IPv6 troubleshooting help needed
Now that security.debian.org has got AAAA records, reports regarding
connectivity issues pop up in odd places. The level of complaints is
still rather low (quite unexpected to me), and it's not affecting user
experience in a significant way (I think), but we should still try to
improve things where we can.
In short, we're looking for Debian Developers who help us to debug
IPv6 connectivity issues. Here's the basic skill set (which may seem
a bit daunting, but if everything were easy, we wouldn't have anything
to troubleshoot, right?):
- basic knowledge of BGP and real-world Internet WAN routing
and traffic exchange policies
- ability to interpret looking glass output (show ip bgp, show
route) and traceroutes
- some IPv6 experience preferred
- basic understanding of DNS (A/AAAA records,
proxy/forwarding/recursive/authoritative server distinction)
- Internet2 routing knowledge is a plus (but certainly not a must)
- non-English language skills would help as well
- DD status required
Tasks include:
- subscribing to the various mailing lists (debian-user, NANOG and
other *NOGs, outages, dns-operations, language-specific lists) and
monitor them for occurrences of security.debian.org
- following up on reports, requesting more information if necessary
- obtaining the reverse view from Debian's own hosts
- try to guess where the problem is located (the hard part!)
- contacting network operators in case of persistent issues
- interacting with DSA if action on Debian's part is required
- ask native speakers within Debian for help in case there's are
language barrier towards the reporter
The most frequent issues I've seen are related to partial transit from
Internet2, and broken DNS proxies taking AAAA records and serving
their first four bytes as IPv4 addresses. I don't think we've fully
debugged either set of issues, unfortunately. The upside is that
large parts of the IPv6 community are friendly, accessible and eager
to help out when there are problems.
If you're interested, drop me a message.
Access to proper troubleshooting tools will require LDAP privileges
which are subject to DSA and security@ approval (hence the DD status
requirement).
Reply to: