pay.gov and IPv6

Carl Byington carl at five-ten-sg.com
Sun Nov 13 17:33:14 UTC 2016


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Following up on a two year old thread, one of my clients just hit this
problem. The failure is not that www.pay.gov is not reachable over ipv6
(2605:3100:fffd:100::15). They accept (TCP handshake) the port 443
connection, but the connection then hangs waiting for the TLS handshake.

openssl s_client -connect www.pay.gov:443

openssl s_client -servername www.pay.gov -connect 199.169.192.21:443

Browsers (at least firefox) see that as a very slow site, and it does
not trigger their happy eyeballs fast failover to ipv4.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)

iEYEAREKAAYFAlgoo9AACgkQL6j7milTFsEIhwCfS2nVWDwjGk5LLaPpAntLC8la
RpMAniYdP2OmTcx4+lJmaIu538LK9pqJ
=SOdT
-----END PGP SIGNATURE-----





More information about the NANOG mailing list