Re: Comcast enables 6to4 relays

; Cc: "NANOG" Sent: Tuesday, 31 August, 2010 10:09:17 AM Subject: Re: Comcast enables 6to4 relays The Comcast 6to4 relays are not on this list, perhaps this is a list of open ones? John On 8/30/10 5:47 PM, "Franck Martin" wrote: found it: http://www.bgpmon.ne

Re: ICMPv6 rate limits breaking PMTUD (and traceroute) [Re: Comcast enables 6to4 relays]

On Wed, 1 Sep 2010, Simon Leinen wrote: Note that the same rate-limit will also cause stars in IPv6 traceroutes through popular routers if the default setting is used. ... Anybody knows which defaults are used by other devices/vendors? I've noticed 6to4 relay rate-limiter blackholes before (e

Re: ICMPv6 rate limits breaking PMTUD (and traceroute) [Re: Comcast enables 6to4 relays]

On Wed, 1 Sep 2010, Simon Leinen wrote: Your mentioning PMTU discovery issues in connection with 6to4 prompts me to confess how our open 6to4 relay has probably contributed to the perception of brokenness of 6to4 for quite a while *blush*. We're also doing the same thing, 6to4 on 7600. Could

Re: ICMPv6 rate limits breaking PMTUD (and traceroute) [Re: Comcast enables 6to4 relays]

- Original Message - > From: "Mark Smith" > > To: "Simon Leinen" > Cc: "Brzozowski" , "NANOG" > , John > Sent: Thursday, 2 September, 2010 9:50:28 AM > Subject: Re: ICMPv6 rate limits breaking PMTUD (and traceroute) [Re: C

Re: ICMPv6 rate limits breaking PMTUD (and traceroute) [Re: Comcast enables 6to4 relays]

On Wed, 01 Sep 2010 23:18:55 +0200 Simon Leinen wrote: > Jack Bates writes: > > 1) Your originating host may be breaking PMTU (so the packet you send > > is too large and doesn't make it, you never resend a smaller packet, > > but it works when tracerouting from the other side due to PMTU working

ICMPv6 rate limits breaking PMTUD (and traceroute) [Re: Comcast enables 6to4 relays]

Jack Bates writes: > 1) Your originating host may be breaking PMTU (so the packet you send > is too large and doesn't make it, you never resend a smaller packet, > but it works when tracerouting from the other side due to PMTU working > in that direction and you are responding with the same size pa

Re: Comcast enables 6to4 relays

In message <20100831062203.be89e...@mail.wardenm.net>, "Mitchell Warden" writes : > > The list seems to be showing relays that announce both the IPv4 and the > > IPv6 anycast prefixes. > > > > I have noticed a number of deployments that announce the (in)famous IPv4 > > prefix and then consider the

Re: Teredo and 'firewalls' (Re: Comcast enables 6to4 relays)

On 2010-08-31 19:58, Nathan Eisenberg wrote: >> The only thing you can do to help your users is to provide them with proper >> education and to explain them to keep up to date and run the right tools and >> not click anywhere they can and that is a mission which is near >> impossible. > > I t

RE: Teredo and 'firewalls' (Re: Comcast enables 6to4 relays)

010 10:40 AM To: Jack Bates Cc: NANOG Subject: Re: Teredo and 'firewalls' (Re: Comcast enables 6to4 relays) On 2010-08-31 19:32, Jack Bates wrote: > Jeroen Massar wrote: >> >> If you have one person setting up ICS on their machine and they have >> enabled IPv6 voila t

RE: Teredo and 'firewalls' (Re: Comcast enables 6to4 relays)

> The only thing you can do to help your users is to provide them with proper > education and to explain them to keep up to date and run the right tools and > not click anywhere they can and that is a mission which is near > impossible. I thought user education in threat management was long a

Re: Teredo and 'firewalls' (Re: Comcast enables 6to4 relays)

On 2010-08-31 19:32, Jack Bates wrote: > Jeroen Massar wrote: >> >> If you have one person setting up ICS on their machine and they have >> enabled IPv6 voila the whole network gets IPv6, that thus does not solve >> your problem either. Or are you monitoring IPv6 RAs etc? > > Setting up ICS with I

Re: Teredo and 'firewalls' (Re: Comcast enables 6to4 relays)

Jeroen Massar wrote: If you have one person setting up ICS on their machine and they have enabled IPv6 voila the whole network gets IPv6, that thus does not solve your problem either. Or are you monitoring IPv6 RAs etc? Setting up ICS with IPv6 is user knowledge in my opinion. In addition, th

Teredo and 'firewalls' (Re: Comcast enables 6to4 relays)

On 2010-08-31 19:02, Jack Bates wrote: > Jeroen Massar wrote: >> just remember that a lot of people have VPN software, connect from home >> to that VPN and do other weird setups (Skype for instance, BitTorrent) >> where there are possibilities to bypass your "firewall". >> > > I agree. My concern

Re: Comcast enables 6to4 relays

On Tue, 31 Aug 2010 12:02:56 CDT, Jack Bates said: > 6to4 doesn't suffer the same issues. Primarily because RFC1918 > addressing can't be used in 6to4. This means that at a minimum, the > router has to participate or the host behind it must be manually > configured with a 6to4 address (for the

Re: Comcast enables 6to4 relays

Jeroen Massar wrote: just remember that a lot of people have VPN software, connect from home to that VPN and do other weird setups (Skype for instance, BitTorrent) where there are possibilities to bypass your "firewall". I agree. My concern here is that we are dealing with improper firewalls.

Re: Comcast enables 6to4 relays

On 2010-08-31 18:07, Jack Bates wrote: > Jeroen Massar wrote: >> >> Jack: there are a lot more methods to infect a host than this as there >> are lots and lots of p2p protocols which are being used by C&C botnets. >> And never forgot about this very simple protocol called HTTP(S). >> > > I agree,

Re: Comcast enables 6to4 relays

Jeroen Massar wrote: Jack: there are a lot more methods to infect a host than this as there are lots and lots of p2p protocols which are being used by C&C botnets. And never forgot about this very simple protocol called HTTP(S). I agree, though let's consider HTTP. If a firewall is set to fil

Re: Comcast enables 6to4 relays

On 2010-08-31 16:54, Mikael Abrahamsson wrote: > On Tue, 31 Aug 2010, Jack Bates wrote: > >> Teredo usage isn't common enough on our network to warrant the work. >> Very few apps will activate it is my guess. > > > > As I stated, either your users are usi

Re: Comcast enables 6to4 relays

On Tue, 31 Aug 2010, Jack Bates wrote: Teredo usage isn't common enough on our network to warrant the work. Very few apps will activate it is my guess. As I stated, either your users are using your Teredo server, or they're using someone elses. Not ru

Re: Comcast enables 6to4 relays

Mikael Abrahamsson wrote: End users are using 6to4 and Teredo, if an ISP isn't providing their own relays, someone else is and the performance might be good or bad. Teredo usage isn't common enough on our network to warrant the work. Very few apps will activate it is my guess. Same logic app

Re: Comcast enables 6to4 relays

look for another gateway somewhere else - Original Message - From: "Jeroen Massar" To: "Mitchell Warden" Cc: nanog@nanog.org Sent: Tuesday, 31 August, 2010 6:46:52 PM Subject: Re: Comcast enables 6to4 relays On 2010-08-31 08:22, Mitchell Warden wrote: [..] > I

Re: Comcast enables 6to4 relays

On 2010-08-31 08:22, Mitchell Warden wrote: [..] > Is there a reason not to advertise more specific prefixes from 2002::/16 to > ensure that traffic for your v4 routes comes back to your own 6to4 router? > > If for example all my users have v4 addresses in 192.0.2.0/24, I could > advertise 2002:

Re: Comcast enables 6to4 relays

> The list seems to be showing relays that announce both the IPv4 and the > IPv6 anycast prefixes. > > I have noticed a number of deployments that announce the (in)famous IPv4 > prefix and then consider their deployment complete. I suspect that there > is a lack of 2002::/16 announcements and

Re: Comcast enables 6to4 relays

On Mon, 30 Aug 2010, Jack Bates wrote: I'm sure, like us, you looked at what was involved and said, "eh, easier to just provide native v6 than deal with that mess." 6to4 is definitely a more friendly protocol for the network engineer. End users are using 6to4 and Teredo, if an ISP isn't provi

Re: Comcast enables 6to4 relays

On 30/08/2010 23:47, Franck Martin wrote: found it: http://www.bgpmon.net/6to4.php?week=4 Not what I call a big list, considering... The list seems to be showing relays that announce both the IPv4 and the IPv6 anycast prefixes. I have noticed a number of deployments that announce the (in)f

Re: Comcast enables 6to4 relays

On Mon, Aug 30, 2010 at 3:34 PM, Jack Bates wrote: > John Jason Brzozowski wrote: >> >> Hey Bill, >> >> No plans for Teredo at this time. >> > > I'm sure, like us, you looked at what was involved and said, "eh, easier to > just provide native v6 than deal with that mess." 6to4 is definitely a more

Re: Comcast enables 6to4 relays

Others may correct me, but... Franck Martin wrote: 5 2002:7114:4a9d::1 274.299 ms [mtu: 1480] 6 2002:7114:4a9d:0: 299.939 ms [*mtu: 1422] So I suspect on return path I use a HE.Net relay? Yes, and it appears that your host is replying back to the office. And yes I agree

Re: Comcast enables 6to4 relays

John Jason Brzozowski wrote: Hey Bill, No plans for Teredo at this time. I'm sure, like us, you looked at what was involved and said, "eh, easier to just provide native v6 than deal with that mess." 6to4 is definitely a more friendly protocol for the network engineer. Jack

Re: Comcast enables 6to4 relays

nly one with this kind of troubles, I suspect most just give up immediately... - Original Message - From: "Jack Bates" To: "Franck Martin" Cc: "John Jason Brzozowski" , "NANOG" Sent: Tuesday, 31 August, 2010 10:14:39 AM Subject: Re: Comcast enables

Re: Comcast enables 6to4 relays

Franck Martin wrote: Well I found my 6to4 gateway: and I have so much issues with 6to4 that I have decided to disable it at home (airport extreme). I found out PTB was not transmitted and using scamper and the help of Matthew Luckie there is an odd MTU of 1422 from Internet to me. I suspect

Re: Comcast enables 6to4 relays

Hey Bill, No plans for Teredo at this time. John On 8/30/10 5:57 PM, "Bill Fehring" wrote: > On Sat, Aug 28, 2010 at 10:49, John Jason Brzozowski > wrote: > >> >> As we started our IPv6 trials, we began to observe an increase in 6to4 relay >> traffic. 6to4 is a transition mechanism built i

Re: Comcast enables 6to4 relays

I actually agree with the below. Using whatever you learn "today" via BGP does not appear to be a good plan. 6to4 in particular becomes very unpredictable and does in fact contribute to brokenness. I am not saying deploying your own will make 6to4 good or great, it will however, help to make it

Re: Comcast enables 6to4 relays

OG" Sent: Tuesday, 31 August, 2010 10:09:17 AM Subject: Re: Comcast enables 6to4 relays The Comcast 6to4 relays are not on this list, perhaps this is a list of open ones? John On 8/30/10 5:47 PM, "Franck Martin" wrote: > found it: > > http://www.bgpmon.net/6

Re: Comcast enables 6to4 relays

esday, 31 August, 2010 9:44:11 AM Subject: Re: Comcast enables 6to4 relays Franck Martin wrote: > Is there a list of 6to4 relays? > > I'm curious. > > Also, I'm also curious to know if ISPs in Europe (which are more advanced in > IPv6 deployment) have experienced the same

Re: Comcast enables 6to4 relays

ge - > From: "Franck Martin" > To: "John Jason Brzozowski" > Cc: "NANOG" > Sent: Tuesday, 31 August, 2010 9:21:58 AM > Subject: Re: Comcast enables 6to4 relays > > Is there a list of 6to4 relays? > > I'm curious. > > A

Re: Comcast enables 6to4 relays

In a message written on Tue, Aug 31, 2010 at 09:47:14AM +1200, Franck Martin wrote: > found it: > > http://www.bgpmon.net/6to4.php?week=4 > > Not what I call a big list, considering... Note that these are people willing to provide a 6to4 relay free to the entire Internet. There are plenty of p

Re: Comcast enables 6to4 relays

On Sat, Aug 28, 2010 at 10:49, John Jason Brzozowski wrote: > > As we started our IPv6 trials, we began to observe an increase in 6to4 relay > traffic. 6to4 is a transition mechanism built into some operating systems > and home gateways. While it is not a transition technology that Comcast > plan

Re: Comcast enables 6to4 relays

Franck Martin wrote: Is there a list of 6to4 relays? I'm curious. Also, I'm also curious to know if ISPs in Europe (which are more advanced in IPv6 deployment) have experienced the same issues? Sprint has one which is absolutely horrible (or was a year or two ago). I'd recommend any and

Re: Comcast enables 6to4 relays

found it: http://www.bgpmon.net/6to4.php?week=4 Not what I call a big list, considering... - Original Message - From: "Franck Martin" To: "John Jason Brzozowski" Cc: "NANOG" Sent: Tuesday, 31 August, 2010 9:21:58 AM Subject: Re: Comcast enables 6to4 r

Re: Comcast enables 6to4 relays

Is there a list of 6to4 relays? I'm curious. Also, I'm also curious to know if ISPs in Europe (which are more advanced in IPv6 deployment) have experienced the same issues?

Re: Comcast enables 6to4 relays

As the 6to4 is an "default" option on Apple Airport Extreme to enable ipv6, I would have thought that Apple would have provided a few gateways? Same for Microsoft that has it in its OS? Reminds me of the ntp servers issue built in on some devices...

Re: Comcast enables 6to4 relays

Before we turned up our own relays the closest 6to4 relay was a single relay hosted by a mid-western university. Regardless where the next closest relays are located deploying our own resulted in improvements (as you pointed out below). John On 8/29/10 12:24 PM, "Joel Jaeggli" wrote: > On 8/2

Re: Comcast enables 6to4 relays

On 8/29/10 6:25 AM, John Jason Brzozowski wrote: > Franck, > > As you know 6to4 is enabled by default in many cases and is used perhaps > more than folks realize. Because of this and other observations we decided > to deploy our own relays. Right prior to this the nearest 6to4 relay router from

Re: Comcast enables 6to4 relays

John Jason Brzozowski writes: > This does not alter our plans for our native dual stack trials, in fact, I > hope to have more news on this front soon. comcast native dual stack is working fine at my house. "traceroute6 -q1 mol.redbarn.org" shows details.

Re: Comcast enables 6to4 relays

Mikael, I agree with your points and echoed them in my earlier reply. 6to4 is out there and is likely not to go away any time soon. Folks should definitely see what 6to4 relay they default to, you might be surprised (or not). FWIW - I updated ARIN's wiki for 6to4 relay deployment with some gene

Re: Comcast enables 6to4 relays

Franck, As you know 6to4 is enabled by default in many cases and is used perhaps more than folks realize. Because of this and other observations we decided to deploy our own relays. This does not alter our plans for our native dual stack trials, in fact, I hope to have more news on this front so

Re: Comcast enables 6to4 relays

On Sat, 28 Aug 2010, John Jason Brzozowski wrote: In most cases, we observed that 6to4-enabled operating systems and devices were attempting to use a 6to4 relay infrastructure hosted by a midwestern university. Before that they used our (Tele2) 6to4 relays in Amsterdam and Paris. I think this

Re: Comcast enables 6to4 relays

These are good news. However, if Comcast provides native IPv6 to their customers, then the IPv6 native customers don't need these 6to4 relays? Airport Extreme, Linksys and other user equipment, enable IPv6 by doing 6to4 tunnels, so what this press release says, is that there are many users who