Re: v6 naming and shaming - *.europa.eu

2016-05-18 Thread Mike Taylor 
On 19/05/16 16:39, Brian E Carpenter wrote:
> On 19/05/2016 15:46, Pete Mundy wrote:
>>> On 19/05/2016, at 2:10 pm, Mike Taylor  wrote:
>>>
>>> I had the opportunity to set up a (small) ISP from scratch, so I just
>>> did it, and made everything native Ipv4 and IPv6 from day one.
>>>
>> You get credit for your website having a quad A :)
>>
>> But what about DNS?
>>
>> workstation:~ $ dig ns totalteam.co.nz +short
>> ns3.discountdomains.co.nz.
>> ns2.discountdomains.co.nz.
>> ns1.discountdomains.co.nz.
>>
>> workstation:~ $ dig  ns1.discountdomains.co.nz +short
>>
>> workstation:~ $ dig  ns2.discountdomains.co.nz +short
>>
>> workstation:~ $ dig  ns3.discountdomains.co.nz +short
>>
>> :(
> Give him a break. Probably that's why they sell him a "discounted" DNS 
> service ;-).
>
> (Cheap, fast, dual-stack, pick any two?)
>
>Brian
>
lol, yeah, something like that :-)

Re: v6 naming and shaming - *.europa.eu

2016-05-18 Thread Brian E Carpenter 
On 19/05/2016 15:46, Pete Mundy wrote:
>> On 19/05/2016, at 2:10 pm, Mike Taylor  wrote:
>>
>> I had the opportunity to set up a (small) ISP from scratch, so I just
>> did it, and made everything native Ipv4 and IPv6 from day one.
>>
> 
> You get credit for your website having a quad A :)
> 
> But what about DNS?
> 
> workstation:~ $ dig ns totalteam.co.nz +short
> ns3.discountdomains.co.nz.
> ns2.discountdomains.co.nz.
> ns1.discountdomains.co.nz.
> 
> workstation:~ $ dig  ns1.discountdomains.co.nz +short
> 
> workstation:~ $ dig  ns2.discountdomains.co.nz +short
> 
> workstation:~ $ dig  ns3.discountdomains.co.nz +short
> 
> :(

Give him a break. Probably that's why they sell him a "discounted" DNS service 
;-).

(Cheap, fast, dual-stack, pick any two?)

   Brian

Re: v6 naming and shaming - *.europa.eu

2016-05-18 Thread Pete Mundy 
> On 19/05/2016, at 2:10 pm, Mike Taylor  wrote:
> 
> I had the opportunity to set up a (small) ISP from scratch, so I just
> did it, and made everything native Ipv4 and IPv6 from day one.
> 

You get credit for your website having a quad A :)

But what about DNS?

workstation:~ $ dig ns totalteam.co.nz +short
ns3.discountdomains.co.nz.
ns2.discountdomains.co.nz.
ns1.discountdomains.co.nz.

workstation:~ $ dig  ns1.discountdomains.co.nz +short

workstation:~ $ dig  ns2.discountdomains.co.nz +short

workstation:~ $ dig  ns3.discountdomains.co.nz +short

:(

smime.p7s
Description: S/MIME cryptographic signature

Re: v6 naming and shaming - *.europa.eu

2016-05-18 Thread Scott Weeks 


--- mtay...@totalteam.co.nz wrote:
From: Mike Taylor 

'Greenfields' is a lot easier than retro-fitting 
an entire network though
--


And both of those're easier than bashing one's
head against the "management brick wall". All
a person gets from that is bloody... :-)

scott

Re: v6 naming and shaming - *.europa.eu

2016-05-18 Thread Scott Weeks 


--- jer...@massar.ch wrote:
From: Jeroen Massar 

If they do not have IPv6 it is because of some 
"C-level" "business decision" to not look into 
it.

You cannot fix those folks unfortunately. 



That.  And not even C-level, rather mid-level mgmt 
that won't even allow it to get into conversations 
above their level.  I have been saying it so much 
that I'm actually getting in trouble.  They refuse 
to listen.  I'm sure I'm not alone in this.  :-(

scott

Re: v6 naming and shaming - *.europa.eu

2016-05-18 Thread Gert Doering 
Hi,

On Wed, May 18, 2016 at 03:33:45PM +0100, Phil Mayers wrote:
> This is a fair point. Perhaps I'm overreacting - we don't get too many 
> of these.

Still annoying.  Organizations that make (or "use to make") a big hubbub
about IPv6 should be able to then actually *use* it.  Like, use it on
their internal networks, provide it in their guest WiFi, have all external
facing services (web, mail, DNS, ...) dual-stacked, etc.

I could start a rant about "IPv6 task forces" around the world now...

Gert Doering
-- NetMaster
-- 
have you enabled IPv6 on something today...?

SpaceNet AGVorstand: Sebastian v. Bomhard
Joseph-Dollinger-Bogen 14  Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen   HRB: 136055 (AG Muenchen)
Tel: +49 (0)89/32356-444   USt-IdNr.: DE813185279


signature.asc
Description: PGP signature

Re: v6 naming and shaming - *.europa.eu

2016-05-18 Thread Mikael Abrahamsson 

On Wed, 18 May 2016, Phil Mayers wrote:



Ok so basically, if more/most access networks were IPv6-enabled (because 
big or vital providers are IPv6 only) then all service networks would 
have to get it working?


Yes, if it's broken from one network but works from the rest, then the 
problem to fix is for that broken network.


If it's broken for everybody, then it's the one who has the broken end 
that needs to fix.


This is the same thing with IPv6, DNSSEC and all such new technologies. If 
there is only one ISP that does DNSSEC validation and it's broken because 
the zone is signed wrong, then that ISP gets blamed. In Sweden, where 85% 
of customers sit behind a DNSSEC validating resolver, nobody gets away 
with screwing up their zone signing because now it's their problem.


It's all about critical mass.

--
Mikael Abrahamssonemail: swm...@swm.pp.se

Re: v6 naming and shaming - *.europa.eu

2016-05-18 Thread Phil Mayers 

On 18/05/16 15:32, Tim Chown wrote:


The flip side is what evidence do we have that its a problem that is
common enough to care about?


This is a fair point. Perhaps I'm overreacting - we don't get too many 
of these.

Re: v6 naming and shaming - *.europa.eu

2016-05-18 Thread Tim Chown 
> On 18 May 2016, at 15:11, Gert Doering  wrote:
> 
> Hi,
> 
> On Wed, May 18, 2016 at 02:06:57PM +, Tim Chown wrote:
>>> I'm specifically not asking about encouraging people who haven't deployed; 
>>> rather people who have and who have broken or abandoned their efforts.
>> 
>> Well, a not uncommon approach to discourage bad behaviour is to
>> create an appropriate blacklist where offenders are added when such
>> behaviour is observed, so that people can choose to use the blacklist,
> 
> That would be akin to the mentioned RPZ zone - which helps your local
> users (good!) but effectively hides the real problem (bad).

Well, that’s basically the same model as happy eyeballs.

> Maybe just add such offendors to an RPZ zone that suppresses their IPv4
> record, so it's "fix your IPv6 or die"?  Not really serious…

:)   But agree...

>> But perhaps some public ???wall of shame??? might
>> be a step towards that. The first question is how/whether you would
>> detect / report such offenders in the first place; I would also
>> hope cases are very rare.
> 
> And whether enough people care to actually get things fixed, then.

The flip side is what evidence do we have that its a problem that is common 
enough to care about?

The last instance I recall is a vague memory of xbox.com doing something 
similar a couple of years ago.

Tim

> 
> frustrated,
> 
> Gert Doering
>-- NetMaster
> -- 
> have you enabled IPv6 on something today...?
> 
> SpaceNet AGVorstand: Sebastian v. Bomhard
> Joseph-Dollinger-Bogen 14  Aufsichtsratsvors.: A. Grundner-Culemann
> D-80807 Muenchen   HRB: 136055 (AG Muenchen)
> Tel: +49 (0)89/32356-444   USt-IdNr.: DE813185279
>

Re: v6 naming and shaming - *.europa.eu

2016-05-18 Thread Jeroen Massar 
On 2016-05-18 16:10, Phil Mayers wrote:
> On 18/05/16 15:03, Jeroen Massar wrote:
> 
>> The best advice for getting IPv6 fixed is for a large well used network
>> (google, facebook) to stop providing IPv4. Then suddenly people will fix
>> things as they won't have working "Internet" and their users will
>> complain really really loud.
> 
> Ok so basically, if more/most access networks were IPv6-enabled (because
> big or vital providers are IPv6 only) then all service networks would
> have to get it working?

Then they have a REAL reason: complaining users who cannot Google/Facebook.

And that is for many ISPs what it will take for them to even remotely
think of IPv6, see again:
 https://www.sixxs.net/wiki/?title=Call_Your_ISP_for_IPv6

> Not unreasonable, but that's a very long term prospect I guess.

It *IS* unreasonable.

As when such an event happens, it will have to be done in 1 day instead
of the 20 years that they already knew this was going to happen.

Also, likely such an event will not happen, as the establish "big"
players have more than enough IPv4 to last their lifetimes putting up
big load balancer farms.

The BIG problem there is newcomers to the market, they won't be able to
enter as they won't get any IPv4.

> I'd be curious to know if people have suggestions that work shorter term.

Please read through every IPv6-related list from the last 20 years.

People have been trying to convince folks for a while already...

> I'm in agreement that shaming is not effective; but I'm frustrated and
> it just seemed so ironic that their public claims were so pro-v6.

I've never been frustrated about this. I only see that folks doing
consulting on the subject will have a lot of work at one point.

> Question for any access network providers: if/when you run into these
> issues, how do you plan to proceed? Leave the site broken and force the
> site owner to fix, or work around at your end and hide the problem?

They will likely set up a big HTTP proxy and then tunnel IPv6 from
somewhere...

Please note that this list is the wrong audience, and so is any other
list where folks know about IPv6. These folks already have IPv6.

If they do not have IPv6 it is because of some "C-level" "business
decision" to not look into it.

You cannot fix those folks unfortunately. The only thing one can do is
"I told you so" and laugh very very hard when they turn over their cash
to the consultants and companies taking over their networks...

Greets,
 Jeroen

Re: v6 naming and shaming - *.europa.eu

2016-05-18 Thread Gert Doering 
Hi,

On Wed, May 18, 2016 at 02:06:57PM +, Tim Chown wrote:
> > I'm specifically not asking about encouraging people who haven't deployed; 
> > rather people who have and who have broken or abandoned their efforts.
> 
> Well, a not uncommon approach to discourage bad behaviour is to
> create an appropriate blacklist where offenders are added when such
> behaviour is observed, so that people can choose to use the blacklist,

That would be akin to the mentioned RPZ zone - which helps your local
users (good!) but effectively hides the real problem (bad).

Maybe just add such offendors to an RPZ zone that suppresses their IPv4
record, so it's "fix your IPv6 or die"?  Not really serious...

> But perhaps some public ???wall of shame??? might
> be a step towards that. The first question is how/whether you would
> detect / report such offenders in the first place; I would also
> hope cases are very rare.

And whether enough people care to actually get things fixed, then.

frustrated,

Gert Doering
-- NetMaster
-- 
have you enabled IPv6 on something today...?

SpaceNet AGVorstand: Sebastian v. Bomhard
Joseph-Dollinger-Bogen 14  Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen   HRB: 136055 (AG Muenchen)
Tel: +49 (0)89/32356-444   USt-IdNr.: DE813185279

Re: v6 naming and shaming - *.europa.eu

2016-05-18 Thread Phil Mayers 

On 18/05/16 15:03, Jeroen Massar wrote:


The best advice for getting IPv6 fixed is for a large well used network
(google, facebook) to stop providing IPv4. Then suddenly people will fix
things as they won't have working "Internet" and their users will
complain really really loud.


Ok so basically, if more/most access networks were IPv6-enabled (because 
big or vital providers are IPv6 only) then all service networks would 
have to get it working?


Not unreasonable, but that's a very long term prospect I guess.

I'd be curious to know if people have suggestions that work shorter term.

I'm in agreement that shaming is not effective; but I'm frustrated and 
it just seemed so ironic that their public claims were so pro-v6.


Question for any access network providers: if/when you run into these 
issues, how do you plan to proceed? Leave the site broken and force the 
site owner to fix, or work around at your end and hide the problem?


No judgement either way, just curious.

Regards,
Phil

Re: v6 naming and shaming - *.europa.eu

2016-05-18 Thread Jeroen Massar 
On 2016-05-18 15:52, Phil Mayers wrote:
> On 18/05/16 14:29, Jeroen Massar wrote:
> 
>> Really, you cannot keep on telling people to finally deploy IPv6, it
>> does not have any effect whatsoever, only their pocket books care and
>> those will only notice when it is too late...
> 
> So it's hopeless and we should just give up?

You can keep on trying to fix OTHER people's networks but you'll end
up in an abyss at one point...

> That doesn't seem like the most encouraging advice ever, but thanks for
> the reply.

The best advice for getting IPv6 fixed is for a large well used network
(google, facebook) to stop providing IPv4. Then suddenly people will fix
things as they won't have working "Internet" and their users will
complain really really loud.

Till that happens do not hold your breath.

> Anyone else got thoughts on how to discourage half-working/half-broken
> setups which create negative externalities?

Public shaming does not work, that has been tried for a long long time
already.

Contacting people who do not care about their own network does not work
either.

> I'm specifically not asking about encouraging people who haven't
> deployed; rather people who have and who have broken or abandoned their
> efforts.

Understand it this way: they officially claimed 12 years ago to be
launching IPv6 and they have not noticed their own network to be broken...

Technical contacts are badly published and likely won't reply.

Thus... little chance to fix a network that does not want to be reached.

Yes, that is unfortunate, but that is the way it seems to be.


I'll add to that that in the cases of Viruses/Bots and Spam many
networks are already big blackholes for getting these resolved. Either
you do not find a contact or they won't fix it even when they have read
the message. IPv6 is not on these network's priority lists at all...

Greets,
 Jeroen

Re: v6 naming and shaming - *.europa.eu

2016-05-18 Thread Phil Mayers 

On 18/05/16 14:45, Matthew Ford wrote:


Many moons ago, europa.eu IPv6 ‘service’ was a reverse-proxy operated
by BT. I have no idea what the current kludge is.


Ah, BT. The obvious choice of provider for an IPv6 implementation /sarcasm

Whoever runs it, they've broken it a bunch of times before.

I've "fixed" it at our end on this and previous occasions using bind RPZ 
to convert  replies containing their /48 to NODATA.


This makes me feel dirty :o(

Re: v6 naming and shaming - *.europa.eu

2016-05-18 Thread Phil Mayers 

On 18/05/16 14:29, Jeroen Massar wrote:


Really, you cannot keep on telling people to finally deploy IPv6, it
does not have any effect whatsoever, only their pocket books care and
those will only notice when it is too late...


So it's hopeless and we should just give up?

That doesn't seem like the most encouraging advice ever, but thanks for 
the reply.


Anyone else got thoughts on how to discourage half-working/half-broken 
setups which create negative externalities?


I'm specifically not asking about encouraging people who haven't 
deployed; rather people who have and who have broken or abandoned their 
efforts.

Re: v6 naming and shaming - *.europa.eu

2016-05-18 Thread Kurt Jaeger 
Hi!

> > Broken over IPv6:
> > 
> > https://webcast.ec.europa.eu/281715cafa675bf359ebaa42cb44fa17
> > 
> > (Webserver has , returns 404 over v6, fine over v4)

The tech-c seems to be:

otman.da...@ec.europa.eu

-- 
p...@opsec.eu+49 171 3101372 4 years to go !

Re: v6 naming and shaming - *.europa.eu

2016-05-18 Thread Matthew Ford 

> On 18 May 2016, at 14:23, Phil Mayers  wrote:
> 
> Broken over IPv6:
> 
> https://webcast.ec.europa.eu/281715cafa675bf359ebaa42cb44fa17
> 
> (Webserver has , returns 404 over v6, fine over v4)

Many moons ago, europa.eu IPv6 ‘service’ was a reverse-proxy operated by BT. I 
have no idea what the current kludge is.

Mat

Re: v6 naming and shaming - *.europa.eu

2016-05-18 Thread Jeroen Massar 
On 2016-05-18 15:23, Phil Mayers wrote:
> Broken over IPv6:
> 
> https://webcast.ec.europa.eu/281715cafa675bf359ebaa42cb44fa17
> 
> (Webserver has , returns 404 over v6, fine over v4)
> 
> And yet:
> 
> https://ec.europa.eu/digital-single-market/en/blog/ipv6-more-than-a-reality-a-necessity
>

You are aware that the EU "launched" IPv6 in 2004 right:

 http://www.global-ipv6.org/index.htm

Not that many of their sites/locations actually have even remotely heard
of IPv6.

Problems like this are simply still existent because they do not care,
and they will not.

See also the comments in this little wiki page:
https://www.sixxs.net/wiki/?title=Call_Your_ISP_for_IPv6

and unfortunately there are many more of even employees at ISPs who are
unable to convince their ISP that they really should be doing IPv6.

I wonder when the first large companies are going to ask for some kind
of 'fund' for getting IPv6 deployed


Really, you cannot keep on telling people to finally deploy IPv6, it
does not have any effect whatsoever, only their pocket books care and
those will only notice when it is too late...

Greets,
 Jeroen

v6 naming and shaming - *.europa.eu

2016-05-18 Thread Phil Mayers 

Broken over IPv6:

https://webcast.ec.europa.eu/281715cafa675bf359ebaa42cb44fa17

(Webserver has , returns 404 over v6, fine over v4)

And yet:

https://ec.europa.eu/digital-single-market/en/blog/ipv6-more-than-a-reality-a-necessity

I'm sick and tired of people doing tickbox IPv6 and then well-run 
networks getting the blowback: "It works on my 4G and home ADSL, it must 
be your network".


I really, really, really wish there was some incentive to do it right or 
not at all.


So, for discussion - what can the operational community do to discourage 
half-measures that create blowback / moral hazard?


Cheers,
Phil