Thursday, 10 February 2011

Evil ideas and IPv6

I am trying to find an idea for a web site.

Needs to be something useful that people may quite reasonably want to

Ideally something that costs us nothing or very little to run.

Something not in itself commercial, in that it does not matter that lots of people cannot (yet) access it.

Plan is that we need a web site that people can *only* access on IPv6.

There are some in China, but that is hardly a compelling argument.

It is specifically to have something to say to ISPs that do not do IPv6 yet and say "we have plenty of IPv4s" and somehow forget that their customers need to access IPv6 only endpoints (which will happen more and more) via their network. I.e. it does not matter how many IPv4 addresses they have really - the world has moved on and you provide a connection to "the world" [or not?].

Now, a game has been suggested, and we have, which may be a good one for residential customers, but far to easy too dismiss for a business customer. That is likely to go IPv6 only shortly.

So I pondered... What if we had a web site for prospective customers that provided a discounted order for broadband or something...

Now, if another ISP was to filter one of our web sites and not allow their customers to access one of our web sites, would that be considered naughty (perhaps by OFCOM, BERR, trading standards, etc)? So an IPv6 only site that we run which other ISPs "filter" from their customers? Hmmm


  1. Nice idea but....
    Myself and probably a significant proportion of your customers do not have routers that can do IPv6. We wouldn't be able to see it. Until you are shipping to end users IPv6 capable routers then the other ISPs would have a reasonable defence.

  2. Would a trivial proxy at ISP level not make whatever IPv* site visible to whoever is behind that proxy?

    Would a smart DNS+NAT+packet voodoo at ISP level not be able to solve that even without HTTP proxy?

  3. Well, *our* customers have had the option of IPv6 for 8 years, and we provide a number of means to do that. We sell routers that do it and should have some more sensibly priced ones this month. Soon the "free with DSL" type routers will be IPv6 too. So I think we can cope with a customer saying that to us somehow :-)

  4. A DNS/NAT thing would be tricky as you would have to assign an IPv4 for the target IPv6 name and map it for a while. It would mean a big pool of IPv4s for the purpose, and there are infinitely* more IPv6 addresses than any ISP has IPv4 to assign for such purposes.

    So I think a DNS/NAT thing would not work. It also breaks DSNSEC.

    [* as good as, 2^96]

  5. A proxy would work if the customer's machine is set up to use a proxy. Obviously you need to proxy every service that every site may offer. Each for normal web pages on port 80, but harder for many other services that people may wish to access. Also, even if only for web traffic, you either have to use DNS fudges to get the traffic to the proxy or the customer has to have set up proxy usage on their browser. DNS fudges will break DNSSEC of course.

  6. The key thing here is that if an ISP is trying to address this (even if buggering around with proxies) they at least understand there is an issue, and in fact deploying IPv6 should be the easiest of options to address it. Typically it is *NO* extra equipment, a form to RIPE, and a few extra config lines on routers, and some management tools changed. Way easier that fucking about with proxies and DNS fudges.

  7. Currently I already have an internal office site which is only on IPv6. This is the Nagios monitoring site... It is not available via IPv4, for reasons that I didn't want it to be :-)

    This means if I'm "roaming" on someone else's wifi, I can't see it, of course I have a solution of a tunnel back home from my laptop to give me IP6, but it's not ideal.

  8. Maybe you should look up the history of (which will give you seriously NSFW content in the process).

    When it was nearly up and running (with indeed adult content only available over v6) it suddenly went away never to be heard from again.

    But at this moment in the IPv6 migration I would think the adult content angle would be bad PR.

  9. Indeed. ipv6porn was more of a social experiment - would people invest the time and effort to get IPv6 running in return for free porn?

    It would not work well now I expect and be bad PR, apart from the fact that there is (I believe) plenty of free porn anyway.

    Also, at this stage, it is not really the end users we need to target. It is the ISPs and router makers. Once they are on board then the end users will have IPv6 as a matter of course without even knowing it.

  10. For a proxy, couldn't an ISP do something like fudge their DNS server, so any domains that return only AAAA records instead return the A record of the ISP's proxy? Messy, but possible (and of course doesn't fix the issue of where a site has the real content on IPv6 and say just a www page on IPv4.

    Which gives me an idea. Whatever idea you come up with for the IPv6 site, could you have an IPv4 A record pointing to a separate web server giving details of what the end users are missing and how to pressure their ISP to update, or would that just confuse people more?


  11. I wonder if Sky could be brought on-side (how's their IPv6 deployment, I wonder?) If so, get them to offer everything on Sky Player free for a day to people accessing it over IPv6 only.

    Given that VM isn't ready yet, this is one more way for Sky to slap them about - just tell people who ask "any ISP that does IPv6 could give you access for free. Unfortunately, VM doesn't do IPv6, so you will need to move ISP".

  12. I own and have put up some test content there for the time being, but nothing worth publicising the URL for, yet. If anyone has a substantial amount of content I can host, please email me.

  13. Incidentally, if you


    you get star wars as an ASCII animation, and it claims that if you do it over IPv6 you get extra scenes and colour. I can't test that fact myself right now.

  14. Its a fake. When accessed over IPv6 it says on one of the first frames that the v6 version is exactly the same as the v4 except for the visitor numbers.