[ipv6hackers] Windows 7/2008 R2 Improved Resilliency to IPv6 Floods

Marc Heuse mh at mh-sec.de
Mon Apr 15 09:19:19 CEST 2013 

On 15.04.2013 05:24, Jim Small wrote:
>> In my mind, that's a poor tradeoff. I would much rather have seen MS
>> implement happy eyeballs. It would have much greater overall benefit,
>> and none of the drawbacks.
> 
> I understand what you're saying - that's exactly how I felt.  I spoke to someone close to the Microsoft core networking team.  From Microsoft's vantage point the most important thing is determinism.  The problem with happy eyeballs is you have non-deterministic behavior.  For an excellent discussion of this with references, see here:
> http://blog.ioshints.info/2013/03/happy-eyeballs-happiness-defined-by.html
> 
> It would be nice if there were an option to enable happy eyeballs though if the user/organization desired that behavior.  But again, I think Microsoft is afraid of the supportability/costs of a non-deterministic approach.
> 
> I' not sure I completely agree with the end result, but I understand where they are coming from.

I understand Microsoft as well on this point. undeterministic behaviour
is a big issue if you need to diagnose problems.

But in my opinion, user experience should be the top priority, and IMHO
the happy eyeballs technique is the best solution.

The common unix/network solution fails too at least for me (I mean the
getaddr(ptr, "foo.com);while(ptr != NULL) { connect(foo->addr)... one)
because if the IPv6 connection to the destination fails, the user has to
wait for the timeout before the IPv4 address is tried.

About the happy eyeballs technique - is there a simple best practice
code published somewhere that is cross platform? That would be very
helpful to point to and encourage developers to implement instead.

btw. this reminds me of the Apple issue to close the DNS resolve UDP
port, once the first response (A or AAAA) came in, and only use this
answer. is this still the case and not fixed? because this is is the
most undeterministic behaviour ever! :-)

Greets,
Marc

--
Marc Heuse
www.mh-sec.de

PGP: FEDD 5B50 C087 F8DF 5CB9  876F 7FDD E533 BF4F 891A

More information about the Ipv6hackers mailing list