*Problem Space:* Below is a detailed definition of the problem space I have encountered when implementing IPv6 over the last 6 years across many different system and network environments. *A. **Network Stack:* As many of you know, the IPv6 RFC's defines a precedence order for network communications. Here is the order when IPv6 is enabled: *1. **Use Native IPv6* a. Generate link local address b. Obtain global addresses i. Host file address ii. Check for stateless autoconfiguration (Router/Neighbor Discovery) iii. Check for stateful autoconfiguration (DHCPv6) *2. **Use Tunneled IPv6 (If available)* a. Connect to tunnel endpoint (requires a DNS lookup in many cases) b. Generate Global address *3. **Use Native IPv4* a. Host file b. DHCPv4 c. Generate Link Local From a booting perspective, generating link local address and obtaining global address via host file is the fast. After that, each step requires a delay and implements a timeout to fall though the logic. *B. **Name Resolution* DNS name order precedence also exists with IPv6 and it is: 1. Cache 2. AAAA over IPv6 3. A over IPv6 4. AAAA over IPv4 5. A over IPv4 For simply sake, I have not included name order precedence when LLDP, UPnP, Zero Configuration, WS-Discovery, NFS, SMB or other name management techniques are in use. Also, the DNS request should be send over IPv6 and IPv4 transport in parallel, but in many implementations, there is a timeout period. This is also under the assumption that the DNS server hard coded or obtained via DHCP, supports both IPv4 and IPv6 transport. There are 81 variations of IPv4 only, IPv6 only, IPv4 and IPv6, when applied against the host, DNS, Internal Network Segment support, support for IPv6 at the network edge and ISP support. Here are the following cases that I have seen in the 'wild' and some of the issues: - *DNS Server only supports IPv4 transport, and A records* o Host has IPv4 only enabled – Resource is only on IPv6 (i.e. ipv6.google.com) § Host requests A records, over IPv4 transport and times out § Result: Delay and Application may fail o Host has IPv4 and IPv6 enabled – Resource is only on IPv6 (i.e. ipv6.google.com) § Host requests AAAA records, over IPv6 transport and times out § Host requests AAAA records, over IPv4 transport and times out § Result: Delay and Application mostly fails o Host has IPv4 and IPv6 enabled – Resource has both IPv4 and IPv6 DNS records. § Host requests AAAA records, over IPv6 transport and times out § Host requests A records, over IPv6 transport and times out § Host requests AAAA records, over IPv4 transport and times out § Host requests A records, over IPv4 transport and receives a response § Result: Delay and if Application has built in timers, may fail o Host only has IPv6 – Resource is only IPv6 § Host requests AAAA records, over Ipv6 transport and times out § Application timeout or locks § Result: Delay and Fail - *DNS server only supports IPv4 transport, and supports A/AAAA records* o Host has IPv4 only enabled – Resource is only on IPv6 (i.e. ipv6.google.com) § Host requests A records, over IPv4 transport and times out § Result: Delay and Application may fail o Host has IPv4 and IPv6 enabled – Resource is only on IPv6 (i.e. ipv6.google.com) § Host requests AAAA records, over IPv6 transport and times out § Host requests AAAA records, over IPv4 transport and times out § Result: Delay and some Application fail o Host has IPv4 and IPv6 enabled – Resource has both IPv4 and IPv6 DNS records. § Host requests AAAA records, over IPv6 transport and times out § Host requests A records, over IPv6 transport and times out § Host requests AAAA records, over IPv4 transport and times out § Host requests A records, over IPv4 transport and receives a response § Result: Delay and if Application has built in timers, may fail o Host only has IPv6 – Resource is only IPv6 § Host requests AAAA records, over Ipv6 transport and times out § Application timeout or locks § Result: Delay and Fail There are two other cases, but I have not seen them in the wild yet, and they are: - *DNS Server IPv4/IPv6 transport, and AAAA records* - *DNS Server only supports IPv6 transport, and AAAA records* * * *Solution Space:* Based on the configuration you are provided, we have one of three ways of solving the problem of "boot/application delay, when IPv6 is enabled". 1. *Script to identify the problem*. * * Provide users with a script which identifies problems supporting IPv6, and makes suggestions on how to solve them. This is the script I am currently coding and including my troubleshoot experience of using IPv6 over the last 6 years across many operating systems. * * The advantage of this strategy is to identify the most common configuration and product failures. So far the script checks for problems with IPv6 configuration (kernel and configuration), IP address generation (Stateful-DHCPv6/Stateless-SLAAC), DNS failures (AAAA over IPv4 and IPv6 transport, old hints file), ISP failures (Level of support i.e. IPv6 only, duel stack, tunneled, blocking tunnels) and local hardware configuration (router and network/host firewall) problems. The downside of this solution is that it requires user interaction and requires them make changes to their infrastructure to fix the problem long term. In some cases it will require them to buy/upgrade new firewall and routers. I see this as the 'best solution', to solve the problem making it cleaner for IPv6 interoperability and security. *2. **Enable Tunnel/transition Technology. * Many operating system, include tunnel/transition to side step the many problems with current networks. It allows a tunnel/transition to be applied on supported routers, on any host and allows any host to become the IPv6 gateway for other devices on that network. Ubuntu offers the following standard automatic tunnels, if they are installed on the system. They include: - Protocol 41 tools : 6to4 (stf) or ISATAP o Requires user to open protocol 41 inbound/outbound on their edge firewall/routers. It also requires that their current DNS support DNS AAAA records. - IPv6 over IPv4 UDP : Teredo (meredo client) o Requires no user changes to infrastructure. Another method, using IPv6 over IPv4 TCP/UDP, is to user configured tunnels such as: - tspc – Tunnel Server Protocol Client – terminates to the free Hexago tunnel server - aiccu – Automatic IPv6 Connectivity Client Utility – terminates to SixXS free tunnel server The advantage, there are no additional requirement on the user and fixes the delay problem with all IPv6 applications. If the Ubuntu is used on a laptop, the system will have the ability access IPv6 across the vast majority of non-IPv6 networks. This will require us to decide to enabled by default one or more of the tunnel/transition technologies and create a default free/open tunnel configuration. The disadvantage is tunnels are a security nightmare, blinding most IDS/IPS system and bypassing most network firewall devices. There are also problems applying host firewall to tunnels. All configuration knobs for tunnel/transition technologies are text configuration files, and at present, no gui forms to make it easier for the user. *3. **Add additional code.* On Sunday, I will start the timing test to find the delay period between each of the above steps, to see if we can reduce the timing issues. See what code needs to be changed. Joe Klein On Fri, Jan 2, 2009 at 1:22 PM, Launchpad Bug Tracker <