Ubuntu
glibc package

Bug #313218
Comment #19

Comment 19 for bug 313218

Revision history for this message

JoeKlein (jsklein) wrote on 2009-01-03: Re: [Bug 313218] [NEW] IPV6 causes slow internet access

#19

*Problem Space:*

Below is a detailed definition of the problem space I have encountered when
implementing IPv6 over the last 6 years across many different system and
network environments.

*A. **Network Stack:*

As many of you know, the IPv6 RFC's defines a precedence order for network
communications. Here is the order when IPv6 is enabled:

*1. **Use Native IPv6*

a. Generate link local address

b. Obtain global addresses

i. Host file address

ii. Check for stateless autoconfiguration (Router/Neighbor Discovery)

iii. Check for stateful autoconfiguration (DHCPv6)

*2. **Use Tunneled IPv6 (If available)*

a. Connect to tunnel endpoint (requires a DNS lookup in many cases)

b. Generate Global address

*3. **Use Native IPv4*

a. Host file

b. DHCPv4

c. Generate Link Local

From a booting perspective, generating link local address and obtaining
global address via host file is the fast. After that, each step requires a
delay and implements a timeout to fall though the logic.

*B. **Name Resolution*

DNS name order precedence also exists with IPv6 and it is:

1. Cache

2. AAAA over IPv6

3. A over IPv6

4. AAAA over IPv4

5. A over IPv4

For simply sake, I have not included name order precedence when LLDP, UPnP,
Zero Configuration, WS-Discovery, NFS, SMB or other name management
techniques are in use. Also, the DNS request should be send over IPv6 and
IPv4 transport in parallel, but in many implementations, there is a timeout
period. This is also under the assumption that the DNS server hard coded or
obtained via DHCP, supports both IPv4 and IPv6 transport.

There are 81 variations of IPv4 only, IPv6 only, IPv4 and IPv6, when applied
against the host, DNS, Internal Network Segment support, support for IPv6 at
the network edge and ISP support.

Here are the following cases that I have seen in the 'wild' and some of the
issues:

- *DNS Server only supports IPv4 transport, and A records*

o Host has IPv4 only enabled – Resource is only on IPv6 (i.e.
ipv6.google.com)

§ Host requests A records, over IPv4 transport and times out

§ Result: Delay and Application may fail

o Host has IPv4 and IPv6 enabled – Resource is only on IPv6 (i.e.
ipv6.google.com)

§ Host requests AAAA records, over IPv6 transport and times out

§ Host requests AAAA records, over IPv4 transport and times out

§ Result: Delay and Application mostly fails

o Host has IPv4 and IPv6 enabled – Resource has both IPv4 and IPv6 DNS
records.

§ Host requests AAAA records, over IPv6 transport and times out

§ Host requests A records, over IPv6 transport and times out

§ Host requests AAAA records, over IPv4 transport and times out

§ Host requests A records, over IPv4 transport and receives a response

§ Result: Delay and if Application has built in timers, may fail

o Host only has IPv6 – Resource is only IPv6

§ Host requests AAAA records, over Ipv6 transport and times out

§ Application timeout or locks

§ Result: Delay and Fail

- *DNS server only supports IPv4 transport, and supports A/AAAA
records*

o Host has IPv4 only enabled – Resource is only on IPv6 (i.e.
ipv6.google.com)

§ Host requests A records, over IPv4 transport and times out

§ Result: Delay and Application may fail

o Host has IPv4 and IPv6 enabled – Resource is only on IPv6 (i.e.
ipv6.google.com)

§ Host requests AAAA records, over IPv6 transport and times out

§ Host requests AAAA records, over IPv4 transport and times out

§ Result: Delay and some Application fail

o Host has IPv4 and IPv6 enabled – Resource has both IPv4 and IPv6 DNS
records.

§ Host requests AAAA records, over IPv6 transport and times out

§ Host requests A records, over IPv6 transport and times out

§ Host requests AAAA records, over IPv4 transport and times out

§ Host requests A records, over IPv4 transport and receives a response

§ Result: Delay and if Application has built in timers, may fail

o Host only has IPv6 – Resource is only IPv6

§ Host requests AAAA records, over Ipv6 transport and times out

§ Application timeout or locks

§ Result: Delay and Fail

There are two other cases, but I have not seen them in the wild yet, and
they are:

- *DNS Server IPv4/IPv6 transport, and AAAA records*

- *DNS Server only supports IPv6 transport, and AAAA records*

* *

*Solution Space:*

Based on the configuration you are provided, we have one of three ways of
solving the problem of "boot/application delay, when IPv6 is enabled".

1. *Script to identify the problem*.

* *

Provide users with a script which identifies problems supporting IPv6, and
makes suggestions on how to solve them. This is the script I am currently
coding and including my troubleshoot experience of using IPv6 over the last
6 years across many operating systems.

* *

The advantage of this strategy is to identify the most common configuration
and product failures. So far the script checks for problems with IPv6
configuration (kernel and configuration), IP address generation
(Stateful-DHCPv6/Stateless-SLAAC), DNS failures (AAAA over IPv4 and IPv6
transport, old hints file), ISP failures (Level of support i.e. IPv6 only,
duel stack, tunneled, blocking tunnels) and local hardware configuration
(router and network/host firewall) problems.

The downside of this solution is that it requires user interaction and
requires them make changes to their infrastructure to fix the problem long
term. In some cases it will require them to buy/upgrade new firewall and
routers.

I see this as the 'best solution', to solve the problem making it cleaner
for IPv6 interoperability and security.

*2. **Enable Tunnel/transition Technology. *

Many operating system, include tunnel/transition to side step the many
problems with current networks. It allows a tunnel/transition to be applied
on supported routers, on any host and allows any host to become the IPv6
gateway for other devices on that network. Ubuntu offers the following
standard automatic tunnels, if they are installed on the system. They
include:

- Protocol 41 tools : 6to4 (stf) or ISATAP

o Requires user to open protocol 41 inbound/outbound on their edge
firewall/routers. It also requires that their current DNS support DNS AAAA
records.

- IPv6 over IPv4 UDP : Teredo (meredo client)

o Requires no user changes to infrastructure.

Another method, using IPv6 over IPv4 TCP/UDP, is to user configured tunnels
such as:

- tspc – Tunnel Server Protocol Client – terminates to the free
Hexago tunnel server

- aiccu – Automatic IPv6 Connectivity Client Utility – terminates
to SixXS free tunnel server

The advantage, there are no additional requirement on the user and fixes the
delay problem with all IPv6 applications. If the Ubuntu is used on a laptop,
the system will have the ability access IPv6 across the vast majority of
non-IPv6 networks. This will require us to decide to enabled by default one
or more of the tunnel/transition technologies and create a default free/open
tunnel configuration.

The disadvantage is tunnels are a security nightmare, blinding most IDS/IPS
system and bypassing most network firewall devices. There are also problems
applying host firewall to tunnels.

All configuration knobs for tunnel/transition technologies are text
configuration files, and at present, no gui forms to make it easier for the
user.

*3. **Add additional code.*

On Sunday, I will start the timing test to find the delay period between
each of the above steps, to see if we can reduce the timing issues. See
what code needs to be changed.

Joe Klein

On Fri, Jan 2, 2009 at 1:22 PM, Launchpad Bug Tracker <
<email address hidden>> wrote:

> You have been subscribed to a public bug by Mackenzie Morgan (maco.m):
>
> starting with kernel 2.5.28-4 ipv6 is built in and cannot be disabled .
> this causes very sloow internet access for people who have routers or
> isp's that are non compliant . Prior to 2.6.28-4 ipv6 was loaded as a
> module and could be disabled by setting " alias net-pf-10 ipv6 off " in
> /etc/modprobe.d/aliases and also adding blacklist ipv6 to
> /etc/modprobe.d/blacklist . please provide a method of disabling IPV6
> for those who need it .
>
> ProblemType: Bug
> Architecture: amd64
> DistroRelease: Ubuntu 9.04
> Lsusb:
> Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
> Bus 001 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
> NonfreeKernelModules: nvidia
> Package: linux-image-2.6.28-4-generic 2.6.28-4.5
> ProcCmdLine: root=UUID=1f603d8b-0fe4-4846-92f9-54b572ff1924 ro quiet splash
> ProcEnviron:
> SHELL=/bin/bash
> LANG=en_US.UTF-8
> ProcVersionSignature: Ubuntu 2.6.28-4.5-generic
> SourcePackage: linux
>
> ** Affects: linux (Ubuntu)
> Importance: Undecided
> Status: Incomplete
>
>
> ** Tags: apport-bug
> --
> IPV6 causes slow internet access
> https://bugs.edge.launchpad.net/bugs/313218
> You received this bug notification because you are a direct subscriber of
> the bug.
>

*Problem Space:*

Below is a detailed definition of the problem space I have encountered when
implementing IPv6 over the last 6 years across many different system and
network environments.

*A.      **Network Stack:*

As many of you know, the IPv6 RFC's defines a precedence order for network
communications. Here is the order when IPv6 is enabled:

*1.       **Use Native IPv6*

a.       Generate link local address

b.      Obtain global addresses

i.      Host file address

ii.      Check for stateless autoconfiguration (Router/Neighbor Discovery)

iii.      Check for stateful autoconfiguration (DHCPv6)

*2.       **Use Tunneled IPv6 (If available)*

a.       Connect to tunnel endpoint (requires a DNS lookup in many cases)

b.      Generate Global address

*3.       **Use Native IPv4*

a.       Host file

b.      DHCPv4

c.       Generate Link Local

*B.      **Name Resolution*

DNS name order precedence also exists with IPv6 and it is:

1.       Cache

2.       AAAA over IPv6

3.       A over IPv6

4.       AAAA over IPv4

5.       A over IPv4

There are 81 variations of IPv4 only, IPv6 only, IPv4 and IPv6, when applied
against the host, DNS, Internal Network Segment support, support for IPv6 at
the network edge and ISP support.

Here are the following cases that I have seen in the 'wild' and some of the
issues:

-          *DNS Server only supports IPv4 transport, and A records*

o   Host has IPv4 only enabled – Resource is only on IPv6 (i.e.
ipv6.google.com)

§  Host requests A records, over IPv4 transport and times out

§  Result:  Delay and Application may fail

o   Host has IPv4 and IPv6 enabled – Resource is only on IPv6 (i.e.
ipv6.google.com)

§  Host requests AAAA records, over IPv6 transport and times out

§  Host requests AAAA records, over IPv4 transport and times out

§  Result:  Delay and Application mostly fails

o   Host has IPv4 and IPv6 enabled – Resource has both IPv4 and IPv6 DNS
records.

§  Host requests AAAA records, over IPv6 transport and times out

§  Host requests A records, over IPv6 transport and times out

§  Host requests AAAA records, over IPv4 transport and times out

§  Host requests A records, over IPv4 transport and receives a response

§  Result:  Delay and if Application has built in timers, may fail

o   Host only has IPv6 – Resource is only IPv6

§  Host requests AAAA records, over Ipv6 transport and times out

§  Application timeout or locks

§  Result:  Delay and Fail

-          *DNS server only supports IPv4 transport, and supports A/AAAA
records*

o   Host has IPv4 only enabled – Resource is only on IPv6 (i.e.
ipv6.google.com)

§  Host requests A records, over IPv4 transport and times out

§  Result:  Delay and Application may fail

o   Host has IPv4 and IPv6 enabled – Resource is only on IPv6 (i.e.
ipv6.google.com)

§  Host requests AAAA records, over IPv6 transport and times out

§  Host requests AAAA records, over IPv4 transport and times out

§  Result:  Delay and some Application fail

o   Host has IPv4 and IPv6 enabled – Resource has both IPv4 and IPv6 DNS
records.

§  Host requests AAAA records, over IPv6 transport and times out

§  Host requests A records, over IPv6 transport and times out

§  Host requests AAAA records, over IPv4 transport and times out

§  Host requests A records, over IPv4 transport and receives a response

§  Result:  Delay and if Application has built in timers, may fail

o   Host only has IPv6 – Resource is only IPv6

§  Host requests AAAA records, over Ipv6 transport and times out

§  Application timeout or locks

§  Result:  Delay and Fail

There are two other cases, but I have not seen them in the wild yet, and
they are:

-          *DNS Server IPv4/IPv6 transport, and AAAA records*

-          *DNS Server only supports IPv6 transport, and AAAA records*

* *

*Solution Space:*

Based on the configuration you are provided, we have one of three ways of
solving the problem of "boot/application delay, when IPv6 is enabled".

1.       *Script to identify the problem*.

* *

I see this as the 'best solution', to solve the problem making it cleaner
for IPv6 interoperability and security.

*2.       **Enable Tunnel/transition Technology. *

-          Protocol 41 tools : 6to4 (stf) or ISATAP

o   Requires user to open protocol 41 inbound/outbound on their edge
firewall/routers. It also requires that their current DNS support DNS AAAA
records.

-          IPv6 over IPv4 UDP : Teredo (meredo client)

o   Requires no user changes to infrastructure.

Another method, using IPv6 over IPv4 TCP/UDP, is to user configured tunnels
such as:

-          tspc – Tunnel Server Protocol Client – terminates to the free
Hexago tunnel server

-          aiccu – Automatic IPv6 Connectivity Client Utility – terminates
to SixXS free tunnel server

The advantage, there are no additional requirement on the user and fixes the
delay problem with all IPv6 applications. If the Ubuntu is used on a laptop,
the system will have the ability access IPv6 across the vast majority of
non-IPv6 networks.  This will require us to decide to enabled by default one
or more of the tunnel/transition technologies and create a default free/open
tunnel configuration.

The disadvantage is tunnels are a security nightmare, blinding most IDS/IPS
system and bypassing most network firewall devices. There are also problems
applying host firewall to tunnels.

All configuration knobs for tunnel/transition technologies are text
configuration files, and at present, no gui forms to make it easier for the
user.

*3.       **Add additional code.*

On Sunday, I will start the timing test to find the delay period between
each of the above steps, to see if we can reduce the timing issues.  See
what code needs to be changed.

Joe Klein

On Fri, Jan 2, 2009 at 1:22 PM, Launchpad Bug Tracker <
313218@bugs.launchpad.net> wrote:

> You have been subscribed to a public bug by Mackenzie Morgan (maco.m):
>
> starting with kernel 2.5.28-4 ipv6 is built in and cannot be disabled .
> this causes very sloow internet access for people who have routers or
> isp's that are non compliant . Prior to 2.6.28-4 ipv6 was loaded as a
> module and could be disabled by setting " alias net-pf-10 ipv6 off " in
> /etc/modprobe.d/aliases  and also adding blacklist ipv6 to
> /etc/modprobe.d/blacklist . please provide a method of disabling IPV6
> for those who need it .
>
> ProblemType: Bug
> Architecture: amd64
> DistroRelease: Ubuntu 9.04
> Lsusb:
>  Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
>  Bus 001 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
> NonfreeKernelModules: nvidia
> Package: linux-image-2.6.28-4-generic 2.6.28-4.5
> ProcCmdLine: root=UUID=1f603d8b-0fe4-4846-92f9-54b572ff1924 ro quiet splash
> ProcEnviron:
>  SHELL=/bin/bash
>  LANG=en_US.UTF-8
> ProcVersionSignature: Ubuntu 2.6.28-4.5-generic
> SourcePackage: linux
>
> ** Affects: linux (Ubuntu)
>     Importance: Undecided
>         Status: Incomplete
>
>
> ** Tags: apport-bug
> --
> IPV6 causes slow internet access
> https://bugs.edge.launchpad.net/bugs/313218
> You received this bug notification because you are a direct subscriber of
> the bug.
>

Ubuntuglibc package

Comment 19 for bug 313218

Ubuntu
glibc package