Ubuntu
netcfg package

Bug #24828
Comment #55

Comment 55 for bug 24828

Revision history for this message

Rémi Denis-Courmont (rdenis) wrote on 2007-04-02: Re: [Bug 24828] Re: IPv6 should be disabled by default

#55

First my apologies for the initial remark. I did not realize that
getaddrinfo() actually stopped doing AAAA if ipv6 was not loaded even
if AI_ADDRCONFIG was not set.

Answers inline.

Le lundi 2 avril 2007 06:53, Fabio Massimo Di Nitto a écrit :
> Remi, restoring IPv6 is a matter of adding/uncommenting a line in
> interfaces or removing the blacklist. I don't believe that it can be
> such big source of headackes.

So, how do I deploy Ubuntu with IPv6 to a large number of PCs with
non-techies users?

Even if I could modify the configuration manually, how do I cope with
configuration files updates from Ubuntu? dpkg will not deploy new
versions because the configuration files changed.

At the very least, the ipv6 blacklist should be in a file of its own so
that it does not prevent upgrading the rest of the file for people
still using IPv6.

That's not only immensely impractical for "human beings", the current
solution provides no sane exit strategy and upgrade path, which is the
most basic question to answer when deploying this kind of kludge.

Also the statement that this is "not an issue" because it's handled by
ifupdown is misleading. It misses the fact that most IPv6 systems are
using stateless autoconf (but I'm repeating comments already made by
other people).

On my system, the upgrade also had the very unkind effect of breaking
ip6tables completely, since IPv6 autoloading got disabled, and any sane
person will do firewall configuration before configuration the network
interfaces.

> What MacOS does is also not completely proper.

The MacOS X solution is far from perfect, but it is surely much less
worse than permanently killing IPv6 because of a few broken DNS caches.

> I can have only
> link-local address and use them to connect from one machine to
> another with proper entries in the DNS.

Any applications, with the possible exception of ping6, will
return "Invalid argument" error because the DNS resolver cannot
guess/set the scope ID in the IPv6 socket address structure. Futhermore
many applications cannot deal with link-local anyway because they do
not preserve the scope ID even if it's set.

On top of that, putting link-local in the DNS is against documented
standard practices.

> ow your solution would address this case if AAAA query will not be
> available?

The current solution does not handle this case either, in any practical
circumstance.

Regards;

--
Rémi Denis-Courmont
http://www.remlab.net/

First my apologies for the initial remark. I did not realize that 
getaddrinfo() actually stopped doing AAAA if ipv6 was not loaded even 
if AI_ADDRCONFIG was not set.

Answers inline.

So, how do I deploy Ubuntu with IPv6 to a large number of PCs with 
non-techies users?

Even if I could modify the configuration manually, how do I cope with 
configuration files updates from Ubuntu? dpkg will not deploy new 
versions because the configuration files changed.

At the very least, the ipv6 blacklist should be in a file of its own so 
that it does not prevent upgrading the rest of the file for people 
still using IPv6.

That's not only immensely impractical for "human beings", the current 
solution provides no sane exit strategy and upgrade path, which is the 
most basic question to answer when deploying this kind of kludge.

Also the statement that this is "not an issue" because it's handled by 
ifupdown is misleading. It misses the fact that most IPv6 systems are 
using stateless autoconf (but I'm repeating comments already made by 
other people).

On my system, the upgrade also had the very unkind effect of breaking 
ip6tables completely, since IPv6 autoloading got disabled, and any sane 
person will do firewall configuration before configuration the network 
interfaces.

> What MacOS does is also not completely proper.

The MacOS X solution is far from perfect, but it is surely much less 
worse than permanently killing IPv6 because of a few broken DNS caches.

> I can have only
> link-local address and use them to connect from one machine to
> another with proper entries in the DNS.

Any applications, with the possible exception of ping6, will 
return "Invalid argument" error because the DNS resolver cannot 
guess/set the scope ID in the IPv6 socket address structure. Futhermore 
many applications cannot deal with link-local anyway because they do 
not preserve the scope ID even if it's set.

On top of that, putting link-local in the DNS is against documented 
standard practices.

> ow your solution would address this case if AAAA query will not be
> available?

The current solution does not handle this case either, in any practical 
circumstance.

Regards;

-- 
Rémi Denis-Courmont
http://www.remlab.net/

Ubuntunetcfg package

Comment 55 for bug 24828

Ubuntu
netcfg package