RE: 6to4 anycast IP as source address / PTR record

[Christian Huitema <huitema@windows.microsoft.com>]

> I don't see how. There are quite some variants of 6to4 that haven't
> been used, but that doesn't seem to be grounds for undocumenting them.
> I think it's 3068 that needs rewriting, to document what has been
> learnt about using anycast relays to support host-based 6to4.

When I wrote RFC 3068, I received a lot of feedback from operation folks about the use of anycast in general, and anycast as a source address in particular. They were concerned that using anycast introduced an element of uncertainty. The host, and maybe the network provider, could not predict which certainty which 6to4 relay would be used. This makes it harder to detect and correct issues. Using the "equivalent IPv4 address" as source alleviates these concerns somewhat.

Since them, I heard two different arguments for using anycast as source address. Some time ago, Pekka explained that it was desirable for ISP to not advertise their particular source address, so they will not be exposed to targeted attack or legal complaints. More recently, we heard the argument that "stateful packet inspection" firewalls are more likely to work well if the same pair of addresses is used in both directions.

These are fine arguments, but I don't know whether they override the initial concern about traceability and fault detection. If we settle for the anycast address as source, we may want a way to discover the "equivalent IPv4 address", maybe using a particular ICMP message.

-- Christian Huitema