This is a “Cogent is broken” problem and not an IPv6 is broken problem. Anyone who has to deal with getting full tables for any significant length of time knows not to single home to Cogent— they’ll do it on v4 peerings too (See their spats with AOL and Level 3)
Cogent does supply some residential users, mostly in high density housing, but generally Cogent customers have options and can switch. That's the 'make Cogent behave differently' button of course, it doesn't work very fast. And on this issue, it may not ever work.
Cogent is best used as part of a multihoming strategy, and not as an only route. Even if you take a neutral stance about their role in peering disputes, the fact that they are involved in a lot of them means if you only use them, you're likely to have less connectivity than if you had a different transit provider or multiple transit providers.
Same feelings as others: avoid Cogent at all costs and encourage anyone who solely uses Cogent to switch to another provider, preferably in a multi-home configuration. It's not even this issue, Cogent simply wants your dollars and do f***-all but the absolute minimum.
Basically, most tier-1 providers allows settlement-free peering with anyone who can meet some physical requirements (like having mutual interconnection in America, Europe and Asia) and legal ones (everyone wants to avoid sanctions). HE clearly meets this requirement. Google also clearly meets this requirement. Both are not connected to Cogent despite both are willing to interconnect to Cogent.
Cogent just allows connections to whoever they feel to connect, they don't have a criteria except for "if we allow them, will they kill our business"?
Isn't this a common failure pattern in tech now? A big company gets
"successful" by selling cheap or free. They build a big crowd who are
accepting of poor service then inflict arbitrary decisions on their
customers, and once the abuse is normalised they spread "broken" tech
through standards-breaking and non-interoperability. People then
justify the problem because a mob of beaten-down users meekly accept
the situation and anyone asking for better is dubbed an "elitist" or
"idealist". For example, between them Google and Microsoft have
wrecked email. IPv6 doesn't look "broken" here, it's just under attack.
By "stopping spam" in a manner that defines all[1] email not originating at Google or MS as spam, while at the same time allowing thousands of spam messages to be send via their infrastructure with limited ways for others to block it....
[1] yes I am aware not all, but unless you are a big player good luck getting gmail or ms to accept your mail
> but unless you are a big player good luck getting gmail or ms to accept your mail
This 'evil corp blocks my SMTP server' superstition really needs to stop. False positives hurt them as much as it does you, so you bet that there is 0 incentive to block emails from your IP.
If the email is properly DKIM aligned for the domain, it really does not matter which IP address the email is originating from.
IP addresses (especially with IPv6) are ephemeral, and email providers have figured this our years ago. If spam filters were IP based and persistent, they would have blocked the entire IPv4 internet by now. So they don't.
Spam filters (not the one you run at home, but proper ones used by Google and MS) use the email's content and domain reputation. Most of it is ML driven. IP addresses are irrelevant, unless when you force the receiver to fall back to IP assessment by not signing your email.
TL;DR: if your SMTP service is being blocked by 'large evil corp', it is because your domain and/or SMTP service are not properly configured.
That is not a requirement specific to Google. Most inbound SMTP services require this, even most open-source implementations. This requirement is not invented by Google, but caused by spammers using botnets.
Also, not being able to set a reverse DNS for a domestic IP is not Google's fault, it is your ISP not allowing you to 'own' an IP, and not allowing you to set a reverse DNS for the IP they lease to you.
This is why ISP offer business packages. These will allow you to own the IP (block), and set reverse-DNS for it.
an example that comes to mind : find me in the RFC where it is stated that blocking residential ips is ok. (google does this, so not compliant to original standard)
I would also add (but this is not email per se) : no adoption for GPG/PGP this makes your cryptographic signature a bare textfile attachement.
My mail server occasionally receives mail from residential ISPs and it's literally always spam.
If people could be trusted to manage their mail server we wouldn't have this problem, but IoT crapware is still listening on port 23 till this very day and the manuals still state that you need to disable the firewall and forward all traffic to your shitty webcam for it to work. Reporting this abuse to the carrying ISPs is about as useless as shouting my complaints down the toilet.
Until both IoT production companies and individual consumers take responsibility for the awful internet created by these maliciously incompetent users and the laughably bad IoT devices they buy, I'm not removing this filter rule from my mail server.
I do usually get a notification that something hit quarantine so if it sounds important I can still see it, but I've never had to release mail banned for this reason so far.
Denylisting whole ip ranges is lazy and hurtful. Google accepts email from residential ips. Why can't you?
> My mail server occasionally receives mail from residential ISPs and it's literally always spam.
I sent mail from my home isp for years, until people like you made unfeasible.
> I do usually get a notification that something hit quarantine so if it sounds important I can still see it, but I've never had to release mail banned for this reason so far.
Most small operators refused to allowlist me even after making phone calls, etc.
> Google accepts email from residential ips. Why can't you?
Because Google receives enough email to tweak its spam filters sufficiently. I have to rely on more general block lists.
> I sent mail from my home isp for years, until people like you made unfeasible.
I've accepted mail from home ISPs for years but a recent-ish (±5 years ago) but short wave of spam from botnets made me turn on the spam filter on my new server.
> Most small operators refused to allowlist me even after making phone calls, etc.
With my setup you won't even have to call me because I'll probably whitelist your server anyway. May take a day depending on how recent the latest quarantine report was, but that's no different from normal email anyway. My spam threshold is quite high so if you take the normal measures (SPF/DKIM/reverse PTR/etc.) you probably won't even hit the spam filter.
> find me in the RFC where it is stated that blocking residential ips is ok
Is there one that actually states it isn't OK, that I'm unaware of?
It perhaps goes against the spirit of the RFCs and other documentation written at the time, but that is understandable because a lot of that stuff was written from the standpoint of being able to trust people on the Internet, including that they fully understand and have properly secured the hosts under their purview…
I send mail from home just fine, though my connection is through an ISP that is generally identified as offering commercial accounts (AAISP). You do have to make sure that you have SPF and DKIM configured but that is the case elsewhere too.
My machines see quite a lot of activity (SSH login attempts, attempts at brute force logins & scans for known vulnerability in old versions of HTTP(S) hosted software, and more, not just attempts to send junk mail) from what appears to be compromised machines on residential connections.
Yea, they’ve always been happy to sell bulk transit for rock bottom prices, then try to leverage their customer base against other companies.
Everyone in the ISP/Transit world does it though, trying to double dip by charging their customers for service then trying to charge other to peer with them unless it’s in their favor to peer freely.
Peering should be best effort, and as close to free as possible when you already have a presence in a location. I understand some cost to cover the hardware necessitated by peering, but the only person being charged should be the customer you’re providing a service in my opinion.
This is the classic Comcast "why does netflix get a free ride" Pr spin for a few years ago where they are battling net neutrality and trying to convince the public that Netflix, and Google were "free riding" and "not paying their fair share" for the network which is "just like water"
Lots of disdain for Cogent on this thread, and very little comments about HE effectively having much the same business model as Cogent: sell pipes as cheap as possible, run them as hot (full) as possible, care little about performance implications.
As a transit supplier, they’re both pretty low quality, suited to bulk traffic only. Anything latency/loss sensitive goes over other providers.
HE and Cogent both are best suited to their roles as carrier of last resort. If you as a customer depend primarily on either of them, that’s a particularly unfortunate situation that should be remediated if possible.
> Lots of disdain for Cogent on this thread, and very little comments about HE effectively having much the same business model as Cogent: sell pipes as cheap as possible, run them as hot (full) as possible, care little about performance implications.
I'm sorry, but how is the quality of HE's performance in any way relevant to the issue of Cogent refusing to follow industry norms for settlement-free / equal cost-sharing peering? Cogent isn't refusing to peer with HE (and Google btw) because of latency/loss. Cogent is notorious for trying to squeeze every penny out of other networks through peering, HE is the exact opposite.
Isn't this the intended business model? Different tiers for different needs at different price points? I'd think that HE could offer a higher service level with better quality if the economics would make sense
I'm a Cogent customer and we wouldn't be where we are without them, but, they give me the most headaches out of any provider I have to deal with.
I tried raising a complaint as their SLA states about packet deliverability/guarantees - and I said "well, you have 100% packet loss to HE"... I didn't get very far and they basically just blamed it on HE - but, I wonder if someone had more time, if they could make a complaint down this avenue?!
That's funny, shortly after I made my comment I had a faint recollection of Comcast v. Cogent. I'm still not sure who to blame in that pissing match. Comcast is one of the most hated retail ISPs in the US while Cogent is one of the most hated bargain basement Tier 1.5 transit ISPs in the country. While I'd genuinely have a difficult time picking sides in such a fight I think that in the end, I'd have to side with Comcast, as much as I hate to say it. I'd love to hear from people more in the mix than me on the topic.
I think Comcast "wins" the most evil here just because they have a monopoly on broadband in many areas, so overcharge their customers for substandard service, then they turn around and use the monopsony of Internet access to those customers to charge for peering.
At least Cogent charges low prices for their shit.
"broken", not really -- in practice anyone who cares about IPv6 connectivity does not use Cogent as their only upstream, or they learn very quickly that Cogent does not provide them with what they advertise. This might impact you if you're in the business of buying transit from a tier 1 provider, but that's virtually nobody.
(It's also far from the only issue you'll get as a Cogent customer, they're generally, uh, pretty shit.)
I'd say this is a Cogent problem. Not an IPv6 nor an "Internet" problem. Tye solution is to single out Cogent and that class of ISPs, like Telefónica in ES.
It’s generally not a good idea to be single homed anyway. My first network was only upstreamed by HE and I ran into the Cogent situation quite quickly. Adding more upstreams fixed it. But also other NSPs don’t reach everything. Sometimes there are some niche networks that can only be reached over peering or some other transit providers. Though it’s super rare.
True, but many small businesses don’t have the hardware or expertise to manage multiple full BGP tables. Also depending where you are your ISP options might be limited. For example one of the remote sites I manage only has Lumen/CenturyLink wired to the building. If would really stink if I couldn’t get to anything on HE’s network through no fault of my own.
IPv6 have many defects BUT allow a lost thing we desperately need NO DAMN needed NAT. Witch means that with a 2Gbps+ f.o. connection you can host your service at home, with a static IPv6 global address and a domain name bound to it.
IMVHO many giants obstacle IPv6 NOT because it's hard and not so nice BUT because they fear loosing their privileged position. Oh, sure most people do not have TODAY a homeserver but how much would it take to see pre-packaged pseudo-FLOSS homeservers like we see for android "pirate-TV minicomputers"?
ISPs don't want this. They want to upsell you to a business service if you want a static IP. They'll just use dynamic IP allocation aka DHCP to make the whole thing really inconvenient.
I'm on Zen in the UK and have both a static IPv4 (with additional IP's available for a relatively lot fee in blocks of 8 or more) and a /48 IPv6 block.
So what? Almost for a decade, I used to have 15 IPv4 addresses with OVH _for free_, and this very December they decided to start charging for them.
Before OVH, I also was with another similarly-cheapo ISP that gave me one IPv4 for free until they decided to start charging for it (and I left).
It's just a matter of time. Of course if your ISP is expensive enough they'll just keep eating the cost for more years, but .. what's the point? One IPv4 is not that costly yet that is worth an expensive ISP over it...
For sure, but while they do not want I DO WANT. With IPv4 they have a valid excuse: we do not have enough address, with IPv6 they have no valid excuse.
The utility of home servers and server-like devices is limited by upstream bandwidth on asymmetric connections (virtually all home broadband except some fiber-based services). Not IP addressing.
Dynamic DNS has been around for decades and provides a solution if you really want to run a home server behind NAT. If someone wanted to market a home server box, they would just need to implement something like DDNS... and Plex basically does just that.
But most people have limited upstream bandwidth, such that it's impractical to serve much content from home, except maybe to yourself as a 'road warrior' via VPN, or video streams via Plex, stuff like that.
If home broadband was symmetric, even with NAT, we would see many more applications taking advantage of that upstream bandwidth.
> Witch means that with a 2Gbps+ f.o. connection you can host your service at home, with a static IPv6 global address and a domain name bound to it.
Nice in theory, but some ISPs (mine included) will happily give you a /56 via prefix delegation, but if your connection drops, you will possibly get a different prefix, and so your IP unfortunately changes.
As others have commented, ISPs explicitly do not want this happening. One of the service tiers at my house was previously advertised as 900/35. 900 Mbps down, 35 mbps up. Now, there are no ISPs that rate the upload speed at all. At least one of the ISPs at my house has language in the contract that limits usage to that initiated by a live operator, so any sort of hosting is obviously prohibited. Another ISP solved this by delegating several /64 addresses, but only actually routing traffic for a single IPv6 address.
Here (France) I got 2Gbps down, 860Mbps up (and I'm on mountains, not downtown) so definitively asymmetric but still with a very good upload for home usages, for instance for simple p2p file sharing while on an ip2ip VoIP call with a friend, no special services in between.
All we need is IMVHO a general culture on IT and it's evolution, to push politicians MANDATE no throttling, routing tricks etc with public watchdogs that sanction all anti-users behaviors in tech, not just for ISP but for instance in terms of communications service: you are a company and decide to offer a new "modern chat" service with a new protocol? Ok, no issues. Do it if you want BUT if the protocol is closed source or design in a way to makes third party "peering" hard you get significant income slice ALL THE TIME this design persist. Let's say you state "ah but file-sharing pass on our servers and bandwidth and storage are costly. That's good. So allow third party "caching services" or direct IP2IP sharing or pay the sanction for having chosen an anti-user design.
Since all this "features" and "anti vs pro" can't be written in laws up front that's the simple way to go: from the PUBLIC academia a watchdog who listen FLOSS associations, citizens, users in general and keep watching not impeding, but sanctioning. Enough to allow free ALSO commercial innovation, but not enough to makes some behaviors interesting for any business.
Netflix also refuses to accept HE IPv6 traffic. This was 'fun' to find out when deploying IPv6 on my home network, and my TV could no longer stream from them.
It's a geo-fencing / DRM / regional licensing restrictions BS problem. HE is innocent, and Netflix probably doesn't have a choice* (though arguably what should matter is the bank account location of the buyer).
I remember seeing this, by accident, years and years ago before it was blocked. Took me longer than it should to realise why I was seeing US Netflix content, in the UK.
fortunately from my ISP in Czech republic I can reach both destinations via IPv6 fine. However, the said ISP is giving me only /64 IPV6 block therefore limiting it to one subnet. That is poor, really poor implementation that does not allow ipv6 e.g. in my work laptop VLAN. O2 internet(the ISP) - you suck.
If this is DSL/FTTH, don't wait and switch to T-Mobile, Metronet or UVTnet.
O2 have been doing this wrong since 2012 and it doesn't look like they will fix it in this decade.
Forgot to mention that while O2 provides you with a poor single /64, UVTnet gives you a nice and shiny /48 (others currently stick to /56s). What a difference.
True dat. Some of the mishaps can be attributed to incompetence and some to lack of desire to be real ISPs for the future. Too bad one is usually geographically restricted to one or a very few ISPs, especially when all of them are doing IPv6 wrong.
O2 (The Czech HQ'd PPF owned, not the UK one) - WISP
And even the more regional, but still big, aren't much better.
UPC (Liberty Global subsidiary) - Cable
Antik (Slovak company) - FTTx, Cable, WISP
SWAN (also Slovak company) - DSL, FTTx, WISP
But I have to shout out my dad's ISP, it's called RadioLAN, it's a slovak company, provides WISP and FTTx and also IPv6 to everyone by default. So far the only one I've found. Funny thing is, the peering in our country is handled by two IXs: SIX and NIX both natively supporting IPv6 interconection. If I've messed some terminology or I've outdated info, I'm sorry. As you said, nod to until we live in a very very specific location, we're left with just one ISP, or basically the same one in blue. I'm less than 10km behind the capital's outer borders, yet I have a huge problem getting FTTH ran here. It's literally connected at the both ends of our street, just not here. I've considered doing something about it myself, it's just simply too expensive.
It's not that bad (this was situation some time ago, might be even better today):
Orange does support IPv6 on FTTH and DSL (do not know about mobile network); they use DS lite and allow user port mapping for IPv4 (!), provide /56 by default. They didn't migrate existing customers, they just started with new ones (2016 for DSL, 2018 for FTTH), which is reasonable. There's also an issue with IPTV service, which runs over IPv4 multicast, so new customers with TV service (or those who ask explicitly) get IPv4-only anyway.
UPC (Liberty Global) has exactly the same issue as the Czech one: DS lite and you get /64 only. It is the same design, shared by all UPCs, (the Czech one is just a recent acquisition from them by Vodafone).
Slovak Telecom "is planning" (since 2020). TBH, I would expect ST to get rid of PPPoE on FTTH first ;)
Swan supposedly supports IPv6 now, at least in their core. They claim IPv6 support in their materials (at least in those communicated to business customers).
Note that ST/Orange/O2 are not WISPs; they are mobile networks. With WISP, the understanding is that they would use wireless radios like Radiolan does (i.e. Radiolan is WISP).
> I'm less than 10km behind the capital's outer borders, yet I have a huge problem getting FTTH ran here.
This is common and not that surprising. If you check availability for the FTTH in the capital's city center, you will find that the situation is the same (or similar: chances are, that the end of the street is not connected). It is residential areas with high density that have the good coverage.
Your ISP does not want to route other people's traffic for them, only its customers. So it doesn't broadcast a route for arbitrary destinations through its AS.
Peering is for your own traffic and traffic of your customers. You don't carry generally carry traffic for your peers to other peers. It doesn't make business sense; if congent and HE want to exchange traffic via your ISP, at least one of them is going to have to be a customer of your ISP.
That article doesn't have a date (as far as I can see), is that still a problem?
Looking up a random cogent ip (www.cogentco.com on bgp.he.net shows they have a route for it: https://bgp.he.net/ip/2001:550:1::cc01
(might not be true the other way around, I don't know how to check -- I can join both networks, but I'm not on either...)
Interesting, I just tested that here as well and sure enough my HE peer had no issues going to Google, but my Cogent peer didn't. This isn't an ipv6 is broken problem this is a Cogent is broken problem.
I think the article could be better titled "IPv6 Internet Is Broken Right Now" because I read the title initially as the architecture is fundamentally broken, and in reality the article is saying that the architecture isn't broken but it is broken right now because of lack of peering agreements.
Peering disputes in Europe center around different carriers generally. But the basic dispute is the same, carrier A doesn't want to peer with carrier B, probably for business reasons, so they try to setup their peering rules so that carrier B doesn't qualify, or they won't upgrade connections.
I know I've seen some carrier names that come up in those disputes a lot, often the incumbent telco for a particular country. But you've got a lot of countries there and most of them had their own nationalized phone company, and only one or two end up having public spats over peering. There's similar stuff in some countries in Asia, where some of the incumbent telcos refuse to peer locally. (and of course, China has the GFW)
IPv6 is a religion, you will not reason with its adepts.
Of course they will claim that the whole world is "doing it wrong", despite the collective failure of humanity to roll out IPv6 for decades and decades.
I’m not a v6 evangelist. I don’t work in networking, nor do I know enough about it to really want to evangelise for v6. Surely “humanity hasn’t prioritised doing something, therefore the ‘something’ is inherently flawed” is an argument that conjures enough contemporary exceptions that you can see how deeply and utterly flawed it is?
I downvoted you because this article has nothing to do with IPv6 technology. It has to do with a large ISP being a dick and refusing to act mature and, you know, do their goddamned job and peer with other ISPs.
TCP/IP has 48 bits for addressing, this is more than enough for the world. There are inefficiencies currently with allocating these bits, but they're easier to solve than adopting IPv6.
It has 32 addressing bits, and even if it did have 48 that wouldn't be enough. Inefficient allocation isn't the problem; there's just not enough address space for the Internet at the scale it's reached.
v6 is much easier (and cheaper) to deal with than layers and layers of NAT everywhere.
