RE: 6to4 deployement issues - was 6to4 security questions

["Jeroen Massar" <jeroen@unfix.org>]

Laurent Dumont [mailto:laurent@apple.com] wrote:

This is more turning into a "How to push IPv6" thread ;)

> Brian, 
> 
> I know it's not the best solution, but it's the best tool we 
> currently have to give our end nodes sitting at home on a DSL or cable
modem an IPv6
> address. I'd much rather have the ISPs advertise or delegate 
> a prefix, but realistically it won't happen because they have no
incentive 
> to make it happen. 
> 
> In order to boot strap the process and get a wide application 
> deployment, we need some user perceived advantage for IPv6, and peer
to peer 
> maybe the way. To get peer to peer to work easily, IPv6 is a good
tool, but 
> to get an IPv6 address, 6to4/Teredo seem like the only possible route
at 
> this point for a home Mac user.

IMHO most users wanting too use IPv6 _now_ will sign up directly with a
tunnelbroker.
One will see that signing up using a webinterface is really not that
hard.
eg: MSN/ICQ/Yahoo/<fill in [instant messenger/kazaa/peer-to-peer]
service>/,
Most users will work it out quite easily if they know what they want.
Unfortunatly there are not many applications that currently support
IPv6.
And as you and I and some others already said it's a chicken and egg
problem ;)
Using tools such as provided by freenet6 gives quite a tremendous ease
of use.

One thing to note is that many commonly-used programs that don't really
depend on IPv6 features like security etc are not ported yet either.
Even though porting those applications is quite easy, one simply needs
to
run through Itojun's excelent doc
(http://www.kame.net/newsletter/19980604/)
And those applications (webbrowsers, email clients, mailservers) will be
IPv4 and IPv6 capable. At least this will give webhosters the
incentitive
to start providing an IPv6 google/altavista/* and more.

> I'm not sure that the relay model will collapse if many 6to4 
> users are using it, because the reality is that a 6to4 node will most
likely 
> be talking to another 6to4 peer and will really not go through any
relay 
> for most of its traffic. Why? because there is nothing of interest for
them 
> on the 6bone, so that won't change much to the current situation...

One should not look at the 6bone, end-user deployment is not
experimental
nor a test. These should happen in RIR space.

> The alternative, the way I see it, is just to ignore IPv6 for 
> now and wait for providers to wake up one day and magically start
giving out IPv6
> prefixes. Is that what we want?

No ofcourse not :)
Thats why we held the AMS-IX IPv6 Awareness Day to kick a little life
into those
ISP's, checking the assignment list* one will see that Luna, Cistron,
Trueserver,
Interned, TooFast, Demon and Hubris all got an allocation because of
that event.
Hubris even got it working on the same day!
RIPE/ARIN/APNIC could pro-actively "spam" their LIR's and push them into
the
right direction or by organizing IPv6 days like this. Notez bien that
the current
stats for allocations (see * also) is:

RIPE  : 132
ARIN  :  39
APNIC :  90

Now what really should happen is that the US wakes up :)
Where is a company like RoadRunner or many of the other very large US
ISP's?
Even _if_ there was an ability for people to use 6to4 relays
automatically
why should they use it if there isn't any content to connect too?
And with content I mean simple things which can be easily dual-stacked
like:
HTTP, SMTP, POP3/IMAP, NNTP, eg the basic services one uses.

* = http://www.ripe.net/ipv6/ipv6allocs.html

Btw:
$ host -t aaaa www.apple.com
www.apple.com           CNAME   www.apple.com.akadns.net
www.apple.com.akadns.net AAAA record currently not present
$ host -t aaaa www.ipv6.apple.com
www.ipv6.apple.com has no AAAA record (Authoritative answer)

You could give all those users a 6to4 by default, but then they can't
even
use the, imho, magnificent trailers part of the apple website over IPv6
;(

Greets,
 Jeroen

PS: before anyone speaks up, indeed unfix.org is v4 only too :(