RE: Tunneling scenarios and mechanisms evaluation

["Jeroen Massar" <jeroen@unfix.org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Pekka Savola wrote:

<SNIP>

Giving some insight on this as seen from the SixXS project...
If you think this is marketing hype thing alike skip this message
there is no commercial thing in the project and it is all on a
free/goodwill basis with the main target of providing IPv6 deployment.

> > Please elaborate on this point.  If  your ISP does not help but
> > a neighboring ISP offer v6 tunnels, what is the problem?
> 
> The problem is that the neighboring ISP won't offer v6 tunnel to you 
> because you're not his customer.

In general this is actually what we are doing. The red line though
is that people should provide full contact address information and
that their endpoint has a latency of less than 100ms.

> There has been very little 6to4 relay deployment.  And that's even
> better for the ISPs to deploy, because the abuse etc. that happens
> doesn't come from you 2001:f00::/32 address space.  The ISPs in
> general *don't* want to offer their production space address space to
> every John Doe that comes knocking on their door.  

I personally think that that is actually one of the things *against*
6to4, it is totally untraceable/debuggable as one never knows where
packets are going to flow to/from as there just might be one or even
more hidden 6to4 relays along the route.

Next to that apparently many users *demand* RIR space, they think
it is cooler or works better. There are even people who are proud
to have inet6num's ;)

As for abuse, in case of SixXS, it has been at an all time low
fortunatly and we haven't heared a complaint for quite some while
(*knock on wood*) but that could be because of the quite strictness
with which users are accepted and the fact that they know that they
are out and are kept out of the system when they have commited it.

> Having followed this relay / tunnel deployment for a while, it seems
> like that offering these kind of services to outsiders is not seen as
> very interesting thing to do.  Sure, there are some who do it in any
> case, but more often than not, they're rather far away (and to
> optimize that, a "broker discovery" mechanism would not hurt) because
> they're so scarce.

The 'discovery' mechanism we use for the SixXS project is quite simple
though absolutely not automated: users signs up through the website
and gives it's details, thus we know his address+country + IP, then
after being approved they can request a tunnel, again we get an IP.
Then the system 'asks' the POPs who is willing to serve that IP.
The POPs that want to serve the user then display them selves and
the user can select it, again a manual approval based on lowest
latency/least hops and some other criteria. The approvals are
web or cli based thus admins only select from some default answers.

> If Internet was still this co-operative, non-profit environment, this
> kind of "open for all" tunnel broker model would be very efficient..  
> but this is not the case, unfortunately..

SixXS currently has 11 POPs across europe and for the exception of
two of those they are all open and providing IPv6 to quite a number
of users who seem to be very happy about the service, you only
hear them complain when it breaks, which happens only about once
a year when there is some odd hardware failure. Generally a POP
only serves the users of that country, unless it is the closest
POP for a user where there are no POPs in the country.

Or in numbers: (http://www.sixxs.net/misc/usage/)
The 1747 users span 44 countries.
The 1649 tunnels span 35 countries.
Currently there are 923 subnet delegations over the tunnels.
In the these numbers deleted and disabled tunnels are not counted.

I do have to add that we are apparently in quite a unique
situation as as far as I know of there are not that many
public Tunnel Brokers in the US/Asian parts of the world.

First 27 pages of a google on "tunnel broker", sorted on
region and order of appearance in google:

US:
 1 Hurricane (http://ipv6.he.net)
 2 Freenet6 (http://www.freenet6.net)

Europe:
- - BT Exact (http://tb.ipv6.btexact.com)
- - Dolphins (http://tunnelbroker.as8758.net)
- - XS26 (http://www.xs26.net)
- - ngNet.it (http://tb.ngnet.it)
- - Estpak (http://www.ipv6.estpak.ee)
- - Euro6ix (http://www.euro6ix.org:8080/tb/)
- - FCCN/IPv6-TF.pt (http://ipv6-tf.com.pt/tunnel/)
- - SixXS (http://www.sixxs.net)
- - Berkom (http://fix.ipv6.berkom.de/cgi-bin/tb.pl)
- - Netgroup.dk (http://noodle.ngdc.net/~hroi/tb/)
- - Coredumps (http://tb.coredumps.org/)

Asia/Australia:
- - Manis (Beta; http://tbroker.manis.net.my)
- - SingNet (http://tunnel-broker.singnet.com.sg)
- - AARNet (http://broker.aarnet.edu.au)
- - SJTU.edu.cn (http://tb.sjtu.edu.cn/)
- - ASCC (http://tb.ipv6.ascc.net/)
- - NGIX (http://tb.ngix.ne.kr/cgi-bin/tb.pl)

19 and there are probably a couple of others, as to
how and if they work and how stable they are that is
up to their respective users. It might be interresting
to know how many active/used tunnels are being used
around the globe though as that might indicate a bit
if there is a demand and how it could be fulfilled.
Statistics on how these TB's are used could also prove
interresting. Policies of these brokers might differ
btw to be open or closed or they only might serve to
a certain region and have other regulations in hand.
Next to that there are bound to be private TB's which
are not to be found in google.

Greets,
 Jeroen

-----BEGIN PGP SIGNATURE-----
Version: Unfix PGP for Outlook
Comment: Jeroen Massar / http://unfix.org/~jeroen/

iQBGBAERAgAQCRApqihSMz58IwUCQFMJGgAAlwcAnisbsI75IPYnbnVTs1SqwxkV
USPPAJ9MwuxWg52PZTeaxtuixjrbGzZAqA==
=h9IU
-----END PGP SIGNATURE-----