I've setup 6to4 as well as the sixxs tunnel...with good results...
Shadow Hawkins on Saturday, 25 March 2006 05:16:35
This is a question of expectations.
I've got a host terminating the tunnel and acting as a router for my local network. It runs radvd and offers routes on a 6to4 addressed network.
Traffic originating on the router uses the tunnel endpoint as the source address, so all traffic to it returns through the tunnel. Traffic from other hosts on the local network goes out on the tunnel, but can return via 6to4 if the remote hosts have a 6to4 tunnel configured. I've found that this makes deployment quick and reliable for some types of applications.
The question is this. Is this a reasonable implementation avenue? I have verified that even going to your site, I am seeing the return traffic on the 6to4 tunnel and the outbound traffic on the brokered tunnel. My assumption has been that I'll experience a good tradeoff in that I'll get a little lower latency on the return leg for a small, extra setup cost.
Cheers.
I've setup 6to4 as well as the sixxs tunnel...with good results...
Jeroen Massar on Saturday, 25 March 2006 13:28:11
With this setup you do have better connectivity to 6to4 sites as they can talk directly to you.
The reason why it works is that most IPv6 implementations do a longest-prefix match for determining outbound connections, thus picking either the 6to4 prefix or the tunneled one.
Currently you are still lucky as most sites use 2001::/16, thus it is easy to determine that a site is not 6to4. But there are prefixes being handed out from things like 2a01::/16 and other such prefixes. Matching up if to use the tunnel or
the 6to4 address then becomes harder and there is a chance where the outbound connection is using 6to4, while the remote site doesn't have a 6to4 route back.
Another note is that debugging 6to4 problems is quite hard. When you thus hit an issue, don't forget to check if 6to4 is causing the issue.
That said, you might be better off simply using 1 address space and having everything go through the tunnel, the upstream ISP has better control over routing in most cases.
I've setup 6to4 as well as the sixxs tunnel...with good results...
Shadow Hawkins on Tuesday, 28 March 2006 21:01:03
Unless I am misunderstanding something, 2002::/16 should always be recognizable as a 6to4 address prefix. The routing *ought* to always work.
The issue is simply that I cannot get good ipv6 connectivity. The rtt to my POP is greater than 100ms and while my telco is a big part of the problem, I usually only see rtt's of 80ns for most network sites. So, I asked just to make sure that I wasn't being blatantly stupid. I'm reading that the mixed routing is OK, but I should drop it if I can get better ipv6 connectivity...which is what I've always believed.
Cheers.
I've setup 6to4 as well as the sixxs tunnel...with good results...
Jeroen Massar on Tuesday, 28 March 2006 21:20:38 2002::/16 should always be recognizable as a 6to4 address prefix. The routing *ought* to always work.
Correct. *BUT*, lets take:
Your host with 2001:db8::1 and 2002::1
A website on 2fff::1
Your OS has to pick a source address to use to make the connection to 2fff::1. Source Address Selection rules then determines to use 2002::1 as it much closer (bit wise). 2fff::1 doesn't have a route back to your 6to4 address or the route is broken, and you have your problem as the return packets are getting lost in cyberspace, causing at least a large connection delay before your stack notices that it is failing and if you are lucky, but most OS's don't do this, it might try the other address.
Debugging these things is thus very hard and using 1 source address makes things much more visible. Next to that, what do you stick in DNS? 2fff::1 or 2002::1 ?
You want to optimise the traffic from 6to4 sites, but when you use 2fff::1 return traffic should still go over the tunnel and not over 6to4 because of reverse filtering and 6to4 interface should not carry non-6to4 traffic, which makes it all sort of pretty broken and inconvienent.
The issue is simply that I cannot get good ipv6 connectivity. The rtt to my POP is greater than 100ms and while my telco is a big part of the problem..
OCCAID is there to your rescue, at least they have planned to deploy a PoP in Seattle WA, which should be very near your endpoint.
I'm reading that the mixed routing is OK, but I should drop it if I can get better ipv6 connectivity...which is what I've always believed.
That you read completely correct.
Indeed I don't like 6to4, especially because it is a corner-case and it is very hard, if not impossible, to debug because of the many loops it can take. Though it is good for boot-strapping IPv6 deployment in some places.
I've setup 6to4 as well as the sixxs tunnel...with good results...
Shadow Hawkins on Tuesday, 28 March 2006 23:51:16
I didn't know that anyone would have a problem routing 6to4 addresses. I though that it was kind-of guaranteed.
Then, once occaid gets their Seattle POP running, I should be able to drop all of this nonsense.
Yipee!
Posting is only allowed when you are logged in. |