IETF Logo Mail Archive

Re: [v6ops] Deprecating 2002::/16 - 6to4 Historic Status

Dmitry Anipko <Dmitry.Anipko@microsoft.com> Thu, 07 April 2011 08:14 UTC

Return-Path: <Dmitry.Anipko@microsoft.com>
X-Original-To: v6ops@core3.amsl.com
Delivered-To: v6ops@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 63EA828C105 for <v6ops@core3.amsl.com>; Thu, 7 Apr 2011 01:14:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.17
X-Spam-Level:
X-Spam-Status: No, score=-10.17 tagged_above=-999 required=5 tests=[AWL=-0.171, BAYES_00=-2.599, J_CHICKENPOX_13=0.6, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C-LNpeucGJgZ for <v6ops@core3.amsl.com>; Thu, 7 Apr 2011 01:13:59 -0700 (PDT)
Received: from smtp.microsoft.com (mail3.microsoft.com [131.107.115.214]) by core3.amsl.com (Postfix) with ESMTP id 4EBDA28C11F for <v6ops@ietf.org>; Thu, 7 Apr 2011 01:13:59 -0700 (PDT)
Received: from TK5EX14HUBC102.redmond.corp.microsoft.com (157.54.7.154) by TK5-EXGWY-E803.partners.extranet.microsoft.com (10.251.56.169) with Microsoft SMTP Server (TLS) id 8.2.176.0; Thu, 7 Apr 2011 01:15:43 -0700
Received: from tk5-exmlt-s702.segroup.winse.corp.microsoft.com (157.54.90.70) by TK5EX14HUBC102.redmond.corp.microsoft.com (157.54.7.154) with Microsoft SMTP Server (TLS) id 14.1.270.2; Thu, 7 Apr 2011 01:15:43 -0700
Received: from NA-EXMSG-S702.segroup.winse.corp.microsoft.com ([157.54.98.200]) by tk5-exmlt-s702.segroup.winse.corp.microsoft.com ([157.54.90.70]) with mapi; Thu, 7 Apr 2011 01:15:17 -0700
From: Dmitry Anipko <Dmitry.Anipko@microsoft.com>
To: Pekka Savola <pekkas@netcore.fi>, Christopher Palmer <Christopher.Palmer@microsoft.com>
Date: Thu, 07 Apr 2011 01:15:16 -0700
Thread-Topic: [v6ops] Deprecating 2002::/16 - 6to4 Historic Status
Thread-Index: Acv096+gNbE3Vu/YT2WvkS4T8BS0uQAA9jBw
Message-ID: <DD1A73D9E9C89144A927C5080F70285A015E3F1E009A@NA-EXMSG-S702.segroup.winse.corp.microsoft.com>
References: <0AB09EDBCD1C484EBE45978D62F3513C3CD8A349@TK5EX14MBXW601.wingroup.windeploy.ntdev.microsoft.com> <BANLkTimjZ4SjCPE1xS1erf4_9ZEEharNhA@mail.gmail.com> <BANLkTims5GD5r6NLHayn3JqzDpd8K+u7+g@mail.gmail.com> <BANLkTinGNRmYK6-0Xc-2r5VUgz7smYD+hg@mail.gmail.com> <41E97647-E5FF-4077-ACF5-00C157E40C59@bogus.com> <0AB09EDBCD1C484EBE45978D62F3513C3CD8ABB4@TK5EX14MBXW601.wingroup.windeploy.ntdev.microsoft.com> <alpine.LRH.2.02.1104071034280.14313@netcore.fi>
In-Reply-To: <alpine.LRH.2.02.1104071034280.14313@netcore.fi>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "v6ops@ietf.org" <v6ops@ietf.org>, Carlos Martinez-Cagnazzo <carlos@lacnic.net>
Subject: Re: [v6ops] Deprecating 2002::/16 - 6to4 Historic Status
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Apr 2011 08:14:00 -0000

Hi Pekka,

>> When connecting to a dual-stack server with IP addresses 2.2.2.2 and 
2001:db8::1.It will use 6to4 instead of IPv4 through NAT. FAIL.
>>  2) 6to4 is used if v4 has mismatching scope (private->public)

Windows implementation treats RFC 1918 prefixes as public, specifically due to this reason, so on Windows, in this scenario v4->v4 is preferred over 6to4->native v6.

Thank you,
Dmitry
-----Original Message-----
From: v6ops-bounces@ietf.org [mailto:v6ops-bounces@ietf.org] On Behalf Of Pekka Savola
Sent: Thursday, April 07, 2011 12:44 AM
To: Christopher Palmer
Cc: v6ops@ietf.org; Carlos Martinez-Cagnazzo
Subject: Re: [v6ops] Deprecating 2002::/16 - 6to4 Historic Status

On Thu, 7 Apr 2011, Christopher Palmer wrote:
> "A host with a public but natted v4 address will alwas get hosed by this."
>
> A host in that condition will have a broken 6to4 address, but won't experience a degradation in their web experience if they have RFC 3484 implemented.
>
> So really this would be the third proposed 6to4 mitigation:
>
> 1. Ensuring that IPv4->IPv4 is ranked higher than 6to4->IPv6 in the RFC 3484.
> 2. Changing default host behavior. (still being debated)
> 3. Deprecation of the prefix.
>
> Given (1) and (2), the operational value of 3 is still lost on me. Is the expectation that ISPs stop routing 6to4 packets? Is this a signal that we don't just hate 6to4, but we super hate it?

This will require an update in the RFC 3484 implementation.  Maybe 
this is what you meant, or maybe not.

Joel is probably referring to this:

http://tools.ietf.org/html/draft-ietf-6man-rfc3484-revise-02#section-2.4

(This issue has a lot of history -- known for some 7-8yrs, see 
http://tools.ietf.org/html/draft-ietf-v6ops-v6onbydefault-03#section-2.1)

If I understand this correctly:

The NAT44ting/6to4 gateway has public IP 1.1.1.1 (WAN)
It is advertising 2002:0101:0101:0::/64 out on LAN.
It is doing NAT on LAN.

Hence, hosts behind such gateway have IPv6 address 
2002:0101:0101:0::EUI64 and 192.168.1.1.

When connecting to a dual-stack server with IP addresses 2.2.2.2 and 
2001:db8::1.

It will use 6to4 instead of IPv4 through NAT. FAIL.

If the client would have had IP address 1.1.1.2 and 
2002:0101:0101:0::EUI64, with (current) RFC3484 implementation, it 
would have preferred IPv4 instead of 6to4.

So, there are are really two layers of RFC3484 brokenness:

  1) not implemented at all
  2) 6to4 is used if v4 has mismatching scope (private->public)

-- 
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
_______________________________________________
v6ops mailing list
v6ops@ietf.org
https://www.ietf.org/mailman/listinfo/v6ops

v2.23.0 | Report a Bug | By Email