest themselves and what the consequences of that will be. Both for applications/resolvers and for name servers. For instance, what will my IPv6 web browser do when lookups over IPv6 for www.google.com return only A records? Or SERVFAIL?
The transport (IPv4 or IPv6) doesn't matter, what matter is the answer which you get and the speed of it. DNS fortunatly falls back to another transport or nameserver to retrieve the answer from another when SERVFAIL comes back. When you have an IPv6 only webclient then of course you can't use A records and you will fail there, solution: Transition Mechanism's. eg try: http://www.google.com.sixxs.org Or any other proxy as I described above.
Second of all, a piecemeal introduction of AAAA glue could be destablising for the DNS and the internet. We just don't know either way, so we should proceed carefully with a good understanding of the consequences of these changes.
How can it destabilize 'the internet'? The only problem that could occur is when there is too many glue in so that you require EDNS0, in that case you need to update your machine anyway as you are a hot target for virii, DNS is then the least of your concerns ;) (Oh and yes I like legacy machines, don't worry)
Thirdly, this could also put pressure on other TLDs to add AAAA glue -- "because others are doing this" -- before they're ready to do so.
If they are not ready now then they are simply late. That is the same with deploying your IPv6 network now or in 10 years when there is customer demand. Either you do it now and slowly and with a possible small customer base who don't mind that you are breaking it or you do it rapidly in a couple of years and break a lot of things.
Finally, by encouraging the IPv6-only people to go off into their own little world, we fragment the internet and its name space. At the very least, it will mean some IPv6-ers are likely to develop a mindset that DNS migration to IPv6 is done and there's nothing more for them to do as far as IPv6 and the DNS is concerned.
People using IPv6 (next to IPv4) can already reach a number of sites and especially content which the IPv4 people can't. Probably the best example since long: www.kame.net When using IPv4 you can't see the Dancing Kame(tm). Too bad for them.... computers is progress, if you don't progress then stay behind. The 'normal public' you are talking about will follow, it will take some time but it will happen, not now, not tomorrow, not directly, not with a flag day, but very slowly and gradually. Greets, Jeroen