in Technology , 248 references
Someone -- or more like a few someones -- have screwed the pooch.
IPv6, which is the "new" generation of Internet protocol, is an undeniable good thing. Among other things it almost-certainly resolves any issues about address exhaustion, since it's a 128 bit space, with 64 bits being "local" and the other 64 bits (by convention, but not necessity) being "global."
This literally collapses the routing table for the Internet to "one entry per internet provider" in terms of address space, which is an undeniable good thing.
However, this presumes it all works as designed. And it's not.
About a month ago there began an intermittent issue where connections over IPv6, but not IPv4, to the same place would often wind up extremely slow or time out entirely. My first-blush belief was that I had uncovered a bug somewhere in the routing stack of my gateway or local gear, and I spent quite a bit of time chasing that premise. I got nowhere.
The issue was persistent with both Windows 10 and Unix clients -- and indeed, also with Android phones. That's three operating systems of varying vintages and patch levels. Hmmmm.....
Having more or less eliminated that I thought perhaps my ISP at home was responsible -- Cox.
But then, just today, I ran into the exact same connection lockup on ToS's "Trader TV" streaming video while on XFinity in Michigan. Different provider, different brand cable modem, different brand and model of WiFi gateway.
Now I'm starting to think there's something else afoot -- maybe some intentional pollution in the ICMP space, along with inadequate (or no!) filtering in the provider space and inter-provider space to control malicious nonsense.
See, IPv6 requires a whole host of ICMP messages that flow between points in the normal course of operation. Filter them all out at your gateway and bad things happen --- like terrible performance, or worse, no addressing at all. But one has to wonder whether the ISP folks have appropriately filtered their networks at the edges to prevent malicious injection of these frames from hackers.
If not you could quite-easily "target" exchange points and routers inside an ISP infrastructure and severely constrict the pipes on an intermittent and damn hard to isolate basis.
Which, incidentally, matches exactly the behavior I've been seeing.
I can't prove this is what's going on because I have no means to see "inside" a provider's network and the frames in question don't appear to be getting all the way to my end on either end. But the lockups that it produces, specifically on ToS' "Trader TV", are nasty -- you not only lose the video but if you try to close and re-open the stream you lose the entire application streaming data feed too and are forced to go to the OS, kill the process and restart it.
The latter behavior may be a Windows 10 thing, as when I run into this on my Unix machines it tends to produce an aborted connection eventually, and my software retries that and recovers. Slowly.
In any event on IPv4 it never happens, but then again IPv4 doesn't use ICMP for the sort of control functionality that IPv6 does. One therefore has to wonder..... is there a little global game going on here and there that amounts to moderately low-level harassment in the ISP infrastructure -- but which has as its root a lack of appropriate edge-level -- and interchange level -- filtering to prevent it?
Years ago ports 138 and 139 were abused mightily to hack into people's Windows machines, since SMB and Netbios run on them and the original protocol -- which, incidentally, even modern Windows machines will answer to unless turned off -- were notoriously insecure. Microsoft, for its part, dumped a deuce in the upper tank on this in that turning off V1 will also turn off the "network browse" functionality, which they never reimplemented "cleanly" on V2 and V3 (which are both more-secure.) Thus many home users and more than a few business ones have it on because it's nice to be able to "see" resources like file storage in a "browser" format.
But in turn nearly all consumer ISPs block those ports from end users because if they're open it can be trivially easy to break into user's computers.
One has to wonder -- is something similar in the IPv6 space going on now, but instead of stealing things the outcome is basically harassment and severe degradation of performance?