[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: implications of 6to4 for v6coex



On Sep 14, 2008, at 20:49, Brian E Carpenter wrote:

Long story ==> very short:

[I wrote:]

The reasoning behind my idea is that service providers really do not want their 6to4 relays to be available outside their own networks,

That may or may not be true, and I could give you a current example where it's definitely not true (i.e. an ISP intentionally announcing its 6to4 relay
at an exchange point).

Yes, you're right. I over-generalized. Some providers don't mind. Others certainly do.

It's been made clear to me in private conversations with representatives of more than one very large service provider that their continuing lack of 6to4 relay service offerings to their subscribers is directly caused by their perceived inability to limit the availability of the relay service to their subscribers only. Some service providers clearly believe that they have no practical means of doing it, i.e. that ingress filtering and limited BGP advertisement are impractical, and so they are actively resisting deployment of any 6to4 or Teredo relay routers.

[...] in fact I'm plagued at the moment by a 6to4 relay that is widely advertised but that doesn't actually offer service.

I know of at least two relays that plague a large number of IPv4 users in this way. One of them is widely advertised throughout North America by the two largest retail Internet service providers to residential customers. Neither relay I know about is operated by an organization capable of handling the load they are being delegated. Of course, they are unable to provide relay service for the entire Internet. (One of them is operated by an organization I can't discover any useful information about, and I honestly wonder if it might be a cut-out for a signal intelligence operation.)

Inoperative public relay routers wouldn't pose as much of a problem if service providers were taking seriously the need to guarantee the integrity of the 6to4 relay service available to their IPv4 customers. As noted above, most are deferring it to disinterested third-parties without sufficient capabilities, and some are certainly doing it *deliberately* because of their technical objections to the standard.

However I don't really get why we'd benefit from reserving special IPv4
space to be not advertised. I do see why we'd benefit from making it
clear that the relay anycast should only be advertised within a scope
where it actually works, but that seems as much an issue for an O'Reilly
book as for an RFC.


I had an extensive discussion off-list with Nathan Ward about this, and he helped me refine my ideas considerably. When I get the time to work on my draft, it will include a better-composed justification for allocating a new special-use block.

Again, my purpose is to address the technical concerns I've heard expressed from service providers who do not want the IPv4 interface addresses of their 6to4 relay routers (and, yes Teredo relays too) from being disclosed *at* *all* outside their networks, i.e. not just kept out of BGP-- because they do not feel that ingress filtering is practical, and that it wastes global IPv4 addresses, and finally that they don't want to deal with realm conflicts associated with using RFC 1918 for both subscriber networks and relay router interfaces.

In any case, we've heard technical objections from service providers on the V6OPS list to deploying 6to4 and Teredo relay routers before, and it seems like either A) those objections will need to be addressed for IPv4-IPv6 coexistence to work, or B) we should deprecate those transition mechanisms for which we cannot satisfy the legitimate technical concerns of very large service providers actively resisting the deployment of necessary relay routers.


--
james woodyatt <jhw@apple.com>
member of technical staff, communications engineering