From: Mike Leber (no email)
Date: Wed Nov 19 2008 - 18:16:26 EST
Christopher Morrow wrote:
>Jack Bates wrote:
>> A good example is that traceroutes through my he.net tunnel using 6to4
>> source addresses do not get replies through he.net's network, presumably due
>> to their routers not being 6to4 aware and having no route to respond.
> can you explain this a little more? is it possible your v6 packets hit
> something like 6pe inside HE and exit to NTT without hitting a
(Chris thank you for automatically going into customer service mode :)
A bunch of background first, then some questions to help diagnose this
We don't filter 6to4 in any way.
We don't run 6PE.
We don't operate any 6to4 gateways.
We've been considering it carefully, and haven't taken the plunge.
There is sort of a "routing the whole Internet for free" aspect that
will occur as v6 takes off and it's not clear how one manages that (i.e.
If you do it in the beginning until people depend on it and traffic
grows to 100 Gbps and you no longer can afford to do it for free, do you
stop? What about all the IPv4 traffic traveling directly between 6to4
gateways on IPv4? abuse, security, man in the middle by definition, etc).
This means any 6to4 gateway action is happening on somebody's 6to4
gateway not operated by us.
There are people that are using 6to4 on our network that works just
fine. You can reach several 6to4 gateways on both IPv4 and IPv6 via our
However, what is likely happening is a random 6to4 gateway operator may
have seen fit to rate limit or filter ICMP.
To properly diagnose 6to4 problems you potentially need as many as 4
traceroutes, IPv6 traceroutes from the source and destination endpoints
and a IPv4 traceroutes to the 6to4 gateway addresses from the source and
destination endpoint. There a few other tips I'm forgetting at the
moment, however if you send us email (to ) we will make sure
to research it thoroughly.
Because 6to4 gateways are *anycast* the gateways you use in any part of
the world in any part of a specific network may be different.
This makes debugging it "interesting".
>> Responses pick up again after picking up a network such as NTT that is 6to4
>> aware. My 2001:: addressing works just fine the entire route.
> '6to4 aware' doesn't compute...
Jack, it seems you are saying traffic passes end to end just fine, you
just don't get ICMP responses from some of the hops in the middle. Is
If you would like, please send email to with the detail
regarding what you are seeing with all of the endpoint information and
the traceroutes and we will work from our side to see where the
"interesting" 6to4 gateway is that is affecting your traceroute. We
will probably also need you to have access to the destination side as well.
-- +---------------- H U R R I C A N E - E L E C T R I C ----------------+ | Mike Leber Wholesale IPv4 and IPv6 Transit 510 580 4100 | | Hurricane Electric AS6939 | | Internet Backbone & Colocation http://he.net | +---------------------------------------------------------------------+