July 2008 Archives

I just got back from the Summer 2008 Internet2 Joint Techs Workshop in Nebraska. There was a heavy focus on IPv6 at the workshop. The IPv6 Working Group announced its IPv6 Challenge. This is a challenge to Internet2 members to IPv6-enable several aspects of their networks. Joe Nasal from TNS participated in a very interesting panel discussion on campus IPv6 addressing plans (video here). Both Penn State and Stanford were on the panel. We both have a /32 from ARIN, but we've chosen to use them in very different ways. I found that rather interesting. As usual, DREN gave a useful update on their IPv6 deployment in the Department of Defense.

I gave a lightening talk on a quick way to IPv6-enable lot of DNS servers (slides here). Essentially, there is a "clustering" effect in DNS, where one server will provide authoritative DNS for three or four other domains. For example, UC Berkeley provides DNS for Columbia, UC San Francisco and UCLA. So v6-enabling that one server provides considerable extra benefit. If you map out these "clusters" in DNS, you get a list of the most beneficial servers to target. It turns out that by v6-enabling 11 extra servers, you would give 31 domains v6-reachable DNS. Put another way, that's 15% of Internet2 members, but requires upgrading only 1.5% of its nameservers.

In non-IPv6 news, there was a good DNSSEC talk from NIST. This was especially interesting in light of the recent Kaminsky DNS attack. Suffice it to say, there are still a fair number of hurdles to integrating DNSSEC.

iPhone 2.0 is out. It still doesn't enable IPv6. I wasn't optimistic that it would be added in iPhone 2.0, but I'm still sad to see Apple abdicate leadership on this issue, especially since Mac OS X has had solid IPv6 support for years. Many handset OSes already support IPv6.

Qualcomm's proprietary BREW platform has supported IPv6 since version 3.1.5. Nokia's snazzy new N78 and N96 both support it as well. Actually, all of Nokia's E-Series, N-Series, and most of their Communicator, 6000- and 7000-Series phone have supported IPv6 since 2005. Microsoft added support in 2003. Symbian, VxWorks, QNX and J2ME also support it.

The good news is that much of Apple's SDK is IPv6-clean, so 3rd-party apps should be IPv6-capable. Hopefully it will just be a matter of Apple enabling v6 on a later software update.

I've recently been handed an assignment that requires me to write some Perl code. I'm not a fan of Perl anymore. I haven't used it routinely in almost seven years. It certainly filled a very useful niche in the '80s and early '90s, but by 2008, I think it's been superceeded by Python or Ruby. Frankly, I think it's an anachronism. But this isn't a blog about programming.

I've griped about the shoddy IPv6 support in Perl before. This post is in the same vein.

This code needs to use Perl-LDAP. Natually, I checked if that library supports IPv6 (remember, kids, in Perl, you have to check if every single library supports it!). Fortunately, it got support a few months ago, in version 0.35. All's well, right? Not so fast, kiddo. The changelog says it "add option to support IPv6". What does "option" mean?

Looking at the docs, I found this gem:

inet6 => N

Try to connect to the server using IPv6 if HOST resolves to an IPv6 target address. If it resolves to an IPv4 address, the connection is tried using IPv4, the same way as if this option was not given.

Please note that IPv6 support is considered experimental in IO::Socket::SSL, which is used of SSL/TLS support, and there are a few issues to take care of. See "IPv6" in IO::Socket::SSL for details.

So let me get this straightish. To get IPv6 support in my LDAP apps, I have to pass a special "no, really, use IPv6" flag to every LDAP object I create? What happens if the hostname resolves to both an IPv6 and an IPv4 address? And I better just hope that I'm not using SSL. This is just charming. But it gets better. If you follow the link to IO::Socket::SSL, you find this:

Currently, there is no support for using IPv4 and IPv6 simultaneously in a single program, but it is planned for a future release.

Gah! You can't possibly be serious. Java has supported SSL-over-IPv6 and mixed v6-v4 apps for 5 years! Hell, it's supported it for so long that the first version to get support is now EOL. Python has had support for the same amount of time.

Folks, this is not the way to design a maintainable, supportable, enterprise language. How people continue to use Perl in production totally escapes me. And this does not bode well for IPv6-enabling the large mountain of legacy Perl scripts that hold this University's IT systems together.

A week-and-a-half ago, I commented that 10% of Internet2 schools had IPv6-reachable DNS. It's time to add one more: Georgetown. And, unlike many schools, Georgetown isn't piggybacking on someone else's DNS server.

For those of you keeping count, here's the updated list:

IPv6-reachable DNS in Internet2
  • Columbia University
  • Georgia Institute of Technology
  • Georgetown University
  • Indiana University
  • Internet2
  • Ohio University
  • Pennsylvania State University
  • Portland State University
  • Princeton University
  • University of California, Berkeley
  • University of California, Los Angeles
  • University of California, San Diego
  • University of California, San Francisco
  • University of Delaware
  • University of Illinois, Urbana-Champagne
  • University of Iowa
  • University of Notre Dame
  • University of Oregon
  • University of Pennsylvania
  • University of Rhode Island
  • University of South Florida
  • Virginia Tech
  • Wichita State University
  • Worcester Polytechnic Institute

The Flag of the European UnionThe DNS domains for Denmark (.dk) and St. Kitts and Nevis (.kn) recently got IPv6-reachable servers. This means that every member of the European Union has IPv6-reachable DNS. Further, the Eurpoean Union itself (.eu) and all candidate countries have IPv6-DNS. I'm impressed.

Samba 3.2.0 was released yesterday. Among its many new features is IPv6 support. This is an important step towards having an IPv6-capable CIFS stack on every platform. Windows Vista and Server 2008 have supported CIFS-over-IPv6 for some time, as has the Linux in-kernel CIFS client. Erion Consultancy has more information on the development.

For more on IPv6 support on Windows, including CIFS, check out this presentation (PDF) from SambaXP 2008, or this one from SambaXP 2007.