Hi,
On 12 April 2016 at 23:58, Russell Coker <[email protected]> wrote:
> On Wed, 13 Apr 2016 11:10:35 AM John Mann via luv-main wrote:
> > The problem is that Anycast 6to4 is an _unmanaged_ tunnel system,
> > dependent upon the generosity and technical ability of strangers (often
> > with no means of identifying or contacting them).
>
> The Internet is entirely dependent on the technical ability of strangers.
> Usually the random unpaid strangers are more skillfull and diligent than
> the
> people employed by ISPs.
>
The people advertising the routes (2002::/16 and 192.88.99.1/32) to
gateways are likely to be ISPs.
Remember that 6to4 packets 6->4 and 4->6 are likely to use different
gateways in each direction, take different paths etc etc.
What happens when some network manager somewhere decides to not allow IP
Protocol 41
or decides to not allow ICMP packet-to-big ?
You can send 6to4 packets but they don't get through, and it isn't obvious
where the problem is.
Quick exercise:
If an IPv6-connected client wanted to send a 6to4 packet to your 6to4
server, they would use a 2002::/16 route.
The only public ones are listed at
http://bgp.he.net/net/2002::/16
Which of these is closest one to each possible client machine??
When your 6to4-using server wants to send a reply packet, they tunnel it
and send back to 192.88.99.1
The only public ones are listed at
http://bgp.he.net/ip/192.88.99.1
Which one will your server use? Where is it?
The nearest one to Monash Uni is in the Netherlands.
---
[nismgr@ns0b ~]$ traceroute 192.88.99.1
traceroute to 192.88.99.1 (192.88.99.1), 30 hops max, 40 byte packets
1 drc1-gw-v10.net.monash.edu.au (130.194.10.253) 0.644 ms 0.688 ms
0.712 ms
2 drc0-gw-t2-4.net.monash.edu.au (130.194.28.150) 0.645 ms 0.683 ms
0.761 ms
3 monash2-gw-v526.net.monash.edu.au (130.194.28.106) 7.431 ms 7.565 ms
7.447 ms
4 138.44.64.56 (138.44.64.56) 1.293 ms 1.289 ms 1.304 ms
5 et-7-1-0.pe1.wmlb.vic.aarnet.net.au (113.197.15.26) 2.836 ms 2.870 ms
2.842 ms
6 et-1-3-0.pe1.mcqp.nsw.aarnet.net.au (113.197.15.8) 15.557 ms 15.592
ms 15.591 ms
7 et-0-1-0.pe1.rsby.nsw.aarnet.net.au (113.197.15.3) 16.171 ms 16.172
ms 16.148 ms
8 113.197.15.159 (113.197.15.159) 16.270 ms 16.551 ms 16.485 ms
9 et-1-0-0.pe1.wnpa.akl.aarnet.net.au (113.197.15.77) 38.682 ms 38.766
ms 38.746 ms
10 et-0-1-0.199.pe1.tkpa.akl.aarnet.net.au (113.197.15.71) 39.120 ms
39.101 ms 39.200 ms
11 et-1-2-0.pe1.a.koa.aarnet.net.au (113.197.15.85) 118.302 ms 118.244
ms 118.639 ms
12 et-1-1-0-1100.bdr1.b.lax.aarnet.net.au (113.197.15.87) 163.669 ms
163.630 ms 163.642 ms
13 207.231.246.7 (207.231.246.7) 317.676 ms 317.665 ms 317.617 ms
14 us-chi.nordu.net (109.105.97.81) 335.650 ms 335.607 ms 320.645 ms
15 us-ash.nordu.net (109.105.97.134) 328.637 ms 326.716 ms 320.526 ms
16 nl-sar.nordu.net (109.105.97.138) 333.084 ms uk-hex.nordu.net
(109.105.97.140) 318.742 ms 320.626 ms
17 nl-sar.nordu.net (109.105.97.124) 328.494 ms
GE-1-0-0.3630.JNR02.Asd001A.surf.net (109.105.98.34) 331.221 ms
nl-sar.nordu.net (109.105.97.124) 326.672 ms
18 V1131.SW14.Amsterdam1.surf.net (145.145.19.170) 331.243 ms 333.669 ms
330.992 ms
19 192.88.99.1 (192.88.99.1) 330.788 ms !X 330.666 ms !X
V1131.SW14.Amsterdam1.surf.net (145.145.19.170) 325.059 ms
---
Adding 100s of ms of latency won't be good for performance!
> With this sort of thing there are risks of hostile parties running tunnels,
> but all unencrypted data on the Internet is at risk of interception so I
> don't
> think that changes much.
>
> Thanks to 6to4 when I get my home Internode connection working with IPv6 I
> will have every system that matters to me on IPv6. It will be some time
> before everything works well on IPv6, now would be a good time to get it
> all
> tested.
6to4 connection failure rate used to be ~ 20% but is now ~ 10%
http://www.potaroo.net/ispcol/2015-11/v6perf.html
see fig4 -> fig7
Luckily, modern clients are now doing less 6to4
https://tools.ietf.org/html/rfc6724
---
10.7. Configuring 6to4 Preference
By default, NATed IPv4 is preferred over 6to4-relayed connectivity:
---
see graph from previous reference:
http://www.potaroo.net/ispcol/2015-11/fig13.jpg
--
*John Mann*
Network Architect, Infrastructure Automation & Delivery
*Infrastructure Services, eSolutions*
​Monash University
738 Blackburn Road
Clayton VIC 3168
Australia
T: +61 3 9905 4774
M: +61 419 568 470
E: [email protected]
W: monash.edu
_______________________________________________
luv-main mailing list
[email protected]
https://lists.luv.asn.au/cgi-bin/mailman/listinfo/luv-main
