Cisco Subnet An independent Cisco community View more

World IPv6 Day Results: New Internet Protocol Proves It's Ready

Today was a significant day in the development of IPv6. Today is IPv6's Bar Mitzvah, Baha'i, Shinbyu ceremony, Genpuku ceremony and Quinceañera all rolled into one. It was a day where IPv6 could prove to the world that it was ready for duty as the Internet Protocol successor to IPv4. Those are pretty big shoes to fill and IPv6 has had some stumbles in the past decade. This article covers what was learned by this big Internet experiment.

IPv6 has been stuck in this "Chicken and the Egg" problem for years where the ISPs and content providers are pointing fingers at each other. The ISPs didn't want to deploy IPv6 if their customers weren't asking for it because there wasn't any content on the Internet reachable over IPv6. Content providers couldn't connect their content to the Internet with IPv6 because they lacked IPv6 connectivity options. Additional complications have been added with the discovery of some "IPv6 Brokenness" that exists on the Internet. This has caused many content providers to separate their IPv4-only and their IPv6-only web presence with two URLs.

World IPv6 Day was a single 24-hour period where content providers would bravely have their primary web site handle both IPv4 and IPv6 connections. The web site operators published an authoritative A record and AAAA record for their primary FQDN hostname and learn about what problems they encounter.

There was a lot of concern before World IPv6 Day started that it was going to cause massive problems for the Internet. There were fears that you couldn't reach your favorite web sites. There was concern that hackers might exploit vulnerabilities in sites that were using IPv6 for this 24-hour period. And there was concern that if things didn't go well that IPv6 might simply not catch on and not be implemented. It is pretty clear now that none of those tragic things occurred.

Just like Harold Camping's failed prediction of the end of the world on May 21st, World IPv6 Day was pretty much "business as usual" for the Internet.

From My Perspective

Someday, someone will ask you, where were you during World IPv6 Day. I will tell them that I was in my home office with high-speed IP Internet connectivity. Yes, both versions. For me, World IPv6 Day started at 6PM on June 7th in Denver, Colorado, USA.

As some of you may already know, Comcast has an extensive IPv6 field trial. If you are one of the lucky people to be part of this test then you had a great vantage point to observe the results of World IPv6 Day. Comcast published a special test site to help their beta trial customers test their preparedness. Unlike other IT vendor certification exams, this one was easy and I scored a perfect 10/10 on this Xfinity test. This test is very similar to the www.test-ipv6.com page which I also got 10/10 on. I also tried the ICSI Netalyzr during World IPv6 Day and got similarly good results. Those reports made some disparaging remarks about my ISP's DNS servers, but everything seemed to be working fine from my perspective. I think this was the result of having a test lab IPv6-capable DNS server configured that wasn't operational. I was able to correct this problem and use these test sites to re-validate my IPv6-readiness. Therefore, I could be sure that the various tests that I would perform throughout the night would be reliable.

Ping Tests

It is probably true to say that early on in the deployment of IPv6 that most of the IPv6 Internet traffic was mostly ping (ICMPv6 message types 128 & 129). Ping tests seemed like the logical place to start. I did a bunch of pings to many different web sites that were participating in World IPv6 day. Sure enough, My Windows 7 computer was able to ping all of these sites and IPv6 was being used by default.

C:\Users\SH>ping -6 www.google.com Pinging www.l.google.com [2001:4860:4001:803::1011] with 32 bytes of data: Reply from 2001:4860:4001:803::1011: time=55ms . . . Ping statistics for 2001:4860:4001:803::1011: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 55ms, Maximum = 79ms, Average = 61ms C:\Users\SH>ping www.ietf.org Pinging www.ietf.org [2001:1890:1112:1::1e] with 32 bytes of data: Reply from 2001:1890:1112:1::1e: time=432ms . . . Ping statistics for 2001:1890:1112:1::1e: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 260ms, Maximum = 432ms, Average = 383ms C:\Users\SH>ping www.isoc.org Pinging www.isoc.org [2001:41c8:20::19] with 32 bytes of data: Reply from 2001:41c8:20::19: time=146ms . . . Ping statistics for 2001:41c8:20::19: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 145ms, Maximum = 147ms, Average = 145ms

Once I was reasonably sure that I was reaching the primary web sites using native IPv6 connectivity, I continued to explore all that World IPv6 Day had to offer.

ISOC

The Internet Society (ISOC) was a major driving force behind World IPv6 Day and they had a fabulous site that helped tie together the "day's" activities. They had a web site that listed all the 434 participants who were changing their DNS to provide both an A record and an AAAA record for their site. ISOC also had links to test pages where you could diagnose if you were having problems and what part of your connectivity may be at fault. There was even a link to a simple test page with a funny URL (http://omgipv6day.com/).

ISOC maintained a list of over 700 web sites that were already IPv6-enabled. The Rocky Mountain IPv6 Task Force page www.rmv6tf.org was posted there as a site that already had dual-protocol Internet connectivity. The RMv6TF page was green across all three categories thanks to Hurricane Electric.

However, on the ISOC page that listed the v6-enabled web sites, ironically, some of them didn't publish a AAAA record and were not reachable over IPv6 (major fail). The ISOC web site also had a lists of participants dashboards that gave further details about performance during the day.

Major Participants in World IPv6 Day

There were a handful of companies who are responsible for getting the snowball formed and pushing it down the hill. From there the snowball effect took over and many other companies joined on the bandwagon.

The list of companies that we should all thank for initiating World IPv6 Day include: Google (YouTube), Facebook, Yahoo, Akamai, Limelight Networks and Cisco. It then made sense to me to browse to their web sites and validate that they were working properly with IPv6.

Google

For the past few years Google has maintained www.google.com as an IPv4-only site, unless you were on the "Google over IPv6" DNS whitelist. Google also maintained ipv6.google.com as an IPv6-only site. At the beginning of the year Lorenzo Colitti created a Google blog on World IPv6 Day. There was also a post the day before that "World IPv6 Day begins 24 hours from now. Websites, start your engines." During World IPv6 Day I was able to browse and ping Google with native IPv6. Google had also created a test site to see if your browser was having any problems. The only problems I had were reaching YouTube over IPv6. I tried www.youtube.com but I was only reaching it over IPv4.

Facebook & Yahoo!

Earlier this year Facebook (FACE::BOOC) posted a blog about how World IPv6 Day will help to solve the "Chicken-and-Egg" problem. I browsed to both of Facebook and Yahoo! sites and I could reach them over IPv6. I validated that I could ping and browse to these sites over IPv6 while using Wireshark to observe the actual IPv6 traffic. I did experience a bit of a DNS delay going to Yahoo but when the DNS finally resolved I went to both these sites using IPv6. I did find one group in Amsterdam that was doing World IPv6 Day testing and they experienced some issues reaching these two sites using IPv6-only Internet connectivity. Their site commented that "Facebook and Yahoo are on IPv6 now, but not entirely: embedded content, CSS and JavaScript is not accessible over IPv6. This is what Facebook and Yahoo look like on an IPv6 only network ...". However, they worked just fine for me on a dual-protocol connection.

Cisco

I could ping and browse Cisco's primary site with IPv6 natively during the day. Not just the first page was IPv6-capable, but the other parts of their web site was IPv6-enabled as well. Cisco's main IPv6 site had a link to test your IPv6 capabilities and it worked just fine for me.

Akamai

Akamai had a really cool test page showing statistics on the IPv6 traffic they are observing from their numerous vantage points around the Internet. This site showed IPv6 hits/second, IPv6 latency and IPv6 packet loss in some very nice graphs.

Limelight Networks

I could ping their site and browsed it directly over IPv6. I could also browse their cool web site over IPv6 without any user intervention or any special configuration. If I were a normal end user I wouldn't know the difference (I guess that is the whole idea).

Netflix

Even though Netflix wasn't one of the major supporters of World IPv6 Day I wanted to test their site. I tried logging into my Netflix account and streaming some videos, however, that appeared to be going over IPv4.

Microsoft

Microsoft content was represented during World IPv6 Day. I could get to www.microsoft.com and www.bing.com using IPv6. I couldn't seem to perform a ping to www.microsoft.com, however, when I browsed to the site my actual traffic was going over IPv6. Microsoft also released a special fix for users who are experiencing problems.

CNN

CNN has also been adventurous with their IPv6-enabled content. I was able to ping and browse to their site natively with IPv6.

U.S. Government Sites

NASA even joined World IPv6 Day, however, I am unsure if they understood the true meaning of World IPv6 Day because their site is "ipv6.nasa.gov". Regardless, it is a very cool web site and I could spend hours looking at all the cool pictures of the amazing research they do. The National Institute of Standards and Technology (NIST) had an IPv6 dashboard site. The U.S. Department of State also participated in World IPv6 Day.

World IPv6 Day Was an International Event

There were various countries and regions across the world that were each participating in the World IPv6 Day events. The main ISOC page listed many of the other worldwide groups that were committed to this IPv6 event.

Gaming Content Providers

Even some of the gaming content providers got involved in World IPv6 Day. World of Warcraft & Blizzard Entertainment made almost 40 of their realms IPv6-capable for the day. The only thing you had to do, besides have IPv6 Internet connectivity, was modify the config.wtf file to contain the line "SET unblockIPv6 "1"". Microsoft's www.xbox.com was also reachable with native IPv6 but I don't know if any of their online games were using IPv6.

Measurement Sites

There are many sites that were taking measurements during World IPv6 Day. After all, that was one of the major goals of World IPv6 Day was to try to find out what broke and where were sources of delay. Arbor Networks was monitoring the Internet's IPv6 traffic leading up to World IPv6 Day. They published articles before, during, and after the events with nice graphs that show growth in IPv6 traffic volumes. One of the more interesting measurement sites was a site that measured IPv6 Path Maximum Transmission Unit Discovery (PMTUD) problems.

Because IPv6 routers do not perform fragmentation on behalf of the source node, it is up to the source node to correctly handle situations where packets along the traffic path require fragmentation. If an IPv6 router encounters a situation where an IPv6 packet must be fragmented to be forward toward the destination, it simply discards the packet but sends an ICMPv6 Packet Too Big message to the source indicating the appropriate MTU size to use. If the source doesn't perform PMTUD correctly, then this could cause a problem.

This measurement site shows that about 6% of the sites measured have some PMTUD problems. There were some good graphs produced by the Amsterdam Internet Exchange. DE-CIX Traffic Statistics site also shows a dramatic growth in IPv6 traffic volumes during the 24 hour test. I also heard that Internap was measuring their IPv6 traffic volumes and they saw IPv6 traffic grow more than 2500%. One web page I visited was the RIPE NCC IPv6 Eye Chart. This page showed the IPv6 reachability of many sites at once in an automated way. This was a good single page to see the status of World IPv6 Day. I went to the eye chart several times and the T-Online site in Germany was one of the sites that consistently had problems delivery the green circle with the white check inside. RIPE also had a page where they compared the ping round-trip-times (RTT) between IPv4 and IPv6. These graphs shows the differences between IPv4 and IPv6 connect times for Google, Yahoo, and Facebook. If the blue IPv6 line was close to 1 on the Y axis then IPv6 was performing as well as IPv4. There were several IPv6 traffic measurement sites in the Latin America region. The NIC.br had an IPv6 traffic measurement site (Ponto de Troca de Tráfego) in Sao Paulo Brazil that showed a slight increase in overall IPv6 traffic. The MIX also had a traffic monitoring site that showed an increase in IPv6 traffic.

Security Concerns

Some people had predicted that hackers were going to take advantage of World IPv6 Day. The thought was that if these large sites, which had historically been IPv4, were to become IPv6 accessible they would be vulnerable. Many organizations may have significantly sophisticated IPv4 defenses but their IPv6 defensive capabilities may not be sufficient. The attackers could perform reconnaissance on the public IPv6 addresses of these sites and see if they are more vulnerable with IPv6 than with IPv4. The SANS Internet Storm Center (ISC) and the Cisco Security Intelligence Operations (SIO) didn't report any security issues related to IPv6. However, that doesn't mean that attackers were performing some reconnaissance and data gathering.

Conclusions

It seems to me that World IPv6 Day didn't cause significant problems for the world's largest content providers. I am hopeful that they see that IPv6 is nothing to be fearful of and that they can confidently have both IPv4 and IPv6 addresses for their primary web site. It seems that Punxsutawney Phil did not see his shadow and the world may continue to accelerate the deployment of IPv6.

Happy World IPv6 Day!

Scott

From CSO: 7 security mistakes people make with their mobile device
Join the discussion
Be the first to comment on this article. Our Commenting Policies