IPv6 Day

Today both google and facebook turn on their IPv6 addresses in their DNS servers for one day.

C:\>ping www.google.com

Pinging www.l.google.com [2001:4860:800c::93] with 32 bytes of data:
Reply from 2001:4860:800c::93: time=29ms
Reply from 2001:4860:800c::93: time=32ms
Reply from 2001:4860:800c::93: time=68ms
Reply from 2001:4860:800c::93: time=28ms

Ping statistics for 2001:4860:800c::93:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 28ms, Maximum = 68ms, Average = 39ms

C:\>ping www.facebook.com

Pinging www.facebook.com [2620:0:1c00:0:face:b00c:0:2] with 32 bytes of data:
Reply from 2620:0:1c00:0:face:b00c:0:2: time=102ms
Reply from 2620:0:1c00:0:face:b00c:0:2: time=125ms
Reply from 2620:0:1c00:0:face:b00c:0:2: time=94ms
Reply from 2620:0:1c00:0:face:b00c:0:2: time=95ms

Ping statistics for 2620:0:1c00:0:face:b00c:0:2:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 94ms, Maximum = 125ms, Average = 104ms

More Information

My ISP timewarner cable does not support native ipv6 yet, so I am still using he tunnelbroker for my home connection. Nonetheless it works pretty well.

Both most recent Tomato Firmware and Openwrt trunk version have built-in 6in4 and 6to4 support.

Update 1: http://test-ipv6.com/

Update 2: http://ipv6-test.com/

Source address route with multiple IPv6 addresses

I always had ipv6 tunneling enabled on my server. One with he.net and one with 6to4. I never had any problems with them with either as a default route. Recently my server provider linode.com start supporting native IPv6, but I found out other IP addresses are not route-able through native interface. Linux is only smart enough to pick which source address to use for outgoing connection, but not so much about return path.

The solution is policy based routing with IPv6. There are two related options in kernel configure, so make sure they are enabled. If not, you will encounter an error.

First install iproute2 and add a new route table.

echo "200 to4" >> /etc/iproute2/rt_tables

Then you can add source based rules and routes to this table.

ip -6 rule add from 2002::/16 table to4
ip -6 route add 2002::/16 dev 6to4 table to4
ip -6 route add default via :: dev 6to4 table to4

One thing I am still not sure is whether to delete the 2002::/16 from main route table.

ip -6 route del 2002::/16

I think this can solve some stateful firewall problem, but not necessary.

Add QR code to Tumblr Posts

It’s super simple to add a QR code to each Tumblr post. Just add this to anywhere between {block:posts} in your custom template.

<img src="http://chart.apis.google.com/chart?cht=qr&chs=116x116&chl={ShortURL}"/>

Here is an Example on my tumblr.

Amazon offer Free AWS

Amazon announced 1 year free service for new customer. Sign up here.

AWS Free Usage Tier (Per Month):

  • 750 hours of Amazon EC2 Linux Micro Instance usage (613 MB of memory and 32-bit and 64-bit platform support) – enough hours to run continuously each month*
  • 750 hours of an Elastic Load Balancer plus 15 GB data processing*
    10 GB of Amazon Elastic Block Storage, plus 1 million I/Os, 1 GB of snapshot storage, 10,000 snapshot Get Requests and 1,000 snapshot Put Requests*
  • 5 GB of Amazon S3 storage, 20,000 Get Requests, and 2,000 Put Requests*
  • 30 GB per of internet data transfer (15 GB of data transfer “in” and 15 GB of data transfer “out” across all services except Amazon CloudFront)*
  • 25 Amazon SimpleDB Machine Hours and 1 GB of Storage**
    100,000 Requests of Amazon Simple Queue Service**
  • 100,000 Requests, 100,000 HTTP notifications and 1,000 email notifications for Amazon Simple Notification Service**
  • In addition to these services, the AWS Management Console is available at no charge to help you build and manage your application on AWS.

CloudFlare free cdn service

CloudFlare is a new cloud service which provides free website security and caching. A quick test revealed that it uses anycast geodns technology with nginx reverse caching.

The setup process is very easy. You only need to change DNS server from domain registry. Setup wizard will automatically import old DNS setting. However multi tiered sub domain won’t be detected. Both CNAME and A host will be proxyed through by default.

Once DNS change finished, your website will be severed with transparent proxies. Unwanted visitor will be screened and static assets will be cached.

Here is the page loading timeline of my test page
Without CloudFlare
Without CloudFlare
With CloudFlare
With CloudFlare
The page is very simple, but still it clearly shows there’s no measurable latency with dynamic contents and notable improvement with static assets. However text assets like html, css and js have slightly bigger size. My original is compressed with gzip -9.


  • Anycast GeoDNS hosting
  • Vistor security screen
  • Slick analytics
  • Transparent caching around world
  • Basic account is free
  • Very easy to setup


  • Http only, no video streaming
  • Slow in Asia
  • Suboptimal gzip compression ratio

Overall I am very impressed with the free features and performance.

A Simple OpenID Login Example on Appengine

I wrote a simple openid login example.

I used user api to do the real login.
Login Buttons

Here is source code.

The idea is very simple. Instead of redirecting main page, I use javascript to popup a small page. Most providers have webpage optimized for popup. Then this page will detect callback and refresh main page and close itself. A hidden iframe will also try previous login url if available.