IPv6 brokenness and DNS whitelisting

In the field of IPv6 deployment, IPv6 brokenness is bad behavior seen in tunneled or dual stack IPv6 deployments where unreliable or bogus IPv6 connectivity is chosen in preference to working IPv4 connectivity. This often results in long delays in web page loading, where the user has to wait for each attempted IPv6 connection to time out before the IPv4 connection will be tried.^[1]

These timeouts may range from being near-instantaneous in the best cases, to taking anywhere between four seconds to three minutes.^[2]

Google, a major provider of services on the Internet, is currently using DNS whitelisting on a per-ISP basis to prevent this.^[3][4] In the DNS whitelisting approach, ISPs are determined from DNS lookup source IP addresses by correlating them with network prefixes derived from routing tables. There is an IETF draft entitled "IPv6 AAAA DNS Whitelisting Implications" that describes the issues around whitelisting. AAAA records are only sent to ISPs that can demonstrate that they are providing reliable IPv6 to their customers. Other ISPs are sent only A records, thus preventing users from attempting to connect over IPv6.

Numerous concerns have been raised about the practicality of DNS whitelisting as a long-term large-scale solution, such as scalability and maintenance issues relating to the maintenance of large numbers of bilateral agreements.^[5] Several of the major web service providers have met to discuss pooling their DNS whitelisting information in an attempt to avoid these scaling problems.^[6]

As of May 2011, IPv6 brokenness as measured by instrumenting a set of mainstream Norwegian websites is now down to ~0.015%,^[7] most of which is caused by older versions of Mac OS X which would often prefer non-working IPv6 connectivity when it was not justified.^[8] This behavior was fixed in Mac OS X 10.6.5, and is likely to decline further as Mac OS X 10.6.5 and subsequent versions roll out to a wider audience. However, there is no upgrade path for PowerPC-based Macs.^[9]

The main problem for Mac OS X is the presence of rogue routers, such as wrongly configured Windows Internet Connection Sharing devices pretending to have IPv6 connectivity, while 6to4 tunneled IPv6 traffic is blocked at a firewall. Another problem was pre-10.50 versions of Opera.

See also

• World IPv6 Day

References

1. ^ Yves Poppe (Oct 12, 2010). "IPv6 and the Fear of Brokenness". CircleID. http://www.circleid.com/posts/20101012_ipv6_and_the_fear_of_brokenness/. Retrieved 2010-12-29. 
2. ^ Lorenzo Colitti, Google. "IPv6 transition experiences". http://www.nanog.org/meetings/nanog50/presentations/Wednesday/NANOG50.Talk41.colitti-IPv6%20transition%20experiences.pdf. Retrieved 2010-12-29.  presented at NANOG 50
3. ^ "Google over IPv6". Google. http://www.google.com/intl/en/ipv6/. Retrieved 2010-12-29. 
4. ^ Iljitsch van Beijnum. "Yahoo wants two-faced DNS to aid IPv6 deployment". Ars Technica. http://arstechnica.com/web/news/2010/03/yahoo-wants-two-faced-dns-to-aid-ipv6-deployment.ars. Retrieved 2010-12-29. 
5. ^ Jason Livingood (October 2010). "IPv6 DNS Whitelisting — Overview and Implications". Comcast. http://www.ietf.org/proceedings/79/slides/dnsop-1.pdf. Retrieved 2010-12-29. , presented at IETF79, Beijing
6. ^ Carolyn Duffy Marsan (29 March 2010). "Google, Microsoft and Yahoo talk about IPv6 whitelist". Techworld. http://news.techworld.com/networking/3218712/google-microsoft-and-yahoo-talk-about-ipv6-whitelist/. Retrieved 2010-12-29. 
7. ^ Tore Anderson. "IPv6 dual-stack client loss in Norway". http://www.fud.no/ipv6/. Retrieved 2011-06-16. 
8. ^ Tore Anderson. "Measuring and combating IPv6 brokenness". http://ripe61.ripe.net/presentations/162-ripe61.pdf. Retrieved 2010-12-29. , presented at RIPE 61, Rome, November 2010
9. ^ Iljitsch van Beijnum. "Apple fixes broken IPv6 by breaking it some more". Ars Technica. http://arstechnica.com/apple/news/2010/11/apple-fixes-broken-ipv6-by-breaking-it-some-more.ars. Retrieved 2010-12-29. 

External links

• Eric Vyncke (October 2010). "Estimation of IPv6 Brokenness". http://vyncke.org/testv6/. Retrieved 2010-12-29.  — continuously updated
• Wikimedia "IPv6 AAAA record testing". http://ipv6and4.labs.wikimedia.org/ Wikimedia. Retrieved 2011-01-20. 
• J. Livingood. "IPv6 AAAA DNS Whitelisting Implications". http://tools.ietf.org/html/draft-ietf-v6ops-v6-aaaa-whitelisting-implications. Retrieved 2011-01-20. 
• "The big IPv6 experiment". h-online.com. 10 January 2011. http://www.h-online.com/features/The-big-IPv6-experiment-1165042.html.