[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: FYI: DNSOPS presentation
In your letter dated Tue, 20 Apr 2010 09:49:03 +0200 you wrote:
>I doubt any content provider feels that breaking access to 12,000 users
>from Comcast alone is «trivial». For a large provider, 0.078% of all
>users could very well mean millions of users world-wide. In the end, it
>all boils down to the content providers asking themselves the following
>«Do we want to service 999 or 1,000 users today?»
>Or: «Do we want to make ?999 or ?1,000 today?»
I don't if it would fly, but why not white-list ISPs that have their
web-servers, MXen, pop and imap servers all listed in DNS with IPv6 addresses?
(I wonder how many ISPs would qualify at the moment)
Then you can be reasonably sure that any customers with broken IPv6
connectivity will complain to the ISP as well.
>But as before, Comcast can not solve this problem alone, and broken 6to4
>connectivity is especially a problem in enterprise/managed network
>environments that are filtering proto-41 outright. I've had discussions
>with some of these networks, some do it knowingly and have no intention
>of changing it, some have no idea of what I'm talking about, and finally
>some removed their filters. Identifying and contacting all these
>«6to4-hostile» networks, and persuading them to change their practise,
>is simply not a scalable way of handling the problem, though.
>Especially if you're a global content provider.
The thing that IMHO went wrong here is that the first thing everybody does
is disable neighbor discovery, and therefore also neighbor unreachability
Eventhough it is perfectly possible to find out that a connection doesn't work,
in practice nobody does anything with that option.
To some extent that is also due to lack of standards. For example, if source
address selection had an option to skip source addresses if the route to
the destination is down, then a host with a broken IPv6 configuration would
fall back to just IPv4.
There is a lot that can be done with accurate reports on unreachability, but
hardly any RFC mandates that. And ISP are all to happy to disable this
becuase of the load it generates on their routers/networks.