[175638] in North American Network Operators' Group
Re: pay.gov and IPv6
daemon@ATHENA.MIT.EDU (Matthew Kaufman)
Sun Oct 26 21:39:53 2014
X-Original-To: nanog@nanog.org
In-Reply-To: <20141026211643.822F3228311D@rock.dv.isc.org>
From: Matthew Kaufman <matthew@matthew.at>
Date: Sun, 26 Oct 2014 18:39:44 -0700
To: Mark Andrews <marka@isc.org>
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
This is why I need to pull logs the next time I need to pay the FCC. There a=
re several rounds of redirects involved from clicking the payment button on t=
he FCC site to the final landing at pay.gov, and one of the last steps never=
connects if IPv6 is enabled.
Matthew Kaufman
(Sent from my iPhone)
> On Oct 26, 2014, at 2:16 PM, Mark Andrews <marka@isc.org> wrote:
>=20
>=20
> In message <CAFG21ohZ6MV6Tef_sWuwV6kmAZmHQ3nFRLq-FkdU38g=3DvL3nnQ@mail.gma=
il.com>
> , Todd Lyons writes:
>> On Sat, Oct 25, 2014 at 10:26 AM, Matthew Kaufman <matthew@matthew.at> wr=
ote:
>>>>=20
>>>> Random IPv6 complaint of the day: redirects from FCC.gov to pay.gov fai=
l
>>>> when clients have IPv6 enabled. Work fine if IPv6 is off. One more set o=
f
>>> Still broken, 7 months later. And again, I was too busy trying to pay to=
tr
>> y
>>> to pull a full set of logs. But if you do something on the FCC site that=
>>> requires payment, the redirection flow dies halfway through if you're co=
min
>> g
>>> from IPv6 and works fine if you turn it off... so yet another computer i=
n
>>> the house has IPv6 disabled until manually turned back on.
>>=20
>> FWIW, eftps.gov is also unreachable via ipv6. I tried all of miredo,
>> and my home Sixxs tunnel, and a HE tunnel from somewhere else. I used
>> the 4or6 plugin to temporarily disable ipv6 and both sites loaded
>> straight away.
>=20
> If a site is unreachable your client should switch to IPv4 unless
> a IPv6 literal has been used.
>=20
> If your client take ages to switch over report a bug to the client
> vendor.
>=20
> It should not take ages to switch between multiple server addresses.
> IPv4 + IPv6 is just a example of multiple server addresses.
>=20
>> eftps.gov and pay.gov appear to be managed separately since both their
>> ipv4 and ipv6 netblocks are not in the same netblocks, and my path to
>> them is not the same:
>>=20
>> eftps.gov has IPv6 address 2620:10f:400e:a::13
>> mtr to eftps.gov via Sixxs:
>> Host Loss% Snt Last
>> Avg Best Wrst StDev
>> 1. 2604:8800:100:82bc:ddcb:ae62:e3da:c91f 0.0% 16 0.9
>> 0.9 0.9 1.6 0.2
>> 2. gw-701.chi-03.us.sixxs.net 0.0% 16 71.6
>> 72.4 68.6 78.3 2.4
>> 3. uschi03.sixxs.net 0.0% 16 70.2
>> 71.8 69.2 78.8 2.4
>> 4. 2620:0:6b0:a::1 0.0% 15 67.3
>> 73.3 67.3 79.7 3.2
>> 5. tge3-1.fr3.ord4.ipv6.llnw.net 0.0% 15 73.6
>> 75.4 70.1 85.4 4.9
>> 6. ve8.fr3.ord.ipv6.llnw.net 0.0% 15 73.5
>> 79.7 72.9 90.4 5.7
>> 7. 2600:805:41f::5 0.0% 15 104.4
>> 81.9 74.2 104.4 9.0
>> 8. 2600:806::12 0.0% 15 105.2
>> 104.0 100.6 109.8 2.9
>> 9. 2600:806:12f::2e 0.0% 15 134.5
>> 135.7 131.4 147.4 4.1
>> 10. 2620:10f:400e:1::4004 0.0% 15 161.5
>> 145.9 131.5 163.8 9.9
>> 11. ???
>>=20
>> pay.gov has IPv6 address 2605:3100:fffd:100::15
>> mtr to pay.gov via Sixxs:
>> Host Loss% Snt Last
>> Avg Best Wrst StDev
>> 1. 2604:8800:100:82bc:ddcb:ae62:e3da:c91f 0.0% 11 0.9
>> 0.9 0.7 1.1 0.1
>> 2. gw-701.chi-03.us.sixxs.net 0.0% 11 70.8
>> 70.9 67.0 74.4 2.2
>> 3. uschi03.sixxs.net 0.0% 11 73.7
>> 73.7 69.8 90.1 5.6
>> 4. 2620:0:6b0:a::1 0.0% 11 70.6
>> 73.7 70.4 86.2 5.0
>> 5. tge3-1.fr3.ord4.ipv6.llnw.net 0.0% 11 72.4
>> 75.6 71.5 82.6 3.2
>> 6. ve8.fr3.ord.ipv6.llnw.net 0.0% 11 76.1
>> 79.3 74.7 87.9 4.0
>> 7. tge32-3.fr3.dal.ipv6.llnw.net 0.0% 11 99.1
>> 100.1 96.4 106.2 2.7
>> 8. sl-st30-dal-te0-14-0-1.v6.sprintlink.net 0.0% 11 98.2
>> 102.0 98.2 111.0 4.4
>> 9. sl-crs1-fw-be40.v6.sprintlink.net 0.0% 11 99.5
>> 100.5 96.2 105.5 2.5
>> 10. sl-gw38-fw-po0-0.v6.sprintlink.net 0.0% 11 96.4
>> 98.8 96.4 105.1 2.6
>> 11. 2600:4:2000:4::9 0.0% 11 100.2
>> 102.0 99.0 107.0 2.7
>> 12. ???
>>=20
>> I was hoping an eftps.gov or pay.gov employee was casting an eye this
>> way, but it doesn't look like anybody from there is subscribed to
>> NANOG.
>>=20
>> ...Todd
>> --=20
>> The total budget at all receivers for solving senders' problems is $0.
>> If you want them to accept your mail and manage it the way you want,
>> send it the way the spec says to. --John Levine
> --=20
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
