pay.gov and IPv6
ler762 at gmail.com
Wed Nov 16 22:00:08 UTC 2016
On 11/16/16, Mark Andrews <marka at isc.org> wrote:
> In message <1479249003.3937.6.camel at ns.five-ten-sg.com>, Carl Byington
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA512
>> Following up on a two year old thread, one of my clients just hit this
>> problem. The failure is not that www.pay.gov is not reachable over ipv6
>> (2605:3100:fffd:100::15). They accept (TCP handshake) the port 443
>> connection, but the connection then hangs waiting for the TLS handshake.
>> openssl s_client -connect www.pay.gov:443
>> openssl s_client -servername www.pay.gov -connect 220.127.116.11:443
>> Browsers (at least firefox) see that as a very slow site, and it does
>> not trigger their happy eyeballs fast failover to ipv4.
> Happy eyeballs is about making the connection not whether TCP
> connections work after the initial packet exchange.
> I would send a physical letter to the relevent Inspector General
> requesting that they ensure all web sites under their juristiction
> that are supposed to be reachable from the public net get audited
> regularly to ensure that IPv6 connections work from public IP space.
That will absolutely work.
NIST is still monitoring ipv6 .gov sites
so the IG isn't going to do anything there & pay.gov has a contact us page
that I'd bet works much better than a letter to the IG
More information about the NANOG