[180276] in North American Network Operators' Group
Re: Multiple vendors' IPv6 issues
daemon@ATHENA.MIT.EDU (Bruce Curtis)
Sat May 30 08:06:30 2015
X-Original-To: nanog@nanog.org
From: Bruce Curtis <bruce.curtis@ndsu.edu>
To: NANOG <nanog@nanog.org>
Date: Sat, 30 May 2015 12:06:26 +0000
In-Reply-To: <051201d0984a$b8f61040$2ae230c0$@tndh.net>
Errors-To: nanog-bounces@nanog.org
On May 27, 2015, at 1:59 AM, Tony Hain <alh-ietf@tndh.net> wrote:
> David,
>=20
> While I agree with you that there is no excuse for the general IPv6 broke=
nness across all vendors, they are just doing what participants on lists li=
ke this one tell them. Name&Shame may help a little, but until a large numb=
er of people get serious and stop prioritizing IPv4 in their purchasing dem=
ands, the vendors are not going to prioritize IPv6. Until the vendors clear=
ly hear a collective "we are not buying this product because IPv6 is broke=
n", everyone will get exactly the behavior you are witnessing.=20
>=20
> While I appreciate the challenges you are facing, it is likely that you w=
ill be helped by documenting the percentage of IPv6 traffic you see when th=
ings do work. While it may not be much now, that can change quickly and wil=
l provide internal ammunition when you try to take a stand about refusing t=
o use a product. If your IPv6 percentage grows anywhere near the 2x/yr rat=
e that Google has been seeing it won't take long before IPv6 is the driving=
protocol. For fun, project this=20
> http://www.google.com/intl/en/ipv6/statistics.html forward 4 years and =
hand it to the vendors that can't get their IPv6 act together. Then ask the=
m how they plan to still be in business at that point ......
>=20
> Tony
I like this page even better for that purpose. It does the forward proje=
cting for you and projects 33% in one year and above 90% in 4 years.
https://www.vyncke.org/ipv6status/project.php?metric=3Dq&country=3Dus
This says that 45% of web pages viewed by people worldwide are available =
via IPv6 (It does not say that 45% of web pages are available via IPv6, it =
says that since Facebook and others, which are IPv6 enabled, have more page=
views than some less popular sites that are IPv4 only and that results in =
45% of web pages viewed being available via IPv6.)
http://6lab.cisco.com/stats/
http://6lab.cisco.com/stats/information.php#content
It is also interesting to sort this page by IPv6 percent.
http://www.stateoftheinternet.com/trends-visualizations-ipv6-adoption-ipv4-=
exhaustion-global-heat-map-network-country-growth-data.html#networks
> -----Original Message-----
>> From: NANOG [mailto:nanog-bounces@nanog.org] On Behalf Of David
>> Sotnick
>> Sent: Tuesday, May 26, 2015 4:19 PM
>> To: NANOG
>> Subject: Multiple vendors' IPv6 issues
>>=20
>> Hi NANOG,
>>=20
>> The company I work for has no business case for being on the IPv6-Intern=
et.
>> However, I am an inquisitive person and I am always looking to learn new
>> things, so about 3 years ago I started down the IPv6 path. This was earl=
y
>> 2012.
>>=20
>> Fast forward to today. We have a /44 presence for our company's multiple
>> sites; All our desktop computers have been on the IPv6 Internet since Ju=
ne,
>> 2012 and we have a few AAAAs in our external DNS for some key services =
=97
>> and, there have been bugs. *Lots* of bugs.
>>=20
>> Now, maybe (_maybe_) I can have some sympathy for smaller network
>> companies (like Arista Networks at the time) to not quite have their act
>> together as far as IPv6 goes, but for larger, well-established companies=
to
>> still have critical IPv6 bugs is just inexcusable!
>>=20
>> This month has just been the most disheartening time working with IPv6.
>>=20
>> Vendor 1:
>>=20
>> Aruba Networks. Upon adding an IPv6 address to start managing our WiFi
>> controller over IPv6, I receive a call from our Telecom Lead saying that=
or
>> WiFi VoIP phones have just gone offline. WHAT? All I did was add an IPv6
>> address to a management interface which has *nothing* to do with our VoI=
P
>> system or SSID, ACLs, policies, roles, etc.
>>=20
>> Vendor 2:
>>=20
>> Palo Alto Networks: After upgrading our firewalls from a version which h=
as a
>> nasty bug where the IPv6 neighbor table wasn't being cleaned up properly
>> (which would overflow the table and break IPv6), we now have a *new*
>> IPv6 neighbor discovery bug where one of our V6-enabled DMZ hosts just
>> falls of the IPv6 network. The only solution: clear the neighbor table o=
n the
>> Palo Alto or the client (linux) host.
>>=20
>> Vendor 3:
>>=20
>> Arista Networks: We are seeing a very similar ND bug with Arista. This o=
ne is
>> slightly more interesting because it only started after upgrading our Ar=
ista
>> EOS code =97 and it only appears to affect Virtual Machines which are be=
hind
>> our RedHat Enterprise Virtualization cluster. None of the hundreds of
>> VMware-connected hosts are affected. The symptom is basically the same
>> as the Palo Alto bug. Neighbor table gets in some weird state where ND
>> breaks and the host is unreachable until the neighbor table is cleared.
>>=20
>> Oh, and the final straw today, which is *almost* leading me to throw in =
the
>> IPv6 towel completely (for now): On certain hosts (VMs), scp'ing a file =
over
>> the [Arista] LAN (10 gigabit LAN) takes 5 minutes over IPv6 and <1 secon=
d
>> over IPv4. What happened?
>>=20
>> It really saddens me that it is still not receiving anywhere near the ki=
nd of
>> QA (partly as a result of lack of adoption) that IPv4 has.
>>=20
>> Oh, and let's not forget everybody's "favorite" vendor, Cisco. Why is it=
,
>> Cisco, that I have to restart my IPv6 OSPF3 process on my ASA every time=
my
>> Palo Alto firewall crashes and fails over, otherwise none of my VPN clie=
nts
>> can connect via IPv6?
>>=20
>> Why do you hurt me so, IPv6? I just wanted to be friends, and now I just
>> want to break up with you. Maybe we can try to be friends again when you=
r
>> vendors get their shit together.
>>=20
>> -David
>=20
---
Bruce Curtis bruce.curtis@ndsu.edu
Certified NetAnalyst II 701-231-8527
North Dakota State University =20
