[ipv6hackers] Windows 7/2008 R2 Improved Resilliency to IPv6 Floods

Owen DeLong owend at he.net
Mon Apr 15 19:06:30 CEST 2013

On Apr 15, 2013, at 00:19 , Marc Heuse <mh at mh-sec.de> wrote:

> On 15.04.2013 05:24, Jim Small wrote:
>>> In my mind, that's a poor tradeoff. I would much rather have seen MS
>>> implement happy eyeballs. It would have much greater overall benefit,
>>> and none of the drawbacks.
>> I understand what you're saying - that's exactly how I felt.  I spoke to someone close to the Microsoft core networking team.  From Microsoft's vantage point the most important thing is determinism.  The problem with happy eyeballs is you have non-deterministic behavior.  For an excellent discussion of this with references, see here:
>> http://blog.ioshints.info/2013/03/happy-eyeballs-happiness-defined-by.html

If this is deterministic, it's about the only result from Windows that is.

Almost by definition, the internet is non-deterministic and when you're talking about
client connections, usually the most important thing is a good user experience. A
deterministically bad one is questionable at best.

>> It would be nice if there were an option to enable happy eyeballs though if the user/organization desired that behavior.  But again, I think Microsoft is afraid of the supportability/costs of a non-deterministic approach.
>> I' not sure I completely agree with the end result, but I understand where they are coming from.
> I understand Microsoft as well on this point. undeterministic behaviour
> is a big issue if you need to diagnose problems.

When you're in diagnostic mode, there are plenty of ways to force the
particular protocol you want. The solution to this is better instrumentation.

That's why we have the -6 option to ping, tracert, and netstat. (Or in most
operating systems ping/ping6, traceroute/traceroute6, etc.)

> But in my opinion, user experience should be the top priority, and IMHO
> the happy eyeballs technique is the best solution.

I agree with the first point. As to the second, it seems to be the best current
workaround. In the long run, IPv4 deprecation will help a lot.

> The common unix/network solution fails too at least for me (I mean the
> getaddr(ptr, "foo.com);while(ptr != NULL) { connect(foo->addr)... one)
> because if the IPv6 connection to the destination fails, the user has to
> wait for the timeout before the IPv4 address is tried.

That's why you should use non-blocking connect and select() to see
which one succeeded first.

> About the happy eyeballs technique - is there a simple best practice
> code published somewhere that is cross platform? That would be very
> helpful to point to and encourage developers to implement instead.

I'll work on creating one unless someone has a pointer to one.


More information about the Ipv6hackers mailing list