[ntp:questions] What to do about broken IPv6 sites
Allen Kistler
ackistler at oohay.moc
Sun Jun 21 21:00:54 UTC 2009
Steve Kostecke wrote:
> On 2009-06-19, Rick Jones <rick.jones2 at hp.com> wrote:
>
>> Allen Kistler <ackistler at oohay.moc> wrote:
>>
>>> For example, http://www.ntp.org.
>>> NTP.org has a perfectly good IPv4 site, but the IPv6 site doesn't
>>> answer to SYNs.
>
> ???
tcpdump says:
14:33:53.083303 IP6 2002:638e:214e:1:20b:cdff:fe8b:1495.57122 >
2001:4f8:0:2::23.http: S 3716484184:3716484184(0) win 5760 <mss
1440,sackOK,timestamp 91455773 0,nop,wscale 5>
14:33:56.082896 IP6 2002:638e:214e:1:20b:cdff:fe8b:1495.57122 >
2001:4f8:0:2::23.http: S 3716484184:3716484184(0) win 5760 <mss
1440,sackOK,timestamp 91458773 0,nop,wscale 5>
14:34:02.082937 IP6 2002:638e:214e:1:20b:cdff:fe8b:1495.57122 >
2001:4f8:0:2::23.http: S 3716484184:3716484184(0) win 5760 <mss
1440,sackOK,timestamp 91464773 0,nop,wscale 5>
etc.
Other IPv6 sites work fine. The turtle dances.
http://sixy.ch/ is a source of handy test sites.
FWIW, *.ntp.org has _never_ worked for me on IPv6. "Never" in this case
means since about October 2008. I've just finally gotten annoyed enough
to start looking for things to do about the general problem of
unreachable sites (not so much ntp, in particular).
>>> Since RFC-compliant behavior is to try the IPv6 address first, I
>>> have to timeout on every page element before switching to IPv4.
>
> I have an IPv6 tunnel through Hurricane Electric and have _no_ problems
> with IPv6 to *.ntp.org
Interesting. traceroute (tcp, udp, and icmp) says:
1 2002:638e:214e:1::1 (2002:638e:214e:1::1)
2 2002:c058:6301:: (2002:c058:6301::)
3 v41.core1.nyc1.he.net (2001:470:0:51::1)
4 10gigabitethernet1-1.core1.nyc4.he.net (2001:470:0:37::1)
5 10gigabitethernet3-1.core1.sjc2.he.net (2001:470:0:33::1)
6 10gigabitethernet3-2.core1.pao1.he.net (2001:470:0:32::2)
7 * * *
8 * * *
9 * * *
etc.
The drops are meaningless, of course, since something just after pao1
(Palo Alto?) could be stupidly configured never to allow icmp. Or that
could be the thing that's losing packets. But HE is definitely in the path.
So should the guy who's actually paying HE ask HE what's up?
More information about the questions
mailing list