[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 6to4 considered a bad thing

To: v6ops Operations <v6ops@ops.ietf.org>
Subject: Re: 6to4 considered a bad thing
From: james woodyatt <jhw@apple.com>
Date: Fri, 1 Feb 2008 13:48:40 -0800
In-reply-to: <AFE0AC8DCDE68842B94E8EC69D5F21D639F2466D45@NA-EXMSG-W602.wingroup.windeploy.ntdev.microsoft.com>
References: <89C4B01D-C26D-411B-8AA5-BDB3B1AF724A@apple.com> <C3C8EF4E.A8B5%alain_durand@cable.comcast.com> <AFE0AC8DCDE68842B94E8EC69D5F21D639F2466D45@NA-EXMSG-W602.wingroup.windeploy.ntdev.microsoft.com>

On Feb 1, 2008, at 13:23, Christian Huitema wrote:

James is observing that some public relays are broken, perhapsdeliberately.

I'm also observing that some ISP's are refusing to deploy 6to4 relaysat *private* anycast addresses inside their own interior routingdomains, preferring instead to dump the 6to4 "problem" to whateverthe nearest public 6to4 relay is advertising service (which may ormay not actually be available).

I think it would be helpful if routes to 192.88.99.1 shouldn't beadvertised to peers from which protocol 41 packets will not bedecapsulated and forwarded into an IPv6 domain.

Teredo went one step further. Public gateways can easily be abused.So Teredo introduced a discovery mechanism to find out the bestgateway on a destination by destination basis. That mechanism islittle more than a ping, and could easily be ported to 6to4. Wecould assume that 6to4 routers maintain a "routing cache"associating specific "native IPv6" destinations with the "closest6to4 gateway". Given a new IPv6 destination, the 6to4 router willsend a ping through the public server, note the IPv4 address fromwhich the ping comes back, and send the rest of the traffic throughthat address.

This assumes the "ping" packets will pass through the same firewallsas the packets that trigger them. If they don't produce a timelyresponse, what happens? Remember, at this point, there is a humanbeing sitting at a console watching a stalled progress bar andwaiting for a connection to go through. The connection they'reattempting is IPv6 because their host has a global IPv6 addressassigned (with a 2002:aabb:ccdd:xxxx:/64 prefix) and they got ananswer to a request for AAAA records.

Their host can connect to other hosts in 2002::/16 just fine. It'sonly the non-2002::/16 address that are unreachable. So, how manynon-6to4 destinations do we have to "ping" before we decide to stopadvertising an IPv6 default route for those 2002:aabb:ccdd:xxxx::/64addresses altogether?

At this point, if large IPv6-capable ISP's cannot be persuaded todeploy 6to4 relays in their interior IPv6/IPv4 routing domains forthe use of their paying, retail IPv4 customers, then I have to saythat 6to4 is a failure as a transition strategy, and we should movenow to deprecate it.



--
james woodyatt <jhw@apple.com>
member of technical staff, communications engineering

Follow-Ups:
- Re: 6to4 considered a bad thing
  - From: Brian E Carpenter <brian.e.carpenter@gmail.com>
- Re: 6to4 considered a bad thing
  - From: Kevin Day <toasty@dragondata.com>

References:
- 6to4 connectivity test
  - From: james woodyatt <jhw@apple.com>
- 6to4 public anycast relay considered a bad think (was Re: 6to4 connectivity test)
  - From: Alain Durand <alain_durand@cable.comcast.com>
- RE: 6to4 public anycast relay considered a bad think (was Re: 6to4 connectivity test)
  - From: Christian Huitema <huitema@windows.microsoft.com>

Prev by Date: RE: 6to4 public anycast relay considered a bad think (was Re: 6to4 connectivity test)
Next by Date: Re: 6to4 public anycast relay considered a bad think (was Re: 6to4 connectivity test)
Previous by thread: RE: 6to4 public anycast relay considered a bad think (was Re: 6to4 connectivity test)
Next by thread: Re: 6to4 considered a bad thing
Index(es):
- Date
- Thread