Image couldn't load - you don't seem to have IPv6 connectivity

Twitter · Flickr · LinkedIn · publications · @ Ars Technica · BGP (O'Reilly, 2002) · BGPexpert.com · presentations · iljitsch@muada.com

Hi, I'm Iljitsch van Beijnum. I'm a freelance network architect, specializing in internet routing (BGP) and interconnection between networks (peering and more).

On this site I post both work related and somewhat less work related articles, for purely work-related information, see BGPexpert.com. Some of the blog posts here are in Dutch, others are in English.

Fun with fonts!

After many years of using Century Gothic and its clone URW Gothic Book for my website muada.com, I felt it was time to reconsider that choice. So I went font hunting!

Over the course of my hunting expedition, found a nice new font, Muli, and I created a page that lets you compare different fonts and their weights interactively. Have a look.

Permalink - posted 2019-12-12

After sunset

After sunset

Image link - posted 2019-12-04

Time to turn off IPv4 (just a little)

Another month, and we'll be living in the 2020s. And yet, 70% of the internet is still IPv4-only. (I'll be writing a story looking back on IPv6 progress the past decade in January.) So I thought: maybe I should draw a line in the sand and turn off IPv4 for my website. But then how will those 70% find me, and all the links to older content will be dead to much of the internet.

Note: this is an example of the warning image, your IPv6 connectivity may be fine!

So instead, I decided to host some of the images on my old website muada.com and the new home of my blog illjitsch.com on an IPv6-only domain name. This means that browsers running on a system with only IPv4 connectivity will find that they can't load the image at the top of this page. There's no tricks involved: the browser encounters a cold hard error.

However, I didn't want to have a broken image show up on the page, because people might just think it's my HTML skills that are the problem, rather than them being stuck in the past IP-version wise. So the browser is instructed that when it can't load the image, it should load another. That has a nice big warning in neon colors. I also use an image map to let people click on the word "IPv6" to get to a page that explains what's going on. If javascript is turned off, there's just a line of text saying there is no IPv6 connectivity.

Note that browsers will cache images, so you may still see the correct skyline image even if you currently don't have IPv6 connectivity.

This is the HTML code. You can click on the images to try if they load manually.

<img src="http://images.iljitsch.com/images/skylinedenhaag2.jpg" width=1920 height=180 style="max-width: 1920px" alt="Image couldn't load - you don't seem to have IPv6 connectivity" onerror="this.onerror=null;this.src='/images/warn-img-no-ipv6.png';" usemap="#nov6link">

<map name="nov6link" id="nov6link">
  <area shape="rect" coords="425,110,500,150" title="Click here for an explanation" href="http://iljitsch.com/ipv6-warning.php" />
</map>

I hope that more people will do the same so people start to actually notice that they're behind the times by having just IPv4 connectivity.

Permalink - posted 2019-12-03 - Nederlandse versie

Tijd om IPv4 uit te zetten (een beetje)

Over een maand leven we in de jaren '20 van de 21e eeuw. En toch heeft 70% van het internet nog steeds alleen maar IPv4. (In januari schrijf ik een verhaal dat terugkijkt naar de voortgang van IPv6 in het afgelopen decennium.) Dus ik dacht: misschien moet ik een streep trekken en IPv4 uitschakelen voor mijn website. Maar dan kan 70% me niet meer vinden, en de links naar oudere artikelen zijn dan dood voor een groot deel van het internet.

Let op: dit is een voorbeeld van de waarschuwing, je IPv6-connectiviteit kan prima in orde zijn.

Dus in plaats daarvan heb ik besloten om een aantal plaatjes op mijn oude website muada.com en de nieuwe plek voor mijn blog illjitsch.com the hosten op een IPv6-only domeinnaam. Dat betekent dat browsers die runnen op een systeem met alleen IPv4-connectiviteit zullen merken dat ze het plaatje bovenaan deze pagina niet kunnen laden. En dat zonder truuks: de browser loopt tegen een ijskoude fout aan.

Maar ik wilde ook niet een kapot plaatje bovenaan de pagina laten staan, want dan zouden mensen kunnen denken dat ik niks van HTML snap, in plaats van dat zij het zijn die in het IP-versie-verleden vast zitten. Dus de browser krijgt de opdracht dat wanneer-ie het plaatje niet kan laden, hij een daarvoor in de plaats een ander plaatje laadt. Dat plaatje heeft een mooie grote waarschuwing in neon-kleuren. Ik gebruik ook een image map zodat mensen op het woord "IPv6" kunnen klikken om uitleg te krijgen. Als javascript uit staat verschijnt er een regel tekst die zegt dat er geen IPv6-connectiviteit is.

Let op dat browsers plaatjes bufferen, dus het kan zijn dat je nog steeds het correcte plaatje met de skyline ziet ook al heb je op dit moment geen IPv6-connectiviteit.

Dit is de HTML-code. Je kan op de plaatjes klikken om ze handmatig te laten.

<img src="http://images.iljitsch.com/images/skylinedenhaag2.jpg" width=1920 height=180 style="max-width: 1920px" alt="Image couldn't load - you don't seem to have IPv6 connectivity" onerror="this.onerror=null;this.src='/images/warn-img-no-ipv6.png';" usemap="#nov6link">

<map name="nov6link" id="nov6link">
  <area shape="rect" coords="425,110,500,150" title="Click here for an explanation" href="http://iljitsch.com/ipv6-warning.php" />
</map>

Ik hoop dat meer mensen dit ook gaan doen zodat anderen daadwerkelijk gaan zien dat ze achterlopen met alleen IPv4-connectiviteit.

Permalink - posted 2019-12-03 - English version

Slides: AS paths: long, longer, longest

Presentation slides from my lightning talk "AS paths: long, longer, longest" at the RIPE-79 meeting in Rotterdam, 18 October 2019.

Permalink - posted 2019-11-29

Valid address space, bogons and martians

There are some advantages to filtering out packets with invalid addresses in them. That would be a packet with a private source or destination address, for instance. Those never have any business traveling across the internet. (Not to be confused with BCP 38 filtering.) For instance, there have been instances where spammers grab an unused prefix, start announcing it in BGP, do a spam run and then drop the prefix. When packets with private addresses enter your network, bad things may happen if you use those addresses yourself. And these invalid "martian" packets are just an annoyance, using up traffic and generating log entries.

The term martian refers to packets that seem to come from Mars, as they can't come from any place here on earth. The BGP announcements for invalid address ranges are often called "bogons". I'm not sure if everyone makes that distinction, but I'll use martian for any address or address block that has a specific purpose, and that purpose means it shouldn't appear in the global routing table. IANA maintains registries of the IPv4 special purpose addresses and the IPv6 special purpose addresses. Note that some addresses are special purpose, but also globally reachable/routable. This is made explicit on the lists.

Bogons include the martians, but also any address space that is currently unused. These are the IPv4 and IPv6 full bogons lists that Team Cymru distributes. The regular, non-full bogons list has only the martians.

If you're considering filtering martians and/or bogons, it's important to realize that these lists change over time. However, martian lists are quite stable, so if you fail to update filters based on the martian lists at regular intervals, that's unlikely to result in problems. However, the full bogons lists changes daily, so it's absolutely crucial to have a solid update mechanism in place if you decide to do full bogon filtering. And note that for IPv4, the full bogons list is quite short as we're pretty much out of IPv4 space, while for IPv6 it's very long as we've barely put a dent into the IPv6 address space.

Last but not least, it's important to realize what part of the IPv4 and IPv6 address space is set aside for global unicast (= regular) use. The IPv4 address space consists of five classes:

The bogons and martian lists will filter out classes D and E.

With IPv4 class E space we had the unfortunate situation that because many systems considered 240.0.0.0/4 "invalid", it was impossible to repurpose it as regular address space when we started running out of IPv4 address space. So currently, people are paying good money to obtain IPv4 address space because the RIRs don't have any anymore, but 268 million IPv4 addresses remain unused. That's $5 billion worth of IPv4 at $20 per address!

For IPv6, the situation is a bit more complex. Currently, only 2000::/3 is actually used for global unicast. So any valid (non-multicast) packet you'll see traveling across the internet starts with 2xxx: or 3xxx:. However, to avoid repeating the IPv4 class E debacle, the standards documents explicitly designate all IPv6 address space that isn't set aside for a specific different use as global unicast. From RFC 4291:

The bogons and martian lists will filter out all the non-global unicast space.

Permalink - posted 2019-11-28

older posts

Search for:
RSS feed (no photos) - RSS feed (photos only)
Archives: 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019