[HN Gopher] IPv6 Internet is broken
___________________________________________________________________
IPv6 Internet is broken
Author : stargrave
Score : 240 points
Date : 2022-12-11 08:23 UTC (14 hours ago)
(HTM) web link (adminhacks.com)
(TXT) w3m dump (adminhacks.com)
| crizzlenizzle wrote:
| It's generally not a good idea to be single homed anyway. My
| first network was only upstreamed by HE and I ran into the Cogent
| situation quite quickly. Adding more upstreams fixed it. But also
| other NSPs don't reach everything. Sometimes there are some niche
| networks that can only be reached over peering or some other
| transit providers. Though it's super rare.
| Bluecobra wrote:
| True, but many small businesses don't have the hardware or
| expertise to manage multiple full BGP tables. Also depending
| where you are your ISP options might be limited. For example
| one of the remote sites I manage only has Lumen/CenturyLink
| wired to the building. If would really stink if I couldn't get
| to anything on HE's network through no fault of my own.
| based2 wrote:
| https://en.wikipedia.org/wiki/Peering#Depeering
| zinekeller wrote:
| Same feelings as others: avoid Cogent at all costs and encourage
| anyone who solely uses Cogent to switch to another provider,
| preferably in a multi-home configuration. It's not even this
| issue, Cogent simply wants your dollars and do f***-all but the
| absolute minimum.
|
| Basically, most tier-1 providers allows settlement-free peering
| with anyone who can meet some physical requirements (like having
| mutual interconnection in America, Europe and Asia) and legal
| ones (everyone wants to avoid sanctions). HE clearly meets this
| requirement. Google also clearly meets this requirement. Both are
| not connected to Cogent despite both are willing to interconnect
| to Cogent.
|
| Cogent just allows connections to whoever _they_ feel to connect,
| they don 't have a criteria except for "if we allow them, will
| they kill our business"?
| [deleted]
| m3drano wrote:
| I'd say this is a Cogent problem. Not an IPv6 nor an "Internet"
| problem. Tye solution is to single out Cogent and that class of
| ISPs, like Telefonica in ES.
| oarsinsync wrote:
| Lots of disdain for Cogent on this thread, and very little
| comments about HE effectively having much the same business model
| as Cogent: sell pipes as cheap as possible, run them as hot
| (full) as possible, care little about performance implications.
|
| As a transit supplier, they're both pretty low quality, suited to
| bulk traffic only. Anything latency/loss sensitive goes over
| other providers.
|
| HE and Cogent both are best suited to their roles as carrier of
| last resort. If you as a customer depend primarily on either of
| them, that's a particularly unfortunate situation that should be
| remediated if possible.
| guerby wrote:
| HE will peer with you for free on most IX AFAIK, here is an HE
| IPv6 peering from a tiny not-for-profit ISP on FranceIX-Paris:
|
| https://lg.tetaneutral.net/detail/h7/ipv6?q=HE_FRANCEIX_PARI...
|
| 162016 IPv6 routes from HE. Current IPv6 full view about 166926
| routes.
|
| Cogent will not peer with you.
|
| If you're starting an ISP: buy cogent and another transit, peer
| with HE on your local IX, you should be good to go.
| bradfitz wrote:
| Yup! I have 162161 routes from HE right now (for free) on the
| SeattleIX.
| ddalex wrote:
| Isn't this the intended business model? Different tiers for
| different needs at different price points? I'd think that HE
| could offer a higher service level with better quality if the
| economics would make sense
| bpbp-mango wrote:
| ipv4 or ipv6 no one serious only has a single upstream
| greyface- wrote:
| No mention yet of the HE/Cogent peering cake?
|
| https://www.datacenterknowledge.com/archives/2009/10/22/peer...
|
| https://www.youtube.com/watch?v=7CObnXjmDtg
| Technetium wrote:
| This is absolutely fantastic. Thank you for linking!
| LeonM wrote:
| From 2009, damn, this has been going on for 13 years now...
| ehPReth wrote:
| I remember this! Sad that it's still an issue :(
| woodruffw wrote:
| Cogent's IPv6 peering has been broken forever, as immortalized in
| the HE "please peer with us" cake[1].
|
| [1]: https://www.flickr.com/photos/mpetach/4031195041
| kkfx wrote:
| IPv6 have many defects BUT allow a lost thing we desperately need
| NO DAMN needed NAT. Witch means that with a 2Gbps+ f.o.
| connection you can host your service at home, with a static IPv6
| global address and a domain name bound to it.
|
| IMVHO many giants obstacle IPv6 NOT because it's hard and not so
| nice BUT because they fear loosing their privileged position. Oh,
| sure most people do not have TODAY a homeserver but how much
| would it take to see pre-packaged pseudo-FLOSS homeservers like
| we see for android "pirate-TV minicomputers"?
|
| Try weighting that before judge.
| Kadin wrote:
| The utility of home servers and server-like devices is limited
| by upstream bandwidth on asymmetric connections (virtually all
| home broadband except some fiber-based services). Not IP
| addressing.
|
| Dynamic DNS has been around for decades and provides a solution
| if you really want to run a home server behind NAT. If someone
| wanted to market a home server box, they would just need to
| implement something like DDNS... and Plex basically does just
| that.
|
| But most people have limited upstream bandwidth, such that it's
| impractical to serve much content from home, except maybe to
| yourself as a 'road warrior' via VPN, or video streams via
| Plex, stuff like that.
|
| If home broadband was symmetric, even with NAT, we would see
| many more applications taking advantage of that upstream
| bandwidth.
| sidewndr46 wrote:
| As others have commented, ISPs explicitly do not want this
| happening. One of the service tiers at my house was previously
| advertised as 900/35. 900 Mbps down, 35 mbps up. Now, there are
| no ISPs that rate the upload speed at all. At least one of the
| ISPs at my house has language in the contract that limits usage
| to that initiated by a live operator, so any sort of hosting is
| obviously prohibited. Another ISP solved this by delegating
| several /64 addresses, but only actually routing traffic for a
| single IPv6 address.
| nly wrote:
| ISPs don't want this. They want to upsell you to a business
| service if you want a static IP. They'll just use dynamic IP
| allocation aka DHCP to make the whole thing really
| inconvenient.
| philjohn wrote:
| *some ISP's don't want this.
|
| I'm on Zen in the UK and have both a static IPv4 (with
| additional IP's available for a relatively lot fee in blocks
| of 8 or more) and a /48 IPv6 block.
| AshamedCaptain wrote:
| So what? Almost for a decade, I used to have 15 IPv4
| addresses with OVH _for free_, and this very December they
| decided to start charging for them.
|
| Before OVH, I also was with another similarly-cheapo ISP
| that gave me one IPv4 for free until they decided to start
| charging for it (and I left).
|
| It's just a matter of time. Of course if your ISP is
| expensive enough they'll just keep eating the cost for more
| years, but .. what's the point? One IPv4 is not that costly
| yet that is worth an expensive ISP over it...
| mnd999 wrote:
| Same with A&A, although they are a bit more expensive than
| the likes of Sky / Virgin / BT it's definitely worth it.
| kkfx wrote:
| For sure, but while they do not want I DO WANT. With IPv4
| they have a valid excuse: we do not have enough address, with
| IPv6 they have no valid excuse.
| Havoc wrote:
| TIL hn really hates cogent
| tristor wrote:
| For many very good reasons
| larsonnn wrote:
| I would like to know which services would not work or which
| countries are involved.
| crizzlenizzle wrote:
| For example everything hosted by Cogent directly:
| https://bgp.tools/prefix/2001:550::/32#dns
| larsonnn wrote:
| And when Cogent is my provider Google services would not
| work. But is it for all countries?
|
| I ask because providers in the EU have some other laws as USA
| for example. Or is this peering globally the same ?
| toast0 wrote:
| Peering disputes in Europe center around different carriers
| generally. But the basic dispute is the same, carrier A
| doesn't want to peer with carrier B, probably for business
| reasons, so they try to setup their peering rules so that
| carrier B doesn't qualify, or they won't upgrade
| connections.
|
| I know I've seen some carrier names that come up in those
| disputes a lot, often the incumbent telco for a particular
| country. But you've got a lot of countries there and most
| of them had their own nationalized phone company, and only
| one or two end up having public spats over peering. There's
| similar stuff in some countries in Asia, where some of the
| incumbent telcos refuse to peer locally. (and of course,
| China has the GFW)
| Joyfield wrote:
| HE and Google could block traffic to and from Cogent until they
| submit OR start paying THEM for access. Ill be it would take like
| less than a week.
| knorker wrote:
| With my ISPs I've had IPv4 broken more often than IPv6.
|
| To the point that I've set up an IPv4-over-IPv6 tunnel out, for
| when IPv4 breaks.
| kalleboo wrote:
| I had IPv4 routing on my router just crash and die once, it
| took half a day to realize since so many big properties are on
| IPv6
| hbfdhfdhadfhnfa wrote:
| fortunately from my ISP in Czech republic I can reach both
| destinations via IPv6 fine. However, the said ISP is giving me
| only /64 IPV6 block therefore limiting it to one subnet. That is
| poor, really poor implementation that does not allow ipv6 e.g. in
| my work laptop VLAN. O2 internet(the ISP) - you suck.
| zajDee wrote:
| If this is DSL/FTTH, don't wait and switch to T-Mobile,
| Metronet or UVTnet. O2 have been doing this wrong since 2012
| and it doesn't look like they will fix it in this decade.
| zajDee wrote:
| Forgot to mention that while O2 provides you with a poor
| single /64, UVTnet gives you a nice and shiny /48 (others
| currently stick to /56s). What a difference.
| [deleted]
| vetinari wrote:
| Unfortunately, multiple ISPs (PODA, Vodafone-ex-UPC) are
| doing it wrong and they do not seem to be bothered by it or
| even trying to fix it.
| zajDee wrote:
| True dat. Some of the mishaps can be attributed to
| incompetence and some to lack of desire to be real ISPs for
| the future. Too bad one is usually geographically
| restricted to one or a very few ISPs, especially when all
| of them are doing IPv6 wrong.
| kubo6472 wrote:
| The situation is even worse here at your SE neighbors.
| The three nation wide ISPs don't provide working IPv6 at
| all:
|
| Slovak Telekom (Deutsche Telekom Subsidiary, same as
| Czech T-Mobile/T-Com) - FTTx, DSL, WISP
|
| Orange (French Orange S.A. subsidiary) - FTTx, DSL, WISP
|
| O2 (The Czech HQ'd PPF owned, not the UK one) - WISP
|
| And even the more regional, but still big, aren't much
| better.
|
| UPC (Liberty Global subsidiary) - Cable
|
| Antik (Slovak company) - FTTx, Cable, WISP
|
| SWAN (also Slovak company) - DSL, FTTx, WISP
|
| But I have to shout out my dad's ISP, it's called
| RadioLAN, it's a slovak company, provides WISP and FTTx
| and also IPv6 to everyone by default. So far the only one
| I've found. Funny thing is, the peering in our country is
| handled by two IXs: SIX and NIX both natively supporting
| IPv6 interconection. If I've messed some terminology or
| I've outdated info, I'm sorry. As you said, nod to until
| we live in a very very specific location, we're left with
| just one ISP, or basically the same one in blue. I'm less
| than 10km behind the capital's outer borders, yet I have
| a huge problem getting FTTH ran here. It's literally
| connected at the both ends of our street, just not here.
| I've considered doing something about it myself, it's
| just simply too expensive.
| wilhil wrote:
| I'm a Cogent customer and we wouldn't be where we are without
| them, but, they give me the most headaches out of any provider I
| have to deal with.
|
| I tried raising a complaint as their SLA states about packet
| deliverability/guarantees - and I said "well, you have 100%
| packet loss to HE"... I didn't get very far and they basically
| just blamed it on HE - but, I wonder if someone had more time, if
| they could make a complaint down this avenue?!
| lwhalen wrote:
| Netflix also refuses to accept HE IPv6 traffic. This was 'fun' to
| find out when deploying IPv6 on my home network, and my TV could
| no longer stream from them.
| Karrot_Kream wrote:
| Wow I did not know this. Tested this on HE's Looking Glass and
| you're right. Ridiculous!
| sgjohnson wrote:
| People were abusing their 6to4 tunnel, which is why Netflix
| banned them.
| voxadam wrote:
| Has there _ever_ been a conversation in which Cogent was the good
| guy?
| Youden wrote:
| There was the Comcast peering dispute over Netflix traffic
| (carried by Cogent) around 2014.
| voxadam wrote:
| That's funny, shortly after I made my comment I had a faint
| recollection of _Comcast v. Cogent_. I 'm still not sure who
| to blame in that pissing match. Comcast is one of the most
| hated retail ISPs in the US while Cogent is one of the most
| hated bargain basement Tier 1.5 transit ISPs in the country.
| While I'd _genuinely_ have a difficult time picking sides in
| such a fight I think that in the end, I 'd have to side with
| Comcast, as much as I hate to say it. I'd love to hear from
| people more in the mix than me on the topic.
| bewaretheirs wrote:
| "It's a pity both sides can't lose"
| aidenn0 wrote:
| I think Comcast "wins" the most evil here just because they
| have a monopoly on broadband in many areas, so overcharge
| their customers for substandard service, then they turn
| around and use the monopsony of Internet access to those
| customers to charge for peering.
|
| At least Cogent charges low prices for their shit.
| nonrandomstring wrote:
| Isn't this a common failure pattern in tech now? A big company
| gets "successful" by selling cheap or free. They build a big
| crowd who are accepting of poor service then inflict arbitrary
| decisions on their customers, and once the abuse is normalised
| they spread "broken" tech through standards-breaking and non-
| interoperability. People then justify the problem because a mob
| of beaten-down users meekly accept the situation and anyone
| asking for better is dubbed an "elitist" or "idealist". For
| example, between them Google and Microsoft have wrecked email.
| IPv6 doesn't look "broken" here, it's just under attack.
| arbitrage wrote:
| > For example, between them Google and Microsoft have wrecked
| email.
|
| How so?
| phpisthebest wrote:
| By "stopping spam" in a manner that defines all[1] email not
| originating at Google or MS as spam, while at the same time
| allowing thousands of spam messages to be send via their
| infrastructure with limited ways for others to block it....
|
| [1] yes I am aware not all, but unless you are a big player
| good luck getting gmail or ms to accept your mail
| peppermint_tea wrote:
| an example that comes to mind : find me in the RFC where it
| is stated that blocking residential ips is ok. (google does
| this, so not compliant to original standard)
|
| I would also add (but this is not email per se) : no adoption
| for GPG/PGP this makes your cryptographic signature a bare
| textfile attachement.
|
| both microsoft and gmail spam filter = blackbox.
| dspillett wrote:
| _> find me in the RFC where it is stated that blocking
| residential ips is ok_
|
| Is there one that actually states it _isn 't_ OK, that I'm
| unaware of?
|
| It perhaps goes against the spirit of the RFCs and other
| documentation written at the time, but that is
| understandable because a lot of that stuff was written from
| the standpoint of being able to trust people on the
| Internet, including that they fully understand and have
| properly secured the hosts under their purview...
|
| I send mail from home just fine, though my connection is
| through an ISP that is generally identified as offering
| commercial accounts (AAISP). You do have to make sure that
| you have SPF and DKIM configured but that is the case
| elsewhere too.
|
| My machines see quite a lot of activity (SSH login
| attempts, attempts at brute force logins & scans for known
| vulnerability in old versions of HTTP(S) hosted software,
| and more, not just attempts to send junk mail) from what
| appears to be compromised machines on residential
| connections.
| jeroenhd wrote:
| My mail server occasionally receives mail from residential
| ISPs and it's literally always spam.
|
| If people could be trusted to manage their mail server we
| wouldn't have this problem, but IoT crapware is still
| listening on port 23 till this very day and the manuals
| still state that you need to disable the firewall and
| forward all traffic to your shitty webcam for it to work.
| Reporting this abuse to the carrying ISPs is about as
| useless as shouting my complaints down the toilet.
|
| Until both IoT production companies and individual
| consumers take responsibility for the awful internet
| created by these maliciously incompetent users and the
| laughably bad IoT devices they buy, I'm not removing this
| filter rule from my mail server.
|
| I do usually get a notification that something hit
| quarantine so if it sounds important I can still see it,
| but I've never had to release mail banned for this reason
| so far.
| phpisthebest wrote:
| >>If people could be trusted to manage
|
| Nice proving the OP orginal opening statement, well done
| ....
| dmm wrote:
| Denylisting whole ip ranges is lazy and hurtful. Google
| accepts email from residential ips. Why can't you?
|
| > My mail server occasionally receives mail from
| residential ISPs and it's literally always spam.
|
| I sent mail from my home isp for years, until people like
| you made unfeasible.
|
| > I do usually get a notification that something hit
| quarantine so if it sounds important I can still see it,
| but I've never had to release mail banned for this reason
| so far.
|
| Most small operators refused to allowlist me even after
| making phone calls, etc.
| jesprenj wrote:
| Why are packets not routed via peers (customers of cogent) that
| also peer with HE, or at least peer indirectly with HE?
|
| My home ISP certainly can route packets to both HE and Cogent:
|
| root@tranzistor:~# ping cogentco.com PING
| cogentco.com(cogentco.com (2001:550:1::cc01)) 56 data bytes 64
| bytes from cogentco.com (2001:550:1::cc01): icmp_seq=1 ttl=56
| time=21.1 ms ^C --- cogentco.com ping statistics --- 1 packets
| transmitted, 1 received, 0% packet loss, time 0msrtt
| min/avg/max/mdev = 21.107/21.107/21.107/0.000 ms
| root@tranzistor:~# ping he.net PING he.net(he.net
| (2001:470:0:503::2)) 56 data bytes 64 bytes from he.net
| (2001:470:0:503::2): icmp_seq=1 ttl=49 time=164 ms ^C --- he.net
| ping statistics --- 1 packets transmitted, 1 received, 0% packet
| loss, time 0ms rtt min/avg/max/mdev =
| 164.454/164.454/164.454/0.000 ms root@tranzistor:~#
|
| Why are packets from cogent to HE not routed via my ISP?
| toast0 wrote:
| Peering is for your own traffic and traffic of your customers.
| You don't carry generally carry traffic for your peers to other
| peers. It doesn't make business sense; if congent and HE want
| to exchange traffic via your ISP, at least one of them is going
| to have to be a customer of your ISP.
| iptrans wrote:
| Because your ISP is not keen on paying for third parties
| transiting their network.
| Arnavion wrote:
| Your ISP does not want to route other people's traffic for
| them, only its customers. So it doesn't broadcast a route for
| arbitrary destinations through its AS.
| JCharante wrote:
| interesting, so it's like a neighborhood between 2 major
| roads that has signs prohibiting through traffic?
| hcrean wrote:
| In this case it is a cul-de-sac between two 8-lane
| interstate highways...
| delroth wrote:
| "broken", not really -- in practice anyone who cares about IPv6
| connectivity does not use Cogent as their only upstream, or they
| learn very quickly that Cogent does not provide them with what
| they advertise. This might impact you if you're in the business
| of buying transit from a tier 1 provider, but that's virtually
| nobody.
|
| (It's also far from the only issue you'll get as a Cogent
| customer, they're generally, uh, pretty shit.)
| evgpbfhnr wrote:
| That article doesn't have a date (as far as I can see), is that
| still a problem? Looking up a random cogent ip (www.cogentco.com
| on bgp.he.net shows they have a route for it:
| https://bgp.he.net/ip/2001:550:1::cc01 (might not be true the
| other way around, I don't know how to check -- I can join both
| networks, but I'm not on either...)
| pera wrote:
| It's not IPv6 that is broken, it's fucking Cogent and they have
| always been like that
| voidwtf wrote:
| Yea, they've always been happy to sell bulk transit for rock
| bottom prices, then try to leverage their customer base against
| other companies.
|
| Everyone in the ISP/Transit world does it though, trying to
| double dip by charging their customers for service then trying
| to charge other to peer with them unless it's in their favor to
| peer freely.
|
| Peering should be best effort, and as close to free as possible
| when you already have a presence in a location. I understand
| some cost to cover the hardware necessitated by peering, but
| the only person being charged should be the customer you're
| providing a service in my opinion.
| phpisthebest wrote:
| This is the classic Comcast "why does netflix get a free
| ride" Pr spin for a few years ago where they are battling net
| neutrality and trying to convince the public that Netflix,
| and Google were "free riding" and "not paying their fair
| share" for the network which is "just like water"
| wolfendin wrote:
| This is a "Cogent is broken" problem and not an IPv6 is broken
| problem. Anyone who has to deal with getting full tables for any
| significant length of time knows not to single home to Cogent--
| they'll do it on v4 peerings too (See their spats with AOL and
| Level 3)
| tgsovlerkhgsel wrote:
| As an end user, I don't have a "make Cogent behave differently"
| button, but I do have an "enable IPv6" button.
|
| And when turning that one off makes my internet work, and
| turning it on makes my internet not work, guess what.
| otabdeveloper4 wrote:
| IPv6 is a religion, you will not reason with its adepts.
|
| Of course they will claim that the whole world is "doing it
| wrong", despite the collective failure of humanity to roll out
| IPv6 for decades and decades.
| unethical_ban wrote:
| I downvoted you because this article has nothing to do with
| IPv6 technology. It has to do with a large ISP being a dick and
| refusing to act mature and, you know, do their goddamned job
| and peer with other ISPs.
| KyeRussell wrote:
| I'm not a v6 evangelist. I don't work in networking, nor do I
| know enough about it to really want to evangelise for v6.
| Surely "humanity hasn't prioritised doing something, therefore
| the 'something' is inherently flawed" is an argument that
| conjures enough contemporary exceptions that you can see how
| deeply and utterly flawed it is?
| kmbfjr wrote:
| The problem will solve itself. CGNAT will only take us so far
| until that no longer scales to where the ISPs want to pay for
| it.
|
| That said, IPv6 is a horrible implementation.
| nolls wrote:
| Cgnat can scale forever. There are isps with dozens or even
| hundreds of millions of clients using cgnat with no issues.
| Karrot_Kream wrote:
| As video conferencing and streaming needs increase, I'm not
| so sure about that. Demand for low latency experiences is
| only growing.
___________________________________________________________________
(page generated 2022-12-11 23:01 UTC)