Benedikt, An idea: Next time you meet the folks encountering the problems, suggest them to google for "go6 nat64" and configure their resolver to one of Jan's NAT64 test DNS64s, and then turn off IPv4 on their host completely. If their life gets better it will be a very interesting and useful data point. --a
On 09 May 2016, at 22:09, Benedikt Stockebrand <bs@stepladder-it.com> wrote:
Hi Ole and list,
"Ole Troan (otroan)" <otroan@cisco.com> writes:
Considering the increasing reports of people having problems with DS-Lite
Any more details on that? New problems not mentioned in RFC6269?
sorry I haven't got the time right now to review RFC6269 for what's exactly mentioned there and what isn't, but: When I do IPv6 trainings these days it's about one in eight who is struggling with their land line access, which is based on DS-Lite and which reasonably well matches the estimated percentage of DS-Lite on land lines. The problems are however of a somewhat different nature than what RFC6269 addresses; they are roughly these:
- Various services don't work. Like STUN, and due to that, SIP. And apparently various VPN solutions, too, but I never got access to any details with this. The real culprit here seems to be restricted cone NAT in the AFTR, plus apparently IPsec not working through DS-Lite.
- There have been multiple reports that during peak hours there are significant connection drops. The impact varies from user to user as well as from ISP to ISP, apparently. Or as one user put it: "I solved the problem. I just don't even try to access IPv4-only web pages on saturday afternoons any longer."
I don't have access to the AFTRs involved, so I can't reliably tell what's happening there, but from the descriptions I got it looks like some of them are actually running out of memory/CAM during peak hours and start to drop the connections. This is economically plausible, too, since the ISPs won't spend significant money on AFTR hardware until problems have already shown up.
- First level support is frequently completely helpless when confronted with DS-Lite, or even IPv6 in general.
The most annoying aspect here is that frequently it comes across that "it's a problem with IPv6" and "if you keep complaining they'll switch it off again for you" (i.e. they go back to IPv4-only connectivity without restricted cone NAT).
All the information I have here is largely based on anecdotal reports, but enough of them for me to consider these problems anything but isolated cases.
Cheers,
Benedikt
-- Benedikt Stockebrand, Stepladder IT Training+Consulting Dipl.-Inform. http://www.stepladder-it.com/
Business Grade IPv6 --- Consulting, Training, Projects
BIVBlog---Benedikt's IT Video Blog: http://www.stepladder-it.com/bivblog/