World IPv6 Day
As I mentioned at Networkshop, June 8th is “World IPv6 Day.”
This is not intended to be an event where IPv6 is enabled on access networks worldwide, instead it is a day where IPv6 is enabled by content providers and on which network engineers watch to see what problems it causes — or not.
Large content providers such as Google, Facebook and others will enable IPv6 on their main websites for all visitors, not just those that have been participating in limited trials up until now (i.e. through Google’s “whitelisting,” or http://www.v6.facebook.com/). JANET’s own website has been “dual-stacked” (i.e. available over IPv4 and IPv6) for some years and we have had little feedback on it, but there are some things that campus network managers and regional network operators will want to be aware of.
Campus networks that are only IPv4 should have no problems. Similarly, networks that have deployed some managed IPv6 connectivity should have no problems either. The potential pitfalls are where there is poor connectivity due to unmanaged IPv6 automatic tunnelling mechanisms such as Teredo and 6to4. This may affect your users without your knowledge, so your helpdesk should be aware that connectivity problems reported on June 8th could be caused by something other than the usual set of issues. Some estimates put the level of users that can expect problems reaching dual-stacked networks at about 0.05%. Others put that much lower, some slightly higher. The aim of World IPv6 Day is to get a handle on those numbers and start the work towards solving the problems.
What is happening on June 8th?
When you go to “www.google.com” in your web browser, a lookup is performed in the DNS (Domain Name System) that answers with an IP address. Your web browser then connects to that IP address to get the content. On June 8th, the major content providers will not only answer the DNS lookup with an ‘A’ (IPv4 address) record, but also with an ‘AAAA’ (quad-A or IPv6 address) record.
As software prefers an IPv6 address if one is present, this means that your web browser will try to use IPv6 to connect to the website and retrieve the content. Most of the time this will not be a problem, you will still also receive an “A” record and if you don’t have IPv6, you will continue to use IPv4 as happily as normal.
However, due to some dubious engineering decisions made in the past, some operating systems shipped with various translation technologies enabled by default, of particular concern are those called “Teredo” and “6to4.” These attempt to give you IPv6 connectivity even when you don’t have it natively by tunnelling across the IPv4 network to reach an IPv6 relay.
You should try to be aware of these as a matter of course as any tunnelling technology can potentially bypass your firewalls if it isn’t blocked or managed, but this is also part of the potential problem when it comes to World IPv6 Day. Browsers and operating systems detect broken IPv6 connectivity (as opposed to non-existent IPv6 connectivity) with various degrees of success, and as a result may attempt to connect to a website using IPv6 on June 8th, then pause for some minutes before realising all is not well and falling back to IPv4. What may be even worse is when a PC or laptop that has such broken IPv6 connectivity also turns on some form of “Internet Connection Sharing.” It may then tell all the other computers on the local LAN that it is an IPv6 router and they may have broken connectivity through it.
So, before June 8th it would be worth testing IPv6 connectivity from various parts of your campus LAN using one of the following resources:
- http://test-ipv6.com/ This performs a number of tests of IPv4 and IPv6 connectivity and tries to diagnose potential problems, such as the use of auto-tunnelling mechanisms.
- http://www.testmyipv6.com/ A little bit simpler.
- http://omgipv6day.com/ Simpler still!
If you have a few minutes, it is also worth reading a presentation given by Dave Freedman from Claranet (video here) at the recent RIPE meeting. Another version of Dave’s slides, with a bit more detail, were presented at UKNOF. Also, Tim Chown’s presentation from Networkshop includes a thorough list of security issues you need to think about when deploying IPv6 — even if you don’t think you have any IPv6 already!
Incidentally, there is a bit of work progressing through the IETF at the moment called “Happy Eyeballs.” This suggests that instead of software trying IPv6 first and falling back to IPv4 if that fails, it starts both connections at the same time and uses whichever one replies first.
What can you expect on June 8th?
In an ideal world, nothing. However, you may get calls from your users about not being able to reach Google, Facebook or other sites. Ask them what the output is from one of the IPv6 test sites mentioned above, find out if they are using an auto-tunnelling mechanism and if they are, have some steps on how to disable it.
What else can you do on June 8th?
If you have content, such as a web or mail server, make it available over IPv6! Watch the logs, see if there are any problems, note them, and see what you need to do to make the services available over IPv6 in the longer term. Like it or not, IPv4 stocks are running low, and for worldwide end-to-end connectivity that does not rely on multiple levels of IPv4 NAT, IPv6 is the only other solution on the table.
If you’re using Google Analytics, then APNIC has some JavaScript that allows you to perform IPv6 measurements, which is described in some detail over on Geoff Huston’s blog.
We’ll be watching the levels of IPv6 traffic on JANET, which if you saw my presentation mentioned at the start of this item are woefully small.
What can you do after June 8th?
If nothing went wrong, look into making your services permanently available over IPv6. Look at what it will take to roll out IPv6 to your campus network so all your end-users will be able to use it. JANET has some documentation including an IPv6 Technical Guide and is starting an IPv6 Fundamentals training course.
Leave a Reply