On Tue 29 Apr 2014 09:04:36 PM CDT, Theo de Raadt wrote:
I know that what I proposed cannot go in at the moment. It's my end
goal.
The goal is ridiculous.
If anything, it should be sorted by the "best addresses first". Today
the best addresses are IPv4. There is no dynamic method to determine
"best", but measurements all over the world show that IPv4 is better
in every respect.
Change that, then we can talk.
...
Apply these kinds of changes to your entire production network,
and report back in 6 months if you are still running them.
You're right for almost all residential customers today and most
business customers of incumbent providers.
However, based on available evidence, IPv4 is not better than IPv6 in
every respect for everyone.
My IPv6 transit is free, and runs at 1Gbit/sec. (Thank you, Hurricane
Electric. Yes, I know this will change someday.) My IPv4 transit is
definitely not free, and runs at 100Mbit/sec.
I have a /48 of IPv6 addresses, whereas I have only a /24 of IPv4
addresses. Both address blocks cost the same amount; the $/IP ratio is
clear.
IPv6 is clearly better for me, because I've taken steps to obtain
native IPv6 transport. That fact skews my results.
My own measurements show that for many services, Amazon's cloud being a
notable example, native IPv6 provides noticeably lower latency than
IPv4 - even when taking the same AS path. IPv4 routes tend to have
higher hop-counts than the corresponding IPv6 routes.
Using cpercival's tarsnap service as a test endpoint: from my
workstation, the IPv4 route is 15 hops long and exhibits RTT in the
54msec range, whereas the IPv6 route is 9 hops long and 33msec.
Google's public DNS servers are 13 [v4] vs. 11 [v6] hops and identical
latency (32msec).
Akamai is 8 [v4] vs. 6 [v6] hops, and nearly-identical latency, once I
get past the local cache.
My data (not just these two examples) shows native IPv6 having a
noticeable performance advantage over IPv4. (It's not because of the
1Gb/100Mb links, either; my workstation is at the far end of a 20Mbit
radio link from my routers.)
In every case I can find, IPv6 is now at least as good as IPv4, and is
often "better in every respect".
That conclusion does still flip 180 degrees around, for obvious
reasons, when the only IPv6 connectivity is through a tunnel.
I've been fully[*] dual-stacked for almost a year, and well over a year
since I started preferring my IPv6 tunnel wherever possible. The
redundant OpenBSD-based BGP routers were installed October 26th 2013
and were routing IPv6 shortly thereafter. The topology has changed
several times over that period of time, and the addition of IPv6 has
not created problems for me any more significant than IPv4 has.
(Renumbering is exactly as much a PITA in v6 as v4, despite what some
optimists still claim.)
Yes, I have had to choose software that supports IPv6, but that's not
difficult nowadays... the lack of DHCPv6 in base OpenBSD is the only
major gap that I've had trouble filling.
Overall, OpenBSD supports IPv6 extremely well, more than well enough to
run my network, which is why I don't understand the determination to
passive-agressively not endorse it. I don't know anyone who seriously
believes, by this point, that IPv6 is not going to take over
eventually. Yes, the entire industry is doomed to repeat its mistakes,
that's blazingly obvious. Yes, IPv6 has some serious flaws, and as a
protocol suite, it sucks rocks in many ways. Does that mean you have
to actively resist fostering IPv6 adoption? OpenBSD is already the
only free OS that handles IPv6 fragmentation "correctly"... and it
certainly wouldn't be the first OS to prefer IPv6. (That would
actually be Windows Vista, I believe. OK, that's not a glowing
endorsement...)
[*] except for one software management console that doesn't support
IPv6 at all. My printers, my WiFi APs, even my CEPH cluster are all
IPv6-native. The worst network-stack stupidity I've seen so far was on
the WiFi AP, and it only affected IPv4.
--
-Adam Thompson
athom...@athompso.net
