[HN Gopher] IPv6 Internet is broken ___________________________________________________________________ IPv6 Internet is broken Author : stargrave Score : 240 points Date : 2022-12-11 08:23 UTC (14 hours ago) (HTM) web link (adminhacks.com) (TXT) w3m dump (adminhacks.com) | crizzlenizzle wrote: | It's generally not a good idea to be single homed anyway. My | first network was only upstreamed by HE and I ran into the Cogent | situation quite quickly. Adding more upstreams fixed it. But also | other NSPs don't reach everything. Sometimes there are some niche | networks that can only be reached over peering or some other | transit providers. Though it's super rare. | Bluecobra wrote: | True, but many small businesses don't have the hardware or | expertise to manage multiple full BGP tables. Also depending | where you are your ISP options might be limited. For example | one of the remote sites I manage only has Lumen/CenturyLink | wired to the building. If would really stink if I couldn't get | to anything on HE's network through no fault of my own. | based2 wrote: | https://en.wikipedia.org/wiki/Peering#Depeering | zinekeller wrote: | Same feelings as others: avoid Cogent at all costs and encourage | anyone who solely uses Cogent to switch to another provider, | preferably in a multi-home configuration. It's not even this | issue, Cogent simply wants your dollars and do f***-all but the | absolute minimum. | | Basically, most tier-1 providers allows settlement-free peering | with anyone who can meet some physical requirements (like having | mutual interconnection in America, Europe and Asia) and legal | ones (everyone wants to avoid sanctions). HE clearly meets this | requirement. Google also clearly meets this requirement. Both are | not connected to Cogent despite both are willing to interconnect | to Cogent. | | Cogent just allows connections to whoever _they_ feel to connect, | they don 't have a criteria except for "if we allow them, will | they kill our business"? | [deleted] | m3drano wrote: | I'd say this is a Cogent problem. Not an IPv6 nor an "Internet" | problem. Tye solution is to single out Cogent and that class of | ISPs, like Telefonica in ES. | oarsinsync wrote: | Lots of disdain for Cogent on this thread, and very little | comments about HE effectively having much the same business model | as Cogent: sell pipes as cheap as possible, run them as hot | (full) as possible, care little about performance implications. | | As a transit supplier, they're both pretty low quality, suited to | bulk traffic only. Anything latency/loss sensitive goes over | other providers. | | HE and Cogent both are best suited to their roles as carrier of | last resort. If you as a customer depend primarily on either of | them, that's a particularly unfortunate situation that should be | remediated if possible. | guerby wrote: | HE will peer with you for free on most IX AFAIK, here is an HE | IPv6 peering from a tiny not-for-profit ISP on FranceIX-Paris: | | https://lg.tetaneutral.net/detail/h7/ipv6?q=HE_FRANCEIX_PARI... | | 162016 IPv6 routes from HE. Current IPv6 full view about 166926 | routes. | | Cogent will not peer with you. | | If you're starting an ISP: buy cogent and another transit, peer | with HE on your local IX, you should be good to go. | bradfitz wrote: | Yup! I have 162161 routes from HE right now (for free) on the | SeattleIX. | ddalex wrote: | Isn't this the intended business model? Different tiers for | different needs at different price points? I'd think that HE | could offer a higher service level with better quality if the | economics would make sense | bpbp-mango wrote: | ipv4 or ipv6 no one serious only has a single upstream | greyface- wrote: | No mention yet of the HE/Cogent peering cake? | | https://www.datacenterknowledge.com/archives/2009/10/22/peer... | | https://www.youtube.com/watch?v=7CObnXjmDtg | Technetium wrote: | This is absolutely fantastic. Thank you for linking! | LeonM wrote: | From 2009, damn, this has been going on for 13 years now... | ehPReth wrote: | I remember this! Sad that it's still an issue :( | woodruffw wrote: | Cogent's IPv6 peering has been broken forever, as immortalized in | the HE "please peer with us" cake[1]. | | [1]: https://www.flickr.com/photos/mpetach/4031195041 | kkfx wrote: | IPv6 have many defects BUT allow a lost thing we desperately need | NO DAMN needed NAT. Witch means that with a 2Gbps+ f.o. | connection you can host your service at home, with a static IPv6 | global address and a domain name bound to it. | | IMVHO many giants obstacle IPv6 NOT because it's hard and not so | nice BUT because they fear loosing their privileged position. Oh, | sure most people do not have TODAY a homeserver but how much | would it take to see pre-packaged pseudo-FLOSS homeservers like | we see for android "pirate-TV minicomputers"? | | Try weighting that before judge. | Kadin wrote: | The utility of home servers and server-like devices is limited | by upstream bandwidth on asymmetric connections (virtually all | home broadband except some fiber-based services). Not IP | addressing. | | Dynamic DNS has been around for decades and provides a solution | if you really want to run a home server behind NAT. If someone | wanted to market a home server box, they would just need to | implement something like DDNS... and Plex basically does just | that. | | But most people have limited upstream bandwidth, such that it's | impractical to serve much content from home, except maybe to | yourself as a 'road warrior' via VPN, or video streams via | Plex, stuff like that. | | If home broadband was symmetric, even with NAT, we would see | many more applications taking advantage of that upstream | bandwidth. | sidewndr46 wrote: | As others have commented, ISPs explicitly do not want this | happening. One of the service tiers at my house was previously | advertised as 900/35. 900 Mbps down, 35 mbps up. Now, there are | no ISPs that rate the upload speed at all. At least one of the | ISPs at my house has language in the contract that limits usage | to that initiated by a live operator, so any sort of hosting is | obviously prohibited. Another ISP solved this by delegating | several /64 addresses, but only actually routing traffic for a | single IPv6 address. | nly wrote: | ISPs don't want this. They want to upsell you to a business | service if you want a static IP. They'll just use dynamic IP | allocation aka DHCP to make the whole thing really | inconvenient. | philjohn wrote: | *some ISP's don't want this. | | I'm on Zen in the UK and have both a static IPv4 (with | additional IP's available for a relatively lot fee in blocks | of 8 or more) and a /48 IPv6 block. | AshamedCaptain wrote: | So what? Almost for a decade, I used to have 15 IPv4 | addresses with OVH _for free_, and this very December they | decided to start charging for them. | | Before OVH, I also was with another similarly-cheapo ISP | that gave me one IPv4 for free until they decided to start | charging for it (and I left). | | It's just a matter of time. Of course if your ISP is | expensive enough they'll just keep eating the cost for more | years, but .. what's the point? One IPv4 is not that costly | yet that is worth an expensive ISP over it... | mnd999 wrote: | Same with A&A, although they are a bit more expensive than | the likes of Sky / Virgin / BT it's definitely worth it. | kkfx wrote: | For sure, but while they do not want I DO WANT. With IPv4 | they have a valid excuse: we do not have enough address, with | IPv6 they have no valid excuse. | Havoc wrote: | TIL hn really hates cogent | tristor wrote: | For many very good reasons | larsonnn wrote: | I would like to know which services would not work or which | countries are involved. | crizzlenizzle wrote: | For example everything hosted by Cogent directly: | https://bgp.tools/prefix/2001:550::/32#dns | larsonnn wrote: | And when Cogent is my provider Google services would not | work. But is it for all countries? | | I ask because providers in the EU have some other laws as USA | for example. Or is this peering globally the same ? | toast0 wrote: | Peering disputes in Europe center around different carriers | generally. But the basic dispute is the same, carrier A | doesn't want to peer with carrier B, probably for business | reasons, so they try to setup their peering rules so that | carrier B doesn't qualify, or they won't upgrade | connections. | | I know I've seen some carrier names that come up in those | disputes a lot, often the incumbent telco for a particular | country. But you've got a lot of countries there and most | of them had their own nationalized phone company, and only | one or two end up having public spats over peering. There's | similar stuff in some countries in Asia, where some of the | incumbent telcos refuse to peer locally. (and of course, | China has the GFW) | Joyfield wrote: | HE and Google could block traffic to and from Cogent until they | submit OR start paying THEM for access. Ill be it would take like | less than a week. | knorker wrote: | With my ISPs I've had IPv4 broken more often than IPv6. | | To the point that I've set up an IPv4-over-IPv6 tunnel out, for | when IPv4 breaks. | kalleboo wrote: | I had IPv4 routing on my router just crash and die once, it | took half a day to realize since so many big properties are on | IPv6 | hbfdhfdhadfhnfa wrote: | fortunately from my ISP in Czech republic I can reach both | destinations via IPv6 fine. However, the said ISP is giving me | only /64 IPV6 block therefore limiting it to one subnet. That is | poor, really poor implementation that does not allow ipv6 e.g. in | my work laptop VLAN. O2 internet(the ISP) - you suck. | zajDee wrote: | If this is DSL/FTTH, don't wait and switch to T-Mobile, | Metronet or UVTnet. O2 have been doing this wrong since 2012 | and it doesn't look like they will fix it in this decade. | zajDee wrote: | Forgot to mention that while O2 provides you with a poor | single /64, UVTnet gives you a nice and shiny /48 (others | currently stick to /56s). What a difference. | [deleted] | vetinari wrote: | Unfortunately, multiple ISPs (PODA, Vodafone-ex-UPC) are | doing it wrong and they do not seem to be bothered by it or | even trying to fix it. | zajDee wrote: | True dat. Some of the mishaps can be attributed to | incompetence and some to lack of desire to be real ISPs for | the future. Too bad one is usually geographically | restricted to one or a very few ISPs, especially when all | of them are doing IPv6 wrong. | kubo6472 wrote: | The situation is even worse here at your SE neighbors. | The three nation wide ISPs don't provide working IPv6 at | all: | | Slovak Telekom (Deutsche Telekom Subsidiary, same as | Czech T-Mobile/T-Com) - FTTx, DSL, WISP | | Orange (French Orange S.A. subsidiary) - FTTx, DSL, WISP | | O2 (The Czech HQ'd PPF owned, not the UK one) - WISP | | And even the more regional, but still big, aren't much | better. | | UPC (Liberty Global subsidiary) - Cable | | Antik (Slovak company) - FTTx, Cable, WISP | | SWAN (also Slovak company) - DSL, FTTx, WISP | | But I have to shout out my dad's ISP, it's called | RadioLAN, it's a slovak company, provides WISP and FTTx | and also IPv6 to everyone by default. So far the only one | I've found. Funny thing is, the peering in our country is | handled by two IXs: SIX and NIX both natively supporting | IPv6 interconection. If I've messed some terminology or | I've outdated info, I'm sorry. As you said, nod to until | we live in a very very specific location, we're left with | just one ISP, or basically the same one in blue. I'm less | than 10km behind the capital's outer borders, yet I have | a huge problem getting FTTH ran here. It's literally | connected at the both ends of our street, just not here. | I've considered doing something about it myself, it's | just simply too expensive. | wilhil wrote: | I'm a Cogent customer and we wouldn't be where we are without | them, but, they give me the most headaches out of any provider I | have to deal with. | | I tried raising a complaint as their SLA states about packet | deliverability/guarantees - and I said "well, you have 100% | packet loss to HE"... I didn't get very far and they basically | just blamed it on HE - but, I wonder if someone had more time, if | they could make a complaint down this avenue?! | lwhalen wrote: | Netflix also refuses to accept HE IPv6 traffic. This was 'fun' to | find out when deploying IPv6 on my home network, and my TV could | no longer stream from them. | Karrot_Kream wrote: | Wow I did not know this. Tested this on HE's Looking Glass and | you're right. Ridiculous! | sgjohnson wrote: | People were abusing their 6to4 tunnel, which is why Netflix | banned them. | voxadam wrote: | Has there _ever_ been a conversation in which Cogent was the good | guy? | Youden wrote: | There was the Comcast peering dispute over Netflix traffic | (carried by Cogent) around 2014. | voxadam wrote: | That's funny, shortly after I made my comment I had a faint | recollection of _Comcast v. Cogent_. I 'm still not sure who | to blame in that pissing match. Comcast is one of the most | hated retail ISPs in the US while Cogent is one of the most | hated bargain basement Tier 1.5 transit ISPs in the country. | While I'd _genuinely_ have a difficult time picking sides in | such a fight I think that in the end, I 'd have to side with | Comcast, as much as I hate to say it. I'd love to hear from | people more in the mix than me on the topic. | bewaretheirs wrote: | "It's a pity both sides can't lose" | aidenn0 wrote: | I think Comcast "wins" the most evil here just because they | have a monopoly on broadband in many areas, so overcharge | their customers for substandard service, then they turn | around and use the monopsony of Internet access to those | customers to charge for peering. | | At least Cogent charges low prices for their shit. | nonrandomstring wrote: | Isn't this a common failure pattern in tech now? A big company | gets "successful" by selling cheap or free. They build a big | crowd who are accepting of poor service then inflict arbitrary | decisions on their customers, and once the abuse is normalised | they spread "broken" tech through standards-breaking and non- | interoperability. People then justify the problem because a mob | of beaten-down users meekly accept the situation and anyone | asking for better is dubbed an "elitist" or "idealist". For | example, between them Google and Microsoft have wrecked email. | IPv6 doesn't look "broken" here, it's just under attack. | arbitrage wrote: | > For example, between them Google and Microsoft have wrecked | email. | | How so? | phpisthebest wrote: | By "stopping spam" in a manner that defines all[1] email not | originating at Google or MS as spam, while at the same time | allowing thousands of spam messages to be send via their | infrastructure with limited ways for others to block it.... | | [1] yes I am aware not all, but unless you are a big player | good luck getting gmail or ms to accept your mail | peppermint_tea wrote: | an example that comes to mind : find me in the RFC where it | is stated that blocking residential ips is ok. (google does | this, so not compliant to original standard) | | I would also add (but this is not email per se) : no adoption | for GPG/PGP this makes your cryptographic signature a bare | textfile attachement. | | both microsoft and gmail spam filter = blackbox. | dspillett wrote: | _> find me in the RFC where it is stated that blocking | residential ips is ok_ | | Is there one that actually states it _isn 't_ OK, that I'm | unaware of? | | It perhaps goes against the spirit of the RFCs and other | documentation written at the time, but that is | understandable because a lot of that stuff was written from | the standpoint of being able to trust people on the | Internet, including that they fully understand and have | properly secured the hosts under their purview... | | I send mail from home just fine, though my connection is | through an ISP that is generally identified as offering | commercial accounts (AAISP). You do have to make sure that | you have SPF and DKIM configured but that is the case | elsewhere too. | | My machines see quite a lot of activity (SSH login | attempts, attempts at brute force logins & scans for known | vulnerability in old versions of HTTP(S) hosted software, | and more, not just attempts to send junk mail) from what | appears to be compromised machines on residential | connections. | jeroenhd wrote: | My mail server occasionally receives mail from residential | ISPs and it's literally always spam. | | If people could be trusted to manage their mail server we | wouldn't have this problem, but IoT crapware is still | listening on port 23 till this very day and the manuals | still state that you need to disable the firewall and | forward all traffic to your shitty webcam for it to work. | Reporting this abuse to the carrying ISPs is about as | useless as shouting my complaints down the toilet. | | Until both IoT production companies and individual | consumers take responsibility for the awful internet | created by these maliciously incompetent users and the | laughably bad IoT devices they buy, I'm not removing this | filter rule from my mail server. | | I do usually get a notification that something hit | quarantine so if it sounds important I can still see it, | but I've never had to release mail banned for this reason | so far. | phpisthebest wrote: | >>If people could be trusted to manage | | Nice proving the OP orginal opening statement, well done | .... | dmm wrote: | Denylisting whole ip ranges is lazy and hurtful. Google | accepts email from residential ips. Why can't you? | | > My mail server occasionally receives mail from | residential ISPs and it's literally always spam. | | I sent mail from my home isp for years, until people like | you made unfeasible. | | > I do usually get a notification that something hit | quarantine so if it sounds important I can still see it, | but I've never had to release mail banned for this reason | so far. | | Most small operators refused to allowlist me even after | making phone calls, etc. | jesprenj wrote: | Why are packets not routed via peers (customers of cogent) that | also peer with HE, or at least peer indirectly with HE? | | My home ISP certainly can route packets to both HE and Cogent: | | root@tranzistor:~# ping cogentco.com PING | cogentco.com(cogentco.com (2001:550:1::cc01)) 56 data bytes 64 | bytes from cogentco.com (2001:550:1::cc01): icmp_seq=1 ttl=56 | time=21.1 ms ^C --- cogentco.com ping statistics --- 1 packets | transmitted, 1 received, 0% packet loss, time 0msrtt | min/avg/max/mdev = 21.107/21.107/21.107/0.000 ms | root@tranzistor:~# ping he.net PING he.net(he.net | (2001:470:0:503::2)) 56 data bytes 64 bytes from he.net | (2001:470:0:503::2): icmp_seq=1 ttl=49 time=164 ms ^C --- he.net | ping statistics --- 1 packets transmitted, 1 received, 0% packet | loss, time 0ms rtt min/avg/max/mdev = | 164.454/164.454/164.454/0.000 ms root@tranzistor:~# | | Why are packets from cogent to HE not routed via my ISP? | toast0 wrote: | Peering is for your own traffic and traffic of your customers. | You don't carry generally carry traffic for your peers to other | peers. It doesn't make business sense; if congent and HE want | to exchange traffic via your ISP, at least one of them is going | to have to be a customer of your ISP. | iptrans wrote: | Because your ISP is not keen on paying for third parties | transiting their network. | Arnavion wrote: | Your ISP does not want to route other people's traffic for | them, only its customers. So it doesn't broadcast a route for | arbitrary destinations through its AS. | JCharante wrote: | interesting, so it's like a neighborhood between 2 major | roads that has signs prohibiting through traffic? | hcrean wrote: | In this case it is a cul-de-sac between two 8-lane | interstate highways... | delroth wrote: | "broken", not really -- in practice anyone who cares about IPv6 | connectivity does not use Cogent as their only upstream, or they | learn very quickly that Cogent does not provide them with what | they advertise. This might impact you if you're in the business | of buying transit from a tier 1 provider, but that's virtually | nobody. | | (It's also far from the only issue you'll get as a Cogent | customer, they're generally, uh, pretty shit.) | evgpbfhnr wrote: | That article doesn't have a date (as far as I can see), is that | still a problem? Looking up a random cogent ip (www.cogentco.com | on bgp.he.net shows they have a route for it: | https://bgp.he.net/ip/2001:550:1::cc01 (might not be true the | other way around, I don't know how to check -- I can join both | networks, but I'm not on either...) | pera wrote: | It's not IPv6 that is broken, it's fucking Cogent and they have | always been like that | voidwtf wrote: | Yea, they've always been happy to sell bulk transit for rock | bottom prices, then try to leverage their customer base against | other companies. | | Everyone in the ISP/Transit world does it though, trying to | double dip by charging their customers for service then trying | to charge other to peer with them unless it's in their favor to | peer freely. | | Peering should be best effort, and as close to free as possible | when you already have a presence in a location. I understand | some cost to cover the hardware necessitated by peering, but | the only person being charged should be the customer you're | providing a service in my opinion. | phpisthebest wrote: | This is the classic Comcast "why does netflix get a free | ride" Pr spin for a few years ago where they are battling net | neutrality and trying to convince the public that Netflix, | and Google were "free riding" and "not paying their fair | share" for the network which is "just like water" | wolfendin wrote: | This is a "Cogent is broken" problem and not an IPv6 is broken | problem. Anyone who has to deal with getting full tables for any | significant length of time knows not to single home to Cogent-- | they'll do it on v4 peerings too (See their spats with AOL and | Level 3) | tgsovlerkhgsel wrote: | As an end user, I don't have a "make Cogent behave differently" | button, but I do have an "enable IPv6" button. | | And when turning that one off makes my internet work, and | turning it on makes my internet not work, guess what. | otabdeveloper4 wrote: | IPv6 is a religion, you will not reason with its adepts. | | Of course they will claim that the whole world is "doing it | wrong", despite the collective failure of humanity to roll out | IPv6 for decades and decades. | unethical_ban wrote: | I downvoted you because this article has nothing to do with | IPv6 technology. It has to do with a large ISP being a dick and | refusing to act mature and, you know, do their goddamned job | and peer with other ISPs. | KyeRussell wrote: | I'm not a v6 evangelist. I don't work in networking, nor do I | know enough about it to really want to evangelise for v6. | Surely "humanity hasn't prioritised doing something, therefore | the 'something' is inherently flawed" is an argument that | conjures enough contemporary exceptions that you can see how | deeply and utterly flawed it is? | kmbfjr wrote: | The problem will solve itself. CGNAT will only take us so far | until that no longer scales to where the ISPs want to pay for | it. | | That said, IPv6 is a horrible implementation. | nolls wrote: | Cgnat can scale forever. There are isps with dozens or even | hundreds of millions of clients using cgnat with no issues. | Karrot_Kream wrote: | As video conferencing and streaming needs increase, I'm not | so sure about that. Demand for low latency experiences is | only growing. ___________________________________________________________________ (page generated 2022-12-11 23:01 UTC)