Cricket Liu, Vice President, Architecture, Infoblox
One part of the IP ecosystem of interest on World IPv6 Day, June 8, is the Domain Name System (DNS) and how it will be handled in a dual-stack, IPv4/IPv6 environment. Cricket Liu, Vice President, Architecture at Infoblox, is an authority on DNS. A veteran of Hewlett-Packard--he ran hp.com, one of the largest corporate domains in the world, as well as helping found HP's Internet consulting business--Cricket now helps guide development of product strategy and service offerings at Infoblox. He is the co-author of all the O'Reilly & Associates Nutshell Handbooks on DNS, and runs a blog, Cricket on DNS, which tackles numerous DNS issues and serves as an interface with the technical community.
Cricket spoke with FierceTelecom about this Wednesday's World IPv6 day event, how Infoblox will be participating, and what DNS administrators need to watch for as they transition their networks to an IPv6-friendly environment.
FierceTelecom: What issues with the Internet do you think World IPv6 Day will reveal?
Cricket Liu: There are two big things that I think are interesting that I'll be looking for in the wake of IPv6 Day. I talked about both of them in the blog so I hope this isn't unnecessarily repetitive. The first of them is one of the original goals of World IPv6 Day, which is to find out just how prevalent this problem is with some clients that think they have better IPv6 connectivity than they really do. These are computers that, when they look up a domain name, for example a URL you might be going to, e.g. www.google.com, if they find that there's an IPv6 address and there's an IPv4 address, they'll preferentially try to connect to the IPv6 address, but (if) they're a little, maybe, optimistic about their ability to connect to that and in fact they don't have global IPv6 connectivity, then they have to wait for that connection to time out before they try the IPv4 address.
"...for that one day they're going to attach those IPv6 addresses to those domain names, they're going to deliberately induce this problem, and they're going to try to find out just how big a problem it is."
I'd mention that there were a couple of guys at Yahoo!, Igor Gashinsky and Jason Fesler, who wrote this up not too long ago, so I don't want to claim to have any novel information here, they were the ones who did the heavy lifting.
The timeout can be 20 seconds to 180 seconds per connection; effectively, to most casual users, it's just broken. As far as they're concerned the website is down. So the guys from Yahoo! as well as some guys from Google have estimates as to what percentage of computers out there in the world have this particular problem. And because of this problem you won't find, today, IPv6 information attached to the primary domain names that are associated with web properties like www.google.com or www.yahoo.com or www.facebook.com. But for that one day they're going to attach those IPv6 addresses to those domain names, they're going to deliberately induce this problem, and they're going to try to find out just how big a problem it is.
So I think that after World IPv6 Day is over, it's important that we all sort of get together and have a postmortem and figure out what percentage of clients are out there, what we know about them--do we know, for example, that they're all running a particular version of a particular operating system? Can we coerce the people who write that operating system or client software to fix it in some way?
"...(on World IPv6 Day) some number of Cogent subscribers or HE subscribers are going to try to get to destinations that are on the other carrier's network and they're going to realize that they can't."
FT: In one post you mentioned that when you tried to test connectivity with Cogent as your carrier and then Hurricane Electric as a carrier that the two don't really talk to each other. Is that still a problem?
CL: Yeah, it is still a problem. ... It's not expressly the purpose of World IPv6 Day to highlight this, but I was really kind of shocked that you could go to a carrier like Cogent that says they've got complete IPv6 connectivity, yet you couldn't get to somebody else, a major player like Hurricane Electric... so that was really surprising. I looked into it a little more and there's a fairly good account of it out there on the Internet. It's been sort of a long time spat, if you will, between Cogent and HE. HE would really like to peer with Cogent, and at one point they said 'we've done everything but baked them a cake' in asking them to peer, and then the next time the two companies were together at a big meeting, HE actually made them a cake... They delivered it to Cogent and it was inscribed with something like "Cogent, please peer with us, Hurricane Electric."
But I would imagine that some number of people on World IPv6 Day are suddenly going to realize that they can't get places--some number of Cogent subscribers or HE subscribers are going to try to get to destinations that are on the other carrier's network and they're going to realize that they can't. Hopefully that will be embarrassing enough to coerce these guys to make amends and fix this particular problem.
FT: You noted in the post that this effectively creates two IPv6 Internets.
CL: That's right. There's the Cogent world and there's the HE world, and then there's the world of other IPv6 carriers who actually peer with both Cogent and HE so they don't seem to have this problem, but it's certainly not good for Cogent or HE subscribers.
FT: How will your company, Infoblox, participate?
CL: As the blog posting talked about, we did bring in IPv6 connectivity, although we did end up having to go with somebody else besides Cogent because of that problem. So we're running our website over IPv6, and we're also running our nameservers over IPv6, so that people out there in the world who have IPv6 nameservers can look up information at Infoblox.com and other of our Internet-facing zones, and they can access our website over IPv6 as well. I would say the main thing we'll be looking for is, how much of it is there? How many queries do we get over IPv6 as opposed to over IP version 4? And how many accesses of our website do we get over IPv6? I'd be very interested to hear if there's any substantial proportion of nameservers out there who will use IPv6 to query us.
FT: Do you anticipate users having any problems accessing your site?
CL: I wouldn't anticipate any problems. On the DNS side, no, I don't believe so, because we're running dual stack nameservers. ... I don't know that we at Infoblox are going to attach the AAAA (quad-A) records, that is the IPv6 address, to www.infoblox.com. I'll have to check with our IT organization if they're going to try that. Because that would be participating in the real spirit of World IPv6 Day, if they did. In that case I certainly would want our IT organization to be prepared for a little surge of calls from users who might actually be affected by that problem.
"...DNS administrators are going to have to take another look at their DNS infrastructure and figure out how they're going to accommodate v6."
FT: You wrote a blog post about what all this means to DNS. What does IPv6 mean for DNS?
CL: It's not really that big a deal for DNS because DNS has been ready for IPv6 for a long time. But it does mean that DNS administrators are going to have to take another look at their DNS infrastructure and figure out how they're going to accommodate v6. From our standpoint, we had to figure out where are we going to run our external nameservers that are going to serve IPv6? How are we going to add the ability to talk to IPv6-only nameservers on our recursive nameservers that talk to the Internet? We're going to do the same thing to our mail server, for example. How do we need to change the information that we publish? Where do we put AAAA records? Do we add one of those for our webserver and if so do we add it to the web server's primary domain name or do we use another domain name like www.ipv6.infoblox.com? But those are not terribly onerous things to do. I think that's all well within the job description.
FT: Is there anything afterward that you think should be promoted to continue this IPv6 migration?
CL: In addition to the analysis of the data that we get on World IPv6 Day, I really would love to see some sort of concerted effort to follow up on it and some sort of commitment to basically test the whole thing again in a certain amount of time. And demonstrate that things have actually gotten better.