It’s like the opposite of Dr. House’s “It’s never Lupus.”
“It’s always DNS.”
I feel like we really need to speed up the embrace of IPv6 to solve this kind of issue. DNS is helpful to humans sure but a lot of these outages are triggered by services not being able to reach one another because they’re hard-coded to a DNS to avoid shifting IPs due to things like NAT.
It feels like we could do an end-run around a lot of this by having a failover to an IPv6 address that is associated with the DNS entry if the DNS fails. Kind of like you generally have multiple DNS servers in sequence in case one of not-responsive, what if, at the service-level we stopped relying on DNS so much and instead used the benefits of IPv6 to not have services fail with DNS does? DNS should be for humans not for computers especially not in a world where IPv6 exists.
(someone who is more familiar with the ins-and-outs of IPv6 is welcome to tell me if and why I am wrong in thinking this)
because they’re hard-coded to a DNS to avoid shifting IPs due to things like NAT
One of the many, many things we shoved into DNS was service discovery. It’s not because of NAT, it’s because we want to seamlessly support migrating from 1 server to 10 billions of them without reconfiguring anything.
The solution in indeed to migrate to IPv6, but that’s because IPv6 multi-cast is actually usable. This time it’s not because of NAT.
In this case, she just wanted to make sure that everything is off and without current before the vacation and since I told her to not trip that one breaker, she unplugged some seemingly unrelated cables and just unplugged the wrong one
IPv4 is definitely a large part of the blame for this and we need to start resting the blame there in hopes we force these companies (and their users) to actually use it. We need ISPs to support it, of course for end users, but at the enterprise level everything should be IPv6. It should have been IPv6 a decade ago, or more.
I was learning IPv6 in second year Network & Télécom, in 1997. We were running out of IPs back then.
Then we invented proxies and NAT and things got better and nature took its course (it ain’t broke? Don’t fucking touch it).
Sure, nature took its course, but did NATs make things better? I’m a game dev and getting two computers to talk to each other is so so much harder due to NAT traversal, requiring punchthrough servers. Voice chat and stuff need STUN/TURN servers. A game has to account for “what if my host wants to connect two clients, one of which within the NAT and one without?”
Makes far more sense to give every device an address and just talk to it and leave security and port openness up to firewalls.
getting two computers to talk to each other is so so much harder due to NAT traversal
… which is why you will take IPv4 on my home network from my cold, dead hands, and why all IPv6 traffic is blocked in the network that hosts my PC/laptop
So you admit you can block IPv6 traffic in your rebuke to IPv6 adoption. What’s then the issue? Block what you want, it’s your network, but do it with a firewall and not NAT.
We need to start talking about IPv6 as something that is here and now, not some far off future.
IMHO, the biggest issue is setup for SOHO users. Routers for that market have gotten the IPv4 setup wizard process down pretty good. With IPv6, there’s like three different ways your ISP might have set it up, and you need to tell your router which way to go. It’s complicated enough that even people with a solid understanding of IPv4 can be confused trying to figure out what works.
The first time I tried to setup IPv6 on OPNsense, Android phones thought they couldn’t connect to the Internet after getting on WiFi. Something about the endpoint they check for Internet access wasn’t going through. I backed out some settings, and something fixed it, but I’m still not sure what.
I mean, if there’s only three ways, couldn’t routers be set up to just try all three to see which works? Or if they each need specific parameters that aren’t discoverable, have a form that takes all of them but says “just enter what your ISP gives you, the others are optional”. Or set it up such that the client can just get whatever information it needs from the server to communicate with other nodes beyond the server. IPv4 has DHCP. Is there something in the way of applying a similar solution to IPv6?
IPv4 has DHCP. Is there something in the way of applying a similar solution to IPv6?
That in itself is implemented a few different ways, and each one is more useful dependent on your use-case, but these also have very little to do with how your ISP hands out the IP to your modem. When you get an IP handed out to your modem by your ISP, it’s often not being handed out by DHCP but an entirely different technology purpose built for whatever medium (cable/DSL/fiber) is actually going into your modem, so knowing their implementation is still important. Things work a little differently at enterprise-level. Although you’re not wrong that eventually there could be routers with auto-configuration based on which type of IPv6 network the router detects, there just currently aren’t any that I know of.
But if you’re interested in the modern equivalents of DHCP you should look into SLAAC vs. DHCPv6 which are similar but oh so very different.
That’s disappointing that they have different methods for each physical layer. That should be handled on the link layer using common methods once the physical layer is able to send bits back and forth.
Getting an IP address shouldn’t be affected by whether it will be transmitted using fibre, dsl, cable, a 56k line, a quantum teleporter, signal fires, or carrier pigeons.
It’s like the opposite of Dr. House’s “It’s never Lupus.”
“It’s always DNS.”
I feel like we really need to speed up the embrace of IPv6 to solve this kind of issue. DNS is helpful to humans sure but a lot of these outages are triggered by services not being able to reach one another because they’re hard-coded to a DNS to avoid shifting IPs due to things like NAT.
It feels like we could do an end-run around a lot of this by having a failover to an IPv6 address that is associated with the DNS entry if the DNS fails. Kind of like you generally have multiple DNS servers in sequence in case one of not-responsive, what if, at the service-level we stopped relying on DNS so much and instead used the benefits of IPv6 to not have services fail with DNS does? DNS should be for humans not for computers especially not in a world where IPv6 exists.
(someone who is more familiar with the ins-and-outs of IPv6 is welcome to tell me if and why I am wrong in thinking this)
One of the many, many things we shoved into DNS was service discovery. It’s not because of NAT, it’s because we want to seamlessly support migrating from 1 server to 10 billions of them without reconfiguring anything.
The solution in indeed to migrate to IPv6, but that’s because IPv6 multi-cast is actually usable. This time it’s not because of NAT.
My network doesn’t often go down, but when it does, it’s always DNS (or the power went out).
My wife: accidentially unplugs homeservers (with PiHole running)
Also my wife: the internet is down?!
This (almost) exact scenario is why I need to move my PiHole instance off my Proxmox box and onto a dedicated appliance.
In this case, she just wanted to make sure that everything is off and without current before the vacation and since I told her to not trip that one breaker, she unplugged some seemingly unrelated cables and just unplugged the wrong one
IPv4 is definitely a large part of the blame for this and we need to start resting the blame there in hopes we force these companies (and their users) to actually use it. We need ISPs to support it, of course for end users, but at the enterprise level everything should be IPv6. It should have been IPv6 a decade ago, or more.
I was learning IPv6 in second year Network & Télécom, in 1997. We were running out of IPs back then.
Then we invented proxies and NAT and things got better and nature took its course (it ain’t broke? Don’t fucking touch it).
Sure, nature took its course, but did NATs make things better? I’m a game dev and getting two computers to talk to each other is so so much harder due to NAT traversal, requiring punchthrough servers. Voice chat and stuff need STUN/TURN servers. A game has to account for “what if my host wants to connect two clients, one of which within the NAT and one without?”
Makes far more sense to give every device an address and just talk to it and leave security and port openness up to firewalls.
I have tried to code TCP hole punch through and aAaaaaaaAaaaAAAaaaa
… which is why you will take IPv4 on my home network from my cold, dead hands, and why all IPv6 traffic is blocked in the network that hosts my PC/laptop
So you admit you can block IPv6 traffic in your rebuke to IPv6 adoption. What’s then the issue? Block what you want, it’s your network, but do it with a firewall and not NAT.
Thanks for holding us back, champ.
I guess fuck stateful packet inspection as a tool or anything.
NAT isn’t a security measure you know that right?
The good news is that the amount of traffic hitting Google that’s connecting over IPv6 is just about at the 50% mark:
https://www.google.com/intl/en/ipv6/statistics.html
We need to start talking about IPv6 as something that is here and now, not some far off future.
IMHO, the biggest issue is setup for SOHO users. Routers for that market have gotten the IPv4 setup wizard process down pretty good. With IPv6, there’s like three different ways your ISP might have set it up, and you need to tell your router which way to go. It’s complicated enough that even people with a solid understanding of IPv4 can be confused trying to figure out what works.
Further, there’s often not clear documentation from your ISP which of the ways they have it set up!
Definitely.
The first time I tried to setup IPv6 on OPNsense, Android phones thought they couldn’t connect to the Internet after getting on WiFi. Something about the endpoint they check for Internet access wasn’t going through. I backed out some settings, and something fixed it, but I’m still not sure what.
I mean, if there’s only three ways, couldn’t routers be set up to just try all three to see which works? Or if they each need specific parameters that aren’t discoverable, have a form that takes all of them but says “just enter what your ISP gives you, the others are optional”. Or set it up such that the client can just get whatever information it needs from the server to communicate with other nodes beyond the server. IPv4 has DHCP. Is there something in the way of applying a similar solution to IPv6?
That in itself is implemented a few different ways, and each one is more useful dependent on your use-case, but these also have very little to do with how your ISP hands out the IP to your modem. When you get an IP handed out to your modem by your ISP, it’s often not being handed out by DHCP but an entirely different technology purpose built for whatever medium (cable/DSL/fiber) is actually going into your modem, so knowing their implementation is still important. Things work a little differently at enterprise-level. Although you’re not wrong that eventually there could be routers with auto-configuration based on which type of IPv6 network the router detects, there just currently aren’t any that I know of.
But if you’re interested in the modern equivalents of DHCP you should look into SLAAC vs. DHCPv6 which are similar but oh so very different.
That’s disappointing that they have different methods for each physical layer. That should be handled on the link layer using common methods once the physical layer is able to send bits back and forth.
Getting an IP address shouldn’t be affected by whether it will be transmitted using fibre, dsl, cable, a 56k line, a quantum teleporter, signal fires, or carrier pigeons.