Why I can't see IPv6 as a smooth or fast transition

September 30, 2015

Today I got native IPv6 up at home. My home ISP had previously been doing tunneled IPv6 (over IPv4), except that I'd turned my tunnel off back in June for some reason (I think something broke and I just shrugged and punted). I enjoyed the feeling of doing IPv6 right for a few hours, and then, well:

@thatcks: The glorious IPv6 future: with IPv6 up, Google searches sometimes just cut off below the initial banner and search box.
For bonus points, the searches aren't even going over IPv6. Tcpdump says Google appears to RSET my HTTPS TCPv4 connections sometimes.

(Further staring at packet traces makes me less certain of what's going on, although there are definitely surprise RSET packets in there. Also, when I said 'IPv6 up', I was being imprecise; what makes a difference is only whether or not I have an active IPv6 default route so that my IPv6 traffic can get anywhere. Add the default route (out my PPPoE DSL link) and the problems start to happen; delete it and everything is happy.)

Every so often someone says that the networking world should get cracking on the relatively simple job of adopting and adding IPv6 everywhere. Setting aside anything else involved, what happened to me today is why I laugh flatly at anyone who thinks this. IPv6 is simple only if everything works right, but we have plenty of existence proofs that it does not. Enabling IPv6 in a networking environment is a great way to have all sorts of odd problems come crawling out of the woodwork, some of which don't seem like they have anything to do with IPv6 at all.

It would be nice if these problems and stumbling points didn't happen, and certainly in the nice shiny IPv6 story they're not supposed to. But they do, and combined with the fact that IPv6 is often merely nice, not beneficial, I think many networks won't be moving very fast on IPv6. This makes a part of me sad, but it's the same part of me that thinks that problems like mine just shouldn't happen.

(I don't think I'm uniquely gifted in stumbling over IPv6 related problems, although I certainly do seem to have bad luck with it.)

Comments on this page:

By Albert at 2015-09-30 06:23:55:

I've been running IPv6 at home and work for almost 6 years now (both native and tunneled) and I must say I haven't seen any special problem (or to put it better, surely not more than IPv4). Google works flawlessly over IPv6 for me (not just searches, but also maps, mail and other services). I might have been especially lucky, that may be true. However I don't think the situation is that bad with IPv6.

By A Random Scribbler at 2015-10-02 13:24:11:

As your ISP, I'd like to help you ram through these problems. IPv4 addresses are no longer available to me and when I run out, I will only have imperfect solutions like "enterprise NAT" et. al.

I've been IPv6 dual-stack for 2 or 3 years. I've been using native IPv6 for more than a year of that. I've never seen google screw up. In fact, I had to tell google that we were treating our IPv6 seriously before they started serving IPv6 to us as a rule.

I even have IPv6 being dolled out to my various devices (Android, n900 (linux phone)) on my network. I have also stealth-enabled ipv6 at several of the charities we service without complaint.

So I'm curious and incentivized to resolve your problem.

By cks at 2015-10-02 17:16:48:

At this point I have packet traces and Firefox 'HAR' HTTP request/response logs that show clearly that Google is starting a normal reply and then truncating it abruptly and slamming the connection shut (it sends the initiating FIN and then RSETs my browser's FIN+ACK reply). Some testing suggests that it's related to having/using SPDY on the connection; if I disable SPDY in Firefox, the problem doesn't seem to happen even with my IPv6 default route up.

At this point it would be really useful to be able to decrypt the encrypted packet stream, so one could see exactly what TLS/SPDY messages are being passed back and forth. Unfortunately I don't know if Firefox has any way to do that.

Interested parties who want to reproduce this on their own probably need Firefox Nightly, NoScript set to block Google (so that you don't get incremental search results as you start searching), and a non-NAT'd Linux machine with native IPv6 route. I start Google searches by passing the URL 'https://www.google.com/search?q=<whatever>' straight in to Firefox, instead of visiting www.google.com first, although I have also had this reproduce on a re-search from the search result page.

Written on 30 September 2015.
« Maybe I should try to find another good mini keyboard
There are good and bad wikitext dialects »

These are my WanderingThoughts
(About the blog)

Full index of entries
Recent comments

This is part of CSpace, and is written by ChrisSiebenmann.
Mastodon: @cks
Twitter @thatcks

* * *

Categories: links, linux, programming, python, snark, solaris, spam, sysadmin, tech, unix, web
Also: (Sub)topics

This is a DWiki.
GettingAround
(Help)

Search:
Page tools: View Source, View Normal, Add Comment.
Search:
Login: Password:
Atom Syndication: Recent Comments.
Last modified: Wed Sep 30 03:09:58 2015
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.