
Examining IPv6 Performance - tdurden
https://labs.ripe.net/Members/gih/examining-ipv6-performance
======
theophrastus
Not a performance issue per-se, but more an ugly unintended consequence of
IPv6 issues: _peer-flooding_ in torrent transfers. I use libtorrent to
distribute my data sets and i'm seeing all the usual trackers are being
flooded (DoS-like) via the vast available, in this case phony, IPv6 address
space[1]. The unstated contention by agents of content owners being that bit-
torrent can never do anything but wrong. Selfishly focused on their own
content they're statistically not utterly wrong, but they are using the design
of IPv6 to poison the well for benevolent use.

[1] [https://torrentfreak.com/popular-torrents-being-sabotaged-
by...](https://torrentfreak.com/popular-torrents-being-sabotaged-by-ipv6-peer-
flood-150619/)

~~~
voltagex_
>Update: The IPv6 addresses which are used appear to be fictional. They
haven’t been allocated yet and are non-routable.

What kind of network are they using that lets them send forged source
addresses? Also, a temporary solution in that case would be to use a blocklist
of non-allocated ranges.

~~~
the_mitsuhiko
BT is UDP and you can write whatever you want into a packet.

~~~
banthar
Are you talking about changing source address in IP header? Most ISPs will
drop such packets:
[https://tools.ietf.org/html/rfc3013#section-4.3](https://tools.ietf.org/html/rfc3013#section-4.3)

~~~
voltagex_
That's what I thought - but it turns out that not all ISPs behave well.

[https://defcon.org/images/defcon-22/dc-22-presentations/Grah...](https://defcon.org/images/defcon-22/dc-22-presentations/Graham-
McMillan-Tentler/DEFCON-22-Graham-McMillan-Tentler-Masscaning-the-
Internet.pdf) but the video is also very entertaining. This is applicable to
the IPv4 internet but I'm sure someone will eventually come up with a way to
do it for IPv6.

------
daveguy
This compares ipv6 vs ipv4 dual stacks between the same endpoints. The
conclusion is that performance is equivalent but the establishment of the
connection has a 9x higher failure rate for ipv6.

(Edits:grammar)

------
edwintorok
GeoIP routing is sometimes worse with native IPv6 than IPv4. Take gstatic.com
for example which goes to a neighbouring country with IPv6 (inside same ISP,
but still):

    
    
      $ ping -c 3 gstatic.com
      PING gstatic.com (82.77.159.222) 56(84) bytes of data.
      64 bytes from cache.google.com (82.77.159.222): icmp_seq=1 ttl=61 time=2.11 ms
      64 bytes from cache.google.com (82.77.159.222): icmp_seq=2 ttl=61 time=1.98 ms
      64 bytes from cache.google.com (82.77.159.222): icmp_seq=3 ttl=61 time=1.78 ms
    
      --- gstatic.com ping statistics ---
      3 packets transmitted, 3 received, 0% packet loss, time 2002ms
      rtt min/avg/max/mdev = 1.780/1.960/2.118/0.143 m
    
      $ ping6 -c 3 gstatic.com
      PING gstatic.com(bud02s22-in-x03.1e100.net) 56 data bytes
      64 bytes from bud02s22-in-x03.1e100.net: icmp_seq=1 ttl=55 time=9.85 ms
      64 bytes from bud02s22-in-x03.1e100.net: icmp_seq=2 ttl=55 time=9.67 ms
      64 bytes from bud02s22-in-x03.1e100.net: icmp_seq=3 ttl=55 time=10.5 ms
    
      --- gstatic.com ping statistics ---
      3 packets transmitted, 3 received, 0% packet loss, time 2003ms
      rtt min/avg/max/mdev = 9.675/10.031/10.568/0.403 ms
    

So I have this in /etc/gai.conf now:

    
    
      precedence ::ffff:0:0/96  100

~~~
scurvy
The worst problem with Google's GeoIP implementation is that you really can't
report problems to them in a good manner. They have this:
[https://support.google.com/websearch/contact/ip](https://support.google.com/websearch/contact/ip)
but it only works for Google.com and not YouTube. I really, really wish Google
would put more resources on this.

~~~
secure
I heard that you can report YouTube connection issues at
[https://www.reddit.com/r/youtube](https://www.reddit.com/r/youtube), and
YouTubers will address them. Have you tried that?

------
jrcii
I didn't RTFA but would point out that the performance problems I've run into
with IPv6 aren't related to the specification itself but buggy implementation
code from vendors, which I expect to improve with time.

~~~
stock_toaster
There are also issues with end user rollouts. For example, comcast uses prefix
delegation to give you are /60 which your router (pfsense in my case) then
uses for the internet network (it carves out a /64). However, this prefix
changes! As it is not a statically assigned prefix, my internal devices
renumber whenever it changes, it would make it a huge pain to get a consistent
mapping for my internal devices (media server, printer, etc) were I to go ipv6
only.

I thought about using an additional ULA subnet (ipv6 supports multiple
subnets), but apparently many vendors do not yet support RFC 6724, or support
it poorly with regard to ULA addresses. As such, I get mixed results with
devices trying to use the ULA address for internet egress.

NAT66 (npt) is another possibility, and some people end up having to use this
when they have more than one ISP (multi-wan balancing) anyway, but I haven't
found a good way to update the nat target when the prefix changes yet (might
try moving to openbsd and try ifstated calling a script to a pf table or
something).

~~~
lmm
> For example, comcast uses prefix delegation to give you are /60 which your
> router (pfsense in my case) then uses for the internet network (it carves
> out a /64). However, this prefix changes! As it is not a statically assigned
> prefix, my internal devices renumber whenever it changes, it would make it a
> huge pain to get a consistent mapping for my internal devices (media server,
> printer, etc) were I to go ipv6 only.

Part of the point of IPv6 is that your addresses reflect the real network
topology - when your upstream changes, your addresses change. The right thing
is to ensure that your router is also updating DNS for your internal devices,
and use names to refer to them. You shouldn't expect anything to have a truly
static IPv6 address.

~~~
stock_toaster

      > The right thing is to ensure that your router is also
      > updating DNS for your internal devices, and use names
      > to refer to them.
    

How does a router go about doing that with SLAAC? Running dhcp6 is something I
would like to avoid. Maybe Bonjour/mDNS are just going to be far more
prevalent in the ipv6 world.

For most devices, a constantly changing IP is well and good (eg ipv6 privacy
extensions). However, for servers it is less than desirable.

~~~
karlshea
This is the missing part for me as well. I run DNS internally and it works
just fine for IPv4, but everything is using SLAAC so I can't have AAAA
records.

The only solution I've heard so far is to have a client on each machine that
would update the DNS server with the new address, which sounds terrible.

I'm just about at the point that I'm just going to install DHCPv6, but last I
heard not every OS supported it?

------
baq
slightly OT: why is HN not ipv6 yet? why isn't reddit? why pretty much anyone
except google and facebook isn't?

~~~
the_mitsuhiko
Because there is no benefit to running IPV6 if you have access to an IPV4
address.

~~~
eeZi
There actually is. An increasing number of ISPs is going IPv6-only with
central carrier-grade NAT for IPv4. Those gateways are often overloaded,
resulting in vastly better performance over IPv6.

~~~
lisivka
IPv6 traffic is much slower. In my case (I use Miredo client), link to
Portsmouth, ServerHouse, GB is up to 30Mbit by IPv4 but no more than 1Mbit by
IPv6.

~~~
eeZi
You have native IPv4 and IPv6 over a tunnel, so of course IPv6 is going to be
slower.

The point is that for an increasing number of users, it's the exact opposite.

------
jvolkman
I've gotta say, I was impressed with how easy the IPv6 setup was with the
latest version of OpenWRT. I just recently upgraded and, with Comcast's native
IPv6 support, everything just worked and all of the machines on my LAN grabbed
externally-routable addresses. After poking some holes in the default firewall
rules, I can connect directly from my machine at work (also IPv6 addressed) to
a machine at home without any port mapping or translation. Feels nice.

------
onethumb
Particularly on mobile, Facebook is seeing fairly big wins with IPv6. It's not
entirely clear why, but it's happening. Here's Paul Saab's deck from earlier
this year: [https://www.dropbox.com/s/15xi92296lw32hu/Facebook-World-
IPv...](https://www.dropbox.com/s/15xi92296lw32hu/Facebook-World-
IPv6-2015.pdf?dl=0)

~~~
eeZi
I bet on NAT latency. No NAT must be great for push messaging, since the
network is stateless and less keepalives are necessary to keep the connection
open.

