Your IPv6 is down

Hello!

I have just visited your website, and it took about 20 seconds to load (or didn't load at all).
Already knowing what might be the reason, I checked if your domain has an AAAA-record.
And sure enough, it does. Pinging/tracing the actual IPv6 and also trying to fetch your page
with ''curl'', I have found one or more of the following issues with your IPv6 connectivity:

  [ ] Your HE.net tunnel is down; perhaps your v4 endpoint changed and you forgot to update it?
  [ ] Your 6to4 is down; did you allow protocol 41 only if it's coming from 192.88.99.1? DERP!
  [ ] You use an overly paranoid ip6tables ruleset, and didn't know that blocking ICMP will
      lead to MTU issues, causing inability to load anything longer than 1KB from your website
      to a significant portion of your visitors;
  [ ] You use CloudFlare and it just likes being down on IPv6;
  [ ] You use OVH and got bitten by their recent decision to turn off RAs.

I suspect one or more of the following might apply with regards to the reason of why that is so:

  [ ] You have configured IPv6 months ago by following a random howto on the Internet on
      the hype wave from the launch days, didn't actually check if it works, just asked some guy
      on IRC to confirm, and it worked for them back then;
  [ ] Some time afterwards you had a configuration change / OS reinstall / network infrastructure
      change, and didn't even think this might affect IPv6;
  [ ] You do not have any sort of IPv6 connectivity at your own home/office, so when you visit your
      website, you always do it over IPv4 only, and can't notice yourself that IPv6 doesn't work;
  [ ] Since you don't even know it is down, you keep the AAAA record listed on your domain.

Which means many of your visitors (except those using browsers with the "Happy Eyeballs" technology,
which are still in a minority right now) have to endure 10 to 20 second delays before each and every
page load from your site, as their browser tries IPv6 and waits for a timeout until it fails.
Which also means people using certain apps like the Squid proxy can't visit your website at all,
because those apps do not retry via IPv4 if they fail connecting over IPv6.

So as some of the steps to the solution, one or more of the following can be recommended:

  [ ] Gain IPv6 connectivity at your workplace and at home, use a tunnel if you have to, so that you
      by yourself can verify that your website still available on IPv6;
  [ ] File a support ticket with CloudFlare, or consider not using CloudFlare for IPv6;
  [ ] Read the IPv6 configuration document from OVH, in short, you need to explicitly add your
      default route from now on;
  [ ] If implementing a solution will take a long time ("I'll do it sometime next week" - a real
      quote), consider removing your AAAA record right now.

Adding broken IPv6 to a website does no good for IPv6 adoption. Please do IPv6 properly or do not
do it at all. A half-assed approach only harms everybody.

Feel free to copy-paste to people :P or add new items to each of the lists, but since this is not a publicly editable wiki, mail them to me.

And yes, this text is in part inspired by and written in the style of the wonderful http://craphound.com/spamsolutions.txt


en/your-ipv6-is-down.txt · Last modified: 2012-09-21 04:27 UTC by rm