Re: implications of 6to4 for v6coex

[james woodyatt <jhw@apple.com>]

On Sep 14, 2008, at 20:49, Brian E Carpenter wrote:
> Long story ==> very short:
>
> [I wrote:]
> > The reasoning behind my idea is that service providers really do  
> > not want their 6to4 relays to be available outside their own  
> > networks,
>
> That may or may not be true, and I could give you a current example  
> where it's
> definitely not true (i.e. an ISP intentionally announcing its 6to4  
> relay
> at an exchange point).

Yes, you're right.  I over-generalized.  Some providers don't mind.   
Others certainly do.

It's been made clear to me in private conversations with  
representatives of more than one very large service provider that  
their continuing lack of 6to4 relay service offerings to their  
subscribers is directly caused by their perceived inability to limit  
the availability of the relay service to their subscribers only.  Some  
service providers clearly believe that they have no practical means of  
doing it, i.e. that ingress filtering and limited BGP advertisement  
are impractical, and so they are actively resisting deployment of any  
6to4 or Teredo relay routers.

> [...] in fact I'm plagued at the moment by a 6to4 relay that is  
> widely advertised but that doesn't actually offer service.

I know of at least two relays that plague a large number of IPv4 users  
in this way.  One of them is widely advertised throughout North  
America by the two largest retail Internet service providers to  
residential customers.  Neither relay I know about is operated by an  
organization capable of handling the load they are being delegated.   
Of course, they are unable to provide relay service for the entire  
Internet.  (One of them is operated by an organization I can't  
discover any useful information about, and I honestly wonder if it  
might be a cut-out for a signal intelligence operation.)

Inoperative public relay routers wouldn't pose as much of a problem if  
service providers were taking seriously the need to guarantee the  
integrity of the 6to4 relay service available to their IPv4  
customers.  As noted above, most are deferring it to disinterested  
third-parties without sufficient capabilities, and some are certainly  
doing it *deliberately* because of their technical objections to the  
standard.

> However I don't really get why we'd benefit from reserving special  
> IPv4
> space to be not advertised. I do see why we'd benefit from making it
> clear that the relay anycast should only be advertised within a scope
> where it actually works, but that seems as much an issue for an  
> O'Reilly
> book as for an RFC.


I had an extensive discussion off-list with Nathan Ward about this,  
and he helped me refine my ideas considerably.  When I get the time to  
work on my draft, it will include a better-composed justification for  
allocating a new special-use block.

Again, my purpose is to address the technical concerns I've heard  
expressed from service providers who do not want the IPv4 interface  
addresses of their 6to4 relay routers (and, yes Teredo relays too)  
from being disclosed *at* *all* outside their networks, i.e. not just  
kept out of BGP-- because they do not feel that ingress filtering is  
practical, and that it wastes global IPv4 addresses, and finally that  
they don't want to deal with realm conflicts associated with using RFC  
1918 for both subscriber networks and relay router interfaces.

In any case, we've heard technical objections from service providers  
on the V6OPS list to deploying 6to4 and Teredo relay routers before,  
and it seems like either A) those objections will need to be addressed  
for IPv4-IPv6 coexistence to work, or B) we should deprecate those  
transition mechanisms for which we cannot satisfy the legitimate  
technical concerns of very large service providers actively resisting  
the deployment of necessary relay routers.


--
james woodyatt <jhw@apple.com>
member of technical staff, communications engineering