[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: implications of 6to4 for v6coex
On Sep 14, 2008, at 20:49, Brian E Carpenter wrote:
Long story ==> very short:
[I wrote:]
The reasoning behind my idea is that service providers really do
not want their 6to4 relays to be available outside their own
networks,
That may or may not be true, and I could give you a current example
where it's
definitely not true (i.e. an ISP intentionally announcing its 6to4
relay
at an exchange point).
Yes, you're right. I over-generalized. Some providers don't mind.
Others certainly do.
It's been made clear to me in private conversations with
representatives of more than one very large service provider that
their continuing lack of 6to4 relay service offerings to their
subscribers is directly caused by their perceived inability to limit
the availability of the relay service to their subscribers only. Some
service providers clearly believe that they have no practical means of
doing it, i.e. that ingress filtering and limited BGP advertisement
are impractical, and so they are actively resisting deployment of any
6to4 or Teredo relay routers.
[...] in fact I'm plagued at the moment by a 6to4 relay that is
widely advertised but that doesn't actually offer service.
I know of at least two relays that plague a large number of IPv4 users
in this way. One of them is widely advertised throughout North
America by the two largest retail Internet service providers to
residential customers. Neither relay I know about is operated by an
organization capable of handling the load they are being delegated.
Of course, they are unable to provide relay service for the entire
Internet. (One of them is operated by an organization I can't
discover any useful information about, and I honestly wonder if it
might be a cut-out for a signal intelligence operation.)
Inoperative public relay routers wouldn't pose as much of a problem if
service providers were taking seriously the need to guarantee the
integrity of the 6to4 relay service available to their IPv4
customers. As noted above, most are deferring it to disinterested
third-parties without sufficient capabilities, and some are certainly
doing it *deliberately* because of their technical objections to the
standard.
However I don't really get why we'd benefit from reserving special
IPv4
space to be not advertised. I do see why we'd benefit from making it
clear that the relay anycast should only be advertised within a scope
where it actually works, but that seems as much an issue for an
O'Reilly
book as for an RFC.
I had an extensive discussion off-list with Nathan Ward about this,
and he helped me refine my ideas considerably. When I get the time to
work on my draft, it will include a better-composed justification for
allocating a new special-use block.
Again, my purpose is to address the technical concerns I've heard
expressed from service providers who do not want the IPv4 interface
addresses of their 6to4 relay routers (and, yes Teredo relays too)
from being disclosed *at* *all* outside their networks, i.e. not just
kept out of BGP-- because they do not feel that ingress filtering is
practical, and that it wastes global IPv4 addresses, and finally that
they don't want to deal with realm conflicts associated with using RFC
1918 for both subscriber networks and relay router interfaces.
In any case, we've heard technical objections from service providers
on the V6OPS list to deploying 6to4 and Teredo relay routers before,
and it seems like either A) those objections will need to be addressed
for IPv4-IPv6 coexistence to work, or B) we should deprecate those
transition mechanisms for which we cannot satisfy the legitimate
technical concerns of very large service providers actively resisting
the deployment of necessary relay routers.
--
james woodyatt <jhw@apple.com>
member of technical staff, communications engineering