Verizon Refuses To Provide Complete IPv6 438
Glendale2x writes "I'm a progressive sort of guy and I want to go full dual-stack, IPv6 for the future, etc. However I recently tried to turn up a new Verizon circuit with IPv6 (after a 6-month fiber install process), and to my chagrin the order they accepted back in May they're now saying is against their policy to provide. They're missing around 29% of the IPv6 internet and refuse to carry it. Tell me again how we're supposed to encourage IPv6 adoption in the face of a huge black hole like this?"
Re:slashdotted wordpress install... any details ? (Score:3, Informative)
This is on an OC-12. They're filtering using BGP prefix lists.
Re:I don't think IPv6 is really the future any mor (Score:4, Informative)
Except China. The latest figure I've heard is six levels of NAT in some places.
Re:I concur... (Score:4, Informative)
Server's overloaded. I didn't expect me complaining about Verizon would hit the front page. Trying to convert it to a static page.
Re:I don't think IPv6 is really the future any mor (Score:5, Informative)
[citation needed]
In 2003, RIPE NCC [ripe.net] noted that estimates fell around 2012. I will grant you that 2003 is not 12 years ago, only 6, but that was a result on the first page of google for "IPv4 run-out estimates over time."
I'm unfamiliar with oil reserves and cold fusion research, but I'd like to see your justifications for those claims, too :-)
Re:bullshit (Score:5, Informative)
That's some fine internet tough talk, but realistically the best solution open to the common man is to simply vote with your dollars and leave. Verizon is probably happy enough to let a squeaky wheel out of any time contract, if they really are in violation, knowing that the unwashed masses will not notice these kinds of failings.
The problem is if the six month install process came with a hefty price tag (article is Slashdotted, so can't read up on it). Voting with your feet and going elsewhere implies a massive sunk cost that may not be recoverable, depending on how open the fiber accessibility is to other providers.
Re:bullshit (Score:5, Informative)
Coral cache: http://www.rollernet.us.nyud.net:8090/wordpress/2009/10/verizon-refuses-to-provide-complete-ipv6/ [nyud.net]
If you use the "slashdotter" Firefox extension, it will automatically insert coralcache, mirrordot, and google cache links into the summary for you.
Re:bullshit (Score:5, Informative)
It won't free you from the failings of Verizon if you happen to be on one of the networks they omit from their routing table.
Re:I don't think IPv6 is really the future any mor (Score:3, Informative)
No it won't. It will be some bandaid solution thought of at the last minute that will patch things together until the current crop of CEOs get their golden parachutes.
Sorry, but I'm very cynical on this. Few businesses are "forward looking"; most look back to the heyday when life was good and want nothing to do with any new invention if they can help it. Look at the entertainment industry, the paper press industry, the telecom industry... They've all been fighting new tech for years.
Heck, if it was up to AT&T we'd all be dialing on our Princess Phones.
Re:I don't think IPv6 is really the future any mor (Score:2, Informative)
Reselling IP addresses is exceedingly difficult unless you do it under the table.
Strictly speaking, it's explicitly not allowed in most regions.
Re:I wonder (Score:2, Informative)
Re:I don't think IPv6 is really the future any mor (Score:2, Informative)
I'm assuming you don't have much experience in the real world. I am an architect on a fairly large network. 100,000 active unique DHCP's per day. We use PAT EXTENSIVELY. Unless you have a very specific reason to have a real world external IP, you don't get one. And very few people get externals. We usually give 1:1 NAT's before externals.
Re:change of contract (Score:5, Informative)
They very conveniently lost the original order (where I disclosed exactly what I required, down to what networks I will announce) and the circuit was delivered as IPv4-only in August. With a static /29. Without BGP. All of this was a huge shock to the provisioning team on the first call when I started talking BGP for IPv4. It took over a month to get them to change it to dual-stack and re-engineer the endpoint to go to a different city that had IPv6 support after I forwarded them all of my copies. And then they pulled this out of their hat. Oh, don't forget that my account manager was fired in September and the new one won't accept my calls. It's a huge fucked up mess.
I must admit, I never figured that complaining about Verizon sucking would make the front page of slashdot.
Basically Verizon is providing IPv6 (Score:2, Informative)
The service they promise (sort of)... but they're being *******'es about it. If I understand correctly they provide article author two options (1) Use Verizon IP addresses, or (2) Use their ARIN assignment and peer with Verizon AS 701.
Where Verizon blocks announcements of prefixes longer than /32.
This is a long-standing (braindead) policy on Verizon's part, that doesn't even account for the fact that RIRs are handing out /48 PI assignments in some cases, and there can be multi-homed sites with /56s.
In other words, a third of the V6 internet. You can think of this as the IPv4 equivallent of only accepting announcement of a /19 or larger block of IP addresses.
Verizon isn't well known for having complete IPv6 connectivity, a lot of "IPv6 providers" don't. If you are serious about V6 connectivity, you definitely want to get multiple providers.
In the V6 world, connectivity is sparse, and filtering is overly aggressive from the likes of Verizon and other big V4 players, almost as if they're not really all that serious about ensuring global V6 reachability. I would say 2 or 3 transit providers is needed for bare minimum connectivity. And naturally it's better if you can peer with others...
Re:bullshit (Score:5, Informative)
Re:BGP aggregation policy (Score:2, Informative)
It seems entirely plausible to me that the problem really is at the other end; that is, the missing routes aren't in fact globally routable and are only visible from Sprint and Hurricane Electric due to some sort of hackery.
So the first question I'd want answered would be: which backbone provider do those blocks belong to?
I may be mistaken, but it's my understanding that IPv6 addresses, unlike IPv4 addresses, include information about the backbone provider, so you really can't get your own allocation from ARIN and expect an ISP to route it for you. It doesn't (or isn't supposed to) work like that, for good reason. So, if the missing blocks are people who aren't backbone providers but have some kind of back-door deal with Sprint and/or Hurricane Electric, Verizon may be in the right.
If those blocks *are* owned by backbone providers, I'd want to talk to some of them and see what they say about it. They're the ones who should be talking to Verizon about why they're being blocked.
Re:BGP aggregation policy (Score:4, Informative)
So the first question I'd want answered would be: which backbone provider do those blocks belong to?
A whole lot of different ones. They're ARIN's PI multihoming block.
I may be mistaken, but it's my understanding that IPv6 addresses, unlike IPv4 addresses, include information about the backbone provider, so you really can't get your own allocation from ARIN and expect an ISP to route it for you. It doesn't (or isn't supposed to) work like that, for good reason. So, if the missing blocks are people who aren't backbone providers but have some kind of back-door deal with Sprint and/or Hurricane Electric, Verizon may be in the right.
You wouldn't have been mistaken before 2006. ARIN does allow you to get your own IPv6:
https://www.arin.net/policy/proposals/2005_1.html [arin.net]
I believe RIPE is following suit next month.
Re:I don't think IPv6 is really the future any mor (Score:3, Informative)
You know, that "sky is falling" prediction has been coming and going for years now. It's always just a couple years away. Things get reallocated, and then it's "oh a couple years away". Someone always "discovers" IPv6, because they were just taught about it and suddenly it's the most important thing to them since storing rations for Y2K.
Sept 1998 ... IPv4's 4.2 billion addresses will run out in about 10 years-by 2010 at the latest.
In many ways, the transition from IPv4 to IPv6 marks the period of the Internet's adolescence. Within the user community, there's angst over
July 1999 - Wired [wired.com]
The Internet on Thursday began moving from its old addressing system to a radically new one, though no one is likely to notice.
After four years of testing, the Internet Assigned Numbers Authority on Thursday rolled out Version 6 of the Internet Protocol (IPv6), the next-generation numeric addressing system for the global network.
March 2002, screen digest [allbusiness.com]
Under present conditions, Internet protocol (IP) addresses will run out by 2005, according to report by European Commission. Old IP version four (IPv4) cannot provide each person around the world with one address, especially since greater proportion of addresses have been assigned to North America.
May 2007, internetnews.com [internetnews.com]
The IPv4 Address Report lists two possible dates for when the number of IPv4 dates will run out: April 17, 2010 or December 2, 2010, depending on the source.
Re:Yes, but watch for... (Score:3, Informative)
95% of the internet does not care or know about having a globally unique IP address will keep NAT a viable solution for a while.
It used to be that I didn't care about that.
Then my brother got himself banned from Slashdot by IP (while we were both teenagers).
At that point, I started caring whether I shared an IP with someone I didn't trust, who was likely to get banned from somewhere. (The first, most obvious change was to convince my brother to stop trolling.)
It may take awhile, but if people start finding themselves banned from, say, YouTube or Facebook by IP, they'll start caring about NAT.
There's a reason people move away from AOL.
Re:I don't think IPv6 is really the future any mor (Score:3, Informative)
It's a bit like suggesting you can sell parts of your land (real-estate) under the table, without notifying the county records office of the sale..
The problem is... there's a registered owner (or deed holder). And having someone tell you that you can use some IP addresses is useless unless you can get traffic to them.
The action required to get traffic to go to an IP address is very public, you have to announce the IP address space using an AS number.
The only way for you to do it without setting off alarm bells is to pretend that you ARE the person you "bought" the IPs from under the table, using their AS number.
Your announcement will probably be filtered, since your IP block is a portion of theirs (it's smaller than the assignment)
So the traffic goes to them... unless they happen to be an ISP connected to you, you are now in a sticky situation.
So the difficulty in simply 'acquiring IPs' under the table, is the need to get connectivity to them. Controlling that connectivity is harder, and if the company that sold you the IPs goes bankrupt, you're screwed.
You're better off just getting your ISP to allocate you the IPs. Either that... or buying/merging with other companies for the sole purpose of acquiring their IP addresses, and throwing away all else.
(Depending on how scarce IPs get)
Your trying to contact IPv6 PI! (Score:3, Informative)
Re:I don't think IPv6 is really the future any mor (Score:2, Informative)
In this case, freely allowing the purchase and sale of parts of IP blocks piecemeal would be an internet routing table disaster.
The routing table has already gone over 300,000 entries. Filtering is already a reality for many sites, and many ISPs, common equipment already can't handle the full routing table much longer at the current rate of expansion.
Equipment that can do better in hw is extremely expensive, and out of reach of much of the market.
Now, the registries today allocate blocks of IP addresses in a manner that allows filtering.
For example, if you get a /22 for multi-homing, that block gets allocated from a block from which only /22's are allocated. That way, everyone can filter to the /22, you advertise one /22 route, if you try to break up that /22 and advertise 4 /24 routes, for traffic engineering, you can do it, but many sites will filter it.
The same applies to organizations who get a /20 direct assignment, they can chop up their /20 into 16 /24s and also advertise each one with different values or from different places for traffic engineering, and it's common to chop that up a bit, but most sites will filter those, and only their /20 announcement is propagated.
Now, imagine if policies were different, and you got a /19 you later didn't need half it. You are supposed to return the /20 you don't need to the registry and exchange keep only the smaller block if this happens.
But imagine you didn't... you sold 16 /24s (256 IPs each) to 16 different entities.
Now they each want to announce them (they're not connected to you)... that's 16 more entries in the routing table.
Ok, that matters but is not massive.
What is HUGE is the fact that when people apply their filtering rules (accepting only /20 or larger) advertisements from your block allocated from a block from which only /20s are allocated.....
Suddenly those networks you 'sold' those blocks to aren't reachable by networks in the DFZ that do this filtering.
And they'll be complaining to them, demanding they relax their filtering, which ultimately causes costs to be massively increased for everyone, or their equipment blows up, or they tell the people you sold IPs to to go get a proper block... in any case, the result is bad for the community
Even though you benefit from selling IPs, and they benefit from being able to get them from you, the community as a whole incurs a massive expense, it's basically an abuse of the commons.
Re:Yes, but watch for... (Score:3, Informative)
Mac address doesn't get sent tot he remote host unless you're on the same ethernet network. MAC address is an ethernet concept, not part of IP.
Besides which, it's trivially changable. Most routers allow you to set it to whatever you want.
Re:I don't think IPv6 is really the future any mor (Score:2, Informative)
Re:Actually, Verizon is right (Score:4, Informative)
The least bad solution with the current standards is to give to each IPv6 multiple addresses, e.g. one with the Verizon prefix, one with the Sprint prefix, one with SAVVIS. Of course, that solution assumes that the exit routers are capable of choosing the exit route based on the source address picked by the host, which is a *big* assumption. I suppose that if there is enough demand, Cisco, Juniper et al will come up with such routers.
If that works, you get the equivalent of each host having multiple "virtual network cards", one for each provider. Of course, they do not in fact have multiple cards, just multiple addresses.
Failing that, the big organizations will pay their providers large sums and get a short prefix (/32, probably) that will be routed. The small folks will be left hanging.
Re:bullshit (Score:3, Informative)
I had a similar experience when canceling service with a web hosting provider (lowestcosthost.com). They started out OK. and I finally decided to prepay for a year to get a slight discount. A few weeks later, their service rapidly became abysmal, to the point where email would go down for hours, then instead of dealing with the issue they'd just reboot the email server and clear the email buffers on the way back up (losing any email that was in queue). This happened three times in the same month, and I finally called it quits.
After posting a number of requests for help on retrieving the lost email on their help forums and getting no response, I finally vented about their incompetence on their customer forums, whereupon all of my help requests and negative comments were deleted, several were replaced with "EXCELLENT HOST A+++", and I got a nasty letter from someone saying I wasn't a customer any more and I could just piss off and they were keeping my prepaid annual fee thankyouverymuch.
Unfortunately, I had my domain registered through them as well, and had to wait the better part of a month before they finally "abandoned" it and I was able to snap it back up.
So two lessons learned: Never register your domain with your web hosting provider, and never prepay for a year.
Re:bullshit (Score:2, Informative)
Re:BGP aggregation policy (Score:4, Informative)
Fascinating. Is there a corresponding document somewhere explaining how this is supposed to be implemented? It seems to defeat one of the design criteria of IPv6, i.e., keeping routing tables simple.
You are correct that it does defeat the routing table simplicity goal because implementation of multihoming is exactly the same as it is with IPv4. This happened because IPv6 was left without a sane way to multihome. I don't know what block RIPE will use, but AFRINIC (2001:43F8::/29), and APNIC (2001:0DF0::/29) also have a similar policy to ARIN.