6to4 and 'campus' networks

[Nathan Ward <v6ops@daork.net>]

Many university campus networks (and large businesses that have been  
around for some time, etc.) run non-RFC1918 addresses internally.  
They then NAT, proxy or statefully filter traffic through their  
border. If someone has a better name than "campus" for this, then  
then I'm all ears - I realise it's not accurate at all.

My understanding of Windows (and to some extent some Linuxes and  
BSDs) 6to4 behaviour is that when they detect an interface with a non- 
RFC1918 IPv4 address, they bring up 6to4.

While this is fine for networks that don't filter or otherwise mess  
with IP protocol 41, this causes big problems for users behind  
networks that filter or NAT.

When I recently turned on AAAA records on a fairly decently sized  
traffic website of mine, the most comments about reachability came  
from people on 'campus' style networks, as described above. AAAA  
records are now turned off for that site, for obvious reasons. These  
were all non-technical users with Vista on their machines.

Has anyone given thought to a 6to4 'qualification' procedure for auto- 
configured 6to4? Such a procedure could be as simple as sending an  
ICMPv6 echo request to 2002:c058:6301:: (192.88.99.1) and bringing  
the interface up if there is an acceptable response.



Note that I accept that in an ideal world, administrators of networks  
like this would block traffic to 192.88.99.1, and return an ICMP  
unreachable message of some flavour, so that when we try and reach an  
IPv6 connected host, we instantly realise 6to4 is unusable (and maybe  
even fall back to Teredo or something, instead of IPv4). In the real  
world however, expecting all the administrators of these types of  
networks to make changes like this is fairly unreasonable, and as I  
mention, it's a fairly big problem for anyone wanting to roll out  
AAAA records to production stuff, right now.

--
Nathan Ward