Re: IPv6 routing /48s

From: Mike Leber (no email)
Date: Wed Nov 19 2008 - 18:16:26 EST

  • Next message: Christopher Morrow: "Re: IPv6 routing /48s"

    Christopher Morrow wrote:
    >Jack Bates wrote:
    >> A good example is that traceroutes through my he.net tunnel using 6to4
    >> source addresses do not get replies through he.net's network, presumably due
    >> to their routers not being 6to4 aware and having no route to respond.
    >
    > can you explain this a little more? is it possible your v6 packets hit
    > something like 6pe inside HE and exit to NTT without hitting a

    (Chris thank you for automatically going into customer service mode :)

    A bunch of background first, then some questions to help diagnose this
    specific case.

    We don't filter 6to4 in any way.

    We don't run 6PE.

    We don't operate any 6to4 gateways.

    We've been considering it carefully, and haven't taken the plunge.
    There is sort of a "routing the whole Internet for free" aspect that
    will occur as v6 takes off and it's not clear how one manages that (i.e.
    If you do it in the beginning until people depend on it and traffic
    grows to 100 Gbps and you no longer can afford to do it for free, do you
    stop? What about all the IPv4 traffic traveling directly between 6to4
    gateways on IPv4? abuse, security, man in the middle by definition, etc).

    This means any 6to4 gateway action is happening on somebody's 6to4
    gateway not operated by us.

    There are people that are using 6to4 on our network that works just
    fine. You can reach several 6to4 gateways on both IPv4 and IPv6 via our
    network.

    However, what is likely happening is a random 6to4 gateway operator may
    have seen fit to rate limit or filter ICMP.

    To properly diagnose 6to4 problems you potentially need as many as 4
    traceroutes, IPv6 traceroutes from the source and destination endpoints
    and a IPv4 traceroutes to the 6to4 gateway addresses from the source and
    destination endpoint. There a few other tips I'm forgetting at the
    moment, however if you send us email (to ) we will make sure
    to research it thoroughly.

    Because 6to4 gateways are *anycast* the gateways you use in any part of
    the world in any part of a specific network may be different.

    This makes debugging it "interesting".

    >> Responses pick up again after picking up a network such as NTT that is 6to4
    >> aware. My 2001:: addressing works just fine the entire route.
    >
    > '6to4 aware' doesn't compute...

    Jack, it seems you are saying traffic passes end to end just fine, you
    just don't get ICMP responses from some of the hops in the middle. Is
    this correct?

    If you would like, please send email to with the detail
    regarding what you are seeing with all of the endpoint information and
    the traceroutes and we will work from our side to see where the
    "interesting" 6to4 gateway is that is affecting your traceroute. We
    will probably also need you to have access to the destination side as well.

    Mike.

    -- 
    +---------------- H U R R I C A N E - E L E C T R I C ----------------+
    | Mike Leber        Wholesale IPv4 and IPv6 Transit      510 580 4100 |
    | Hurricane Electric                                           AS6939 |
    |      Internet Backbone & Colocation      http://he.net |
    +---------------------------------------------------------------------+
    

  • Next message: Christopher Morrow: "Re: IPv6 routing /48s"





    Hosted Email Solutions

    Invaluement Anti-Spam DNSBLs



    Powered By FreeBSD   Powered By FreeBSD