Re: [dns-wg] Re: Re: IPv6 glue AAAA RRs in the root zone
"Jeroen" == Jeroen Massar <jeroen@unfix.org> writes:
>> Wrong, several root name servers (of course, not ICANN's one) >> are reachable over IPv6: read http://www.root-servers.org/ >> and edit your db.root. Jeroen> I know those addresses and I also know that all of those Jeroen> boxes have a latency over at least 200ms and very odd Jeroen> routability and those are far far far from to be called Jeroen> production. This could be a good topic for presenting to the WG. Want to volunteer to write up a document and/or presentation on the state of IPv6 deployment in the root and TLD name servers, routing anomalies, etc, etc? It would be good to hear someone's first-hand experiences with this stuff: what went wrong, how it was worked around or solved, what could be done better, future directions. Personally, I don't see why you care about the RTT to a root server. A well-behaved name server will make 4-5 queries to a root server once a week or so. Why optimise that? Please note I'm not suggesting that it's OK for root servers to have lousy RTTs. My name server is in regular, frequent contact with other name servers that have RTTs longer than 200ms. Jeroen> One really doesn't want to use those, just to be able to Jeroen> say that one can use IPv6.... Well, what other choice is there? :-) And anyway, since the overwhelming bulk of the world's name servers are IPv4-only, resolution over IPv6 doesn't seem to be a particularly productive exercise. Jeroen> BTW that list is missing i.root-servers.org which is Jeroen> located in Sweden, but that is a testing address and Jeroen> routes over the US instead of staying inside Europe... Why does it matter where a root name server is physically located? Sorry, I should rephrase that: why does it matter where a route for a root name server gets announced? IMO a 200ms RTT over IPv6 has to be better than an infinite RTT.
[Added CC to ipv6-wg@ripe.net, where IMHO this belongs ;) ] On Wed, 2004-07-21 at 11:11, Jim Reid wrote:
"Jeroen" == Jeroen Massar <jeroen@unfix.org> writes:
>> Wrong, several root name servers (of course, not ICANN's one) >> are reachable over IPv6: read http://www.root-servers.org/ >> and edit your db.root.
Jeroen> I know those addresses and I also know that all of those Jeroen> boxes have a latency over at least 200ms and very odd Jeroen> routability and those are far far far from to be called Jeroen> production.
This could be a good topic for presenting to the WG. Want to volunteer to write up a document and/or presentation on the state of IPv6 deployment in the root and TLD name servers, routing anomalies, etc, etc? It would be good to hear someone's first-hand experiences with this stuff: what went wrong, how it was worked around or solved, what could be done better, future directions.
Check http://www.sixxs.net/misc/latency/ and select the "IPv6 between POPs and well known destinations" option to reveal some ugglyness. I've been monitoring most of them for quite some time already and I also did some testing with the IPv6 only test root's (see http://www.rs.net) The POPs mentioned btw are the located all over Europe at various independent ISP's add .sixxs.net to find out exactly where or see the POP page on the site. Average latency to b.root-servers.net at least 294ms. H.root-servers.net was gone for sunday to monday and so on.... Not even minding the packetloss. E and I are also there btw, though that is not on the root-servers.org site.
Personally, I don't see why you care about the RTT to a root server. A well-behaved name server will make 4-5 queries to a root server once a week or so.
<SNIP> That is indeed true, but it is rather odd when a machine is physically close and good connectivity between for instance Amsterdam and Sweden exists and then one still has traffic going over the US... But this is more a problem of the state of the IPv6 routing tables and the fact that only I is in europe and is only even testing IPv6 connectivity. Thus a presentation or better a debate about how the IPv6 routing can be improved in general would be a better subject and prolly the place for that is the ipv6-wg. But as people know who go there Gert Doering has been doing those updates for quite some time already and last time at least there was some discussion about the MIPP draft. Even as it has improved considerably in the last couple of years we are not there yet.. Greets, Jeroen
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2004-07-21, at 11.11, Jim Reid wrote:
Jeroen> BTW that list is missing i.root-servers.org which is Jeroen> located in Sweden, but that is a testing address and Jeroen> routes over the US instead of staying inside Europe...
Why does it matter where a root name server is physically located? Sorry, I should rephrase that: why does it matter where a route for a root name server gets announced?
IMO a 200ms RTT over IPv6 has to be better than an infinite RTT.
Although I agree in principle from a DNS perspective - the high RTT in most occasions indicates tunneling. And although tunneling per-se is not that bad, it is much more vulnerable to problems in the underlaying routing and most of all, much harder to diagnose from the "outside". - - kurtis - -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.3 iQA/AwUBQP47R6arNKXTPFCVEQIVIACfT2aoJQviSEoGlOhI1/gFn7ZuXpkAoIsP NclE/WfB/ZG6tAHIQvofpi/X =1IjQ -----END PGP SIGNATURE-----
Probably this is relevant for this thread even when the test not done in root servers ... http://www.ist-ipv6.org/modules.php?op=modload&name=News&file=article&sid=613 ----- Original Message ----- From: "Kurt Erik Lindqvist" <kurtis@kurtis.pp.se> To: "Jim Reid" <jim@rfc1035.com> Cc: "Peter Koch" <pk@TechFak.Uni-Bielefeld.DE>; "Stephane Bortzmeyer" <bortzmeyer@nic.fr>; "Jeroen Massar" <jeroen@unfix.org>; <dns-wg@ripe.net> Sent: Wednesday, July 21, 2004 11:45 AM Subject: Re: [dns-wg] Re: Re: IPv6 glue AAAA RRs in the root zone
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 2004-07-21, at 11.11, Jim Reid wrote:
Jeroen> BTW that list is missing i.root-servers.org which is Jeroen> located in Sweden, but that is a testing address and Jeroen> routes over the US instead of staying inside Europe...
Why does it matter where a root name server is physically located? Sorry, I should rephrase that: why does it matter where a route for a root name server gets announced?
IMO a 200ms RTT over IPv6 has to be better than an infinite RTT.
Although I agree in principle from a DNS perspective - the high RTT in most occasions indicates tunneling. And although tunneling per-se is not that bad, it is much more vulnerable to problems in the underlaying routing and most of all, much harder to diagnose from the "outside".
- - kurtis -
-----BEGIN PGP SIGNATURE----- Version: PGP 8.0.3
iQA/AwUBQP47R6arNKXTPFCVEQIVIACfT2aoJQviSEoGlOhI1/gFn7ZuXpkAoIsP NclE/WfB/ZG6tAHIQvofpi/X =1IjQ -----END PGP SIGNATURE-----
********************************** Madrid 2003 Global IPv6 Summit Presentations and videos on line at: http://www.ipv6-es.com This electronic message contains information which may be privileged or confidential. The information is intended to be for the use of the individual(s) named above. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, including attached files, is prohibited.
At 10:11 AM +0100 2004-07-21, Jim Reid wrote:
Personally, I don't see why you care about the RTT to a root server. A well-behaved name server will make 4-5 queries to a root server once a week or so. Why optimise that? Please note I'm not suggesting that it's OK for root servers to have lousy RTTs. My name server is in regular, frequent contact with other name servers that have RTTs longer than 200ms.
Well, I'm not an IPv6 expert by any stretch of the imagination, but the impression I got was that if you were IPv6-only, and all the root nameservers you can reach via IPv6 are routed via highly undesirable paths, then you would be in a pretty bad situation. It's fine for some of those IPv6 addresses to be non-production or very sub-optimally routed, but I think the problem comes from when that happens to all of them. At least, that was my take.
Well, what other choice is there? :-) And anyway, since the overwhelming bulk of the world's name servers are IPv4-only, resolution over IPv6 doesn't seem to be a particularly productive exercise.
True enough. Thinking about it some more, I can't imagine anyone in the real world today who might be forced to be in an IPv6-only environment. However, I can imagine a lot of groups that would want significant testing to be done in IPv6-only environments, to try and simulate as best as possible what the real world would look like in the near future, when some people might start to be put in this boat. They would be unable to expand those tests to other groups, until the IPv6-only access is improved. This would also force them to roll back the initial implementation period for real users. And they'd be in a world of pain if they had already committed to IPv6-only service for certain groups, and then be unable to deliver to them. It seems to me that the folks in Asia would be most likely to be hurt by this, as well as anyone who is working on the "ubiquitous computing" environments where anything with a battery, power cord, or display would be given it's own IP address.
Why does it matter where a root name server is physically located? Sorry, I should rephrase that: why does it matter where a route for a root name server gets announced?
IMO a 200ms RTT over IPv6 has to be better than an infinite RTT.
But if they're all 200ms for IPv6-only, that may effectively prohibit the deployment of IPv6-only networks (or even IPv6-first networks), until such time as the RTT is improved to a more adequate level. -- Brad Knowles, <brad.knowles@skynet.be> "Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety." -- Benjamin Franklin (1706-1790), reply of the Pennsylvania Assembly to the Governor, November 11, 1755 SAGE member since 1995. See <http://www.sage.org/> for more info.
On 21 Jul, 2004, at 11:50, Brad Knowles wrote:
At 10:11 AM +0100 2004-07-21, Jim Reid wrote:
Personally, I don't see why you care about the RTT to a root server. A well-behaved name server will make 4-5 queries to a root server once a week or so. Why optimise that? Please note I'm not suggesting that it's OK for root servers to have lousy RTTs. My name server is in regular, frequent contact with other name servers that have RTTs longer than 200ms.
Well, I'm not an IPv6 expert by any stretch of the imagination, but the impression I got was that if you were IPv6-only, and all the root nameservers you can reach via IPv6 are routed via highly undesirable paths, then you would be in a pretty bad situation. It's fine for some of those IPv6 addresses to be non-production or very sub-optimally routed, but I think the problem comes from when that happens to all of them.
At least, that was my take.
Well, what other choice is there? :-) And anyway, since the overwhelming bulk of the world's name servers are IPv4-only, resolution over IPv6 doesn't seem to be a particularly productive exercise.
True enough.
True enough for what subset of users? If the a user is interested in only a few and those provide the service that user needs and uses, what does he/she care about a million servers out there? The problem here is that this initial missing link does not enable a user that could be IPv6 only and live without a NAT, to do so. It is this lack of enabling that is the problem from my point of view. Joao
At 11:46 AM +0200 2004-07-22, Joao Damas wrote:
Well, what other choice is there? :-) And anyway, since the overwhelming bulk of the world's name servers are IPv4-only, resolution over IPv6 doesn't seem to be a particularly productive exercise.
True enough.
True enough for what subset of users?
For that subset of users which are not using IPv6-only systems.
If the a user is interested in only a few and those provide the service that user needs and uses, what does he/she care about a million servers out there?
IMO, the real problem is knowing, a priori, precisely which set of servers you'd need to talk to via IPv6-only methods. If you knew that, you wouldn't have to worry about whether or not there is any glue at the root. Of course, we might be able to try to answer these sorts of questions for small-scale testing environments, but in the general case it is impossible to know this. Therefore, we have to try to build the systems such that we do provide the necessary links from the root. The real question is what to do in the transition period, and how do you decide where you are in the transition period? -- Brad Knowles, <brad.knowles@skynet.be> "Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety." -- Benjamin Franklin (1706-1790), reply of the Pennsylvania Assembly to the Governor, November 11, 1755 SAGE member since 1995. See <http://www.sage.org/> for more info.
On 22 Jul, 2004, at 12:00, Brad Knowles wrote:
Therefore, we have to try to build the systems such that we do provide the necessary links from the root.
Precisely Joao
participants (6)
-
Brad Knowles -
Jeroen Massar -
Jim Reid -
Joao Damas -
JORDI PALET MARTINEZ -
Kurt Erik Lindqvist