[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 6to4 public anycast relay considered a bad think (was Re: 6to4 connectivity test)

To: v6ops Operations <v6ops@ops.ietf.org>
Subject: Re: 6to4 public anycast relay considered a bad think (was Re: 6to4 connectivity test)
From: Remi Denis-Courmont <rdenis@simphalempin.com>
Date: Wed, 6 Feb 2008 13:05:30 +0100
In-reply-to: <0A68FEA7-FD91-48F7-AE6B-2FB454131F51@daork.net>
Organization: Remlab.net
References: <0A68FEA7-FD91-48F7-AE6B-2FB454131F51@daork.net>
User-agent: RoundCube Webmail/0.1-rc2

On Wed, 6 Feb 2008 16:35:41 +1300, Nathan Ward <v6ops@daork.net> wrote:

>>> Instead of trying to "fix" 6to4, which also has this rather annoying

>>> issue called NAT which it can't 1,2,3 bypass, why not simply push

>>> Teredo forward which has all these points resolved already?

On the other hand, Teredo has some limitations that 6to4 does not have.

For a start, it can only provide one address per end-point. As such, while

it can address the "lame automatic 6to4 tunneling" PC problem (e.g. Vista),

it won't fix the "lame automatic 6to4 tunneling" access point/router

problem (e.g. Airport), as the router would have no prefix to advertise.

Then, Teredo requires state, not only on the gateway side, but also on the

relay side. Of course, fixing 6to4 to detect firewalls would unavoidably

require this too, so this is a lesser issue.

>> The Teredo model, actually from our observation with available code

>> from its major source, is that both end need to have it configured

>> to enable a reliable connection.

Yep, that is, both end sites. You can share a single Teredo relay from a

native V6CPE for an entire house, or for a whole server farm.

>> We tried with an open Teredo relay, and packets went sometimes to

>> Korea, sometimes nowhere.

There are very few public/global Teredo relays. Indeed, if you don't have

your own relay, your path may be very suboptimal.

>> In other words, this is fine to get IPv6 working between 2 PCs in

>> different

>> homes separated by NAT boxes, but this is not usable to access a

>> regular

>> IPv6 server on the Internet **UNLESS** that server also deploys

>> Teredo...

The server site would preferably have to have a relay. Not necessarily the

server itself. Of course, this is only useful if the server does not have

IPv4 at all. If it does have IPv4, then source address selection will go

for IPv4 instead of Teredo.

>> So, going that route, if an IPv6 server wants to offer reliable

>> service to

>> customers, it might have to be configured with:

>> - a regular global IPv6 address to serve regular IPv6 native customers

>> - a 6to4 address to serve 6to4 customers and avoid open relays

Even that won't solve most of the problems with 6to4.

>> - a Teredo address to serve PC behind NAT box that uses Teredo

>> IMHO, this makes the deployment model of new servers a bit complex...

> I'm unclear as to why a server would need three different addresses,

> as opposed to one address, and two relays. Rather, I'm unclear as to

> why that would be an improvement.

It would yield different result with source address selection, especially

if IPv4 is also available. However, there are practical problems, such as

how to put multiple IPv6 addresses with different source address selection

labels in the DNS... without breaking down every second IPv6 capable DNS

resolver on the client side.

-- 

Rémi Denis-Courmont

http://www.remlab.net

References:
- Re: 6to4 public anycast relay considered a bad think (was Re: 6to4 connectivity test)
  - From: Nathan Ward <v6ops@daork.net>

Prev by Date: Simplified NAT-PT
Next by Date: Re: [Fwd: Re: About IPv6 private address]
Previous by thread: Re: 6to4 public anycast relay considered a bad think (was Re: 6to4 connectivity test)
Next by thread: Re: 6to4 public anycast relay considered a bad think (was Re: 6to4 connectivity test)
Index(es):
- Date
- Thread