headers
Brian E Carpenter | 1 Sep 2010 01:01
Picon

Re: draft-arkko-ipv6-transition-guidelines WGLC

On 2010-09-01 05:51, Gert Doering wrote:
> Hi,
> 
> On Tue, Aug 31, 2010 at 07:34:48PM +0200, Mohacsi Janos wrote:
>> On Tue, 31 Aug 2010, Gunter Van de Velde (gvandeve) wrote:
>>> Can be mananaged... but... if you use 6to4, then do you know the person 
>>> running the relays? Do you even know who is running the relays? And why 
>>> should the people running the relays care about you if you are not there 
>>> direct customer?
>> If a provider is encouraging to use 6to4, it will provide 6to4 relay for 
>> their customers: announcing anycast 6to4 relay address to them (probably 
>> only for them). Provider is monitoring operational status of 6to4 relay, 
> 
> And the response traffic takes this relay, because...?

Actually, it doesn't. It takes whatever relay 2002::/16 happens to be
routed to at the remote host's location. It's when there is no
such route to a "willing" relay that 6to4 fails. That is the analysis
that's missing in draft-vandevelde-v6ops-harmful-tunnels.

>> traffic volume etc. plus help debugging MTU problems... Yes I know, this 
>> is can be done only for outgoing direction.... But if every 6to4 relay 
>> provider would be doing the same....
> 
> "If".  But this is not so, and therefore, 6to4 with anycast relay is
> just not something that makes sense for global traffic.

Well, the problem is usually not the anycast relay, but the return path.
However, I agree; the problem cases seem to be caused by RFC 3068.
(Continue reading)

Permalink | Reply | 0 comments |
headers
Fernando Gont | 1 Sep 2010 06:36
Picon
Favicon

Re: Comments on draft-nakibly-v6ops-tunnel-loops

Hi, Gabi,

Please find my comments inline...

>>>> b) "Attack #2: ISATAP Router to 6to4 Relay"
>>>>
>>>> This one implies that the ISATAP router will send a tunneled packet on
>>>> its *external* interface. Being ISATAP an *Intra-site* tunneling
>>>> protocol, this clearly shouldn't happen (but Fred Templin is certainly
>>>> in a much better position than me to correct me if I'm wrong).
>>>>
>>>> Both in this case and in Attack #1 above, there should never be a case
>>>> in which a packet is received on the external physical interface, and
>>>> forwarded back on that external physical interface.
>>> Similarly to the case we described above, the packet will indeed be forwarded 
>> by
>>> the ISATAP router over its internal interface, but the packet will find its 
>> way
>>> out through the second border router and loop will continue.
>> This scenario should be clearly explained, then. -- Even then, being a
>> border router the ISATAP router probably knows the IP address block
>> that's used within the site. Therefore, it should probably filter those
>> packets that would need to be tunneled off-site.
> 
> An ISATAP router doesn't do that by default. 

One would expect the ISATAP router to omplement some kind of access
control that determines who can make use of the ISATAP service. In the
abscense of "strong" authentication, one would expect that ISATAP router
to implement IP_address-based "authentication". -- One might argue that
(Continue reading)

Permalink | Reply | 1 comment |
headers
Randy Bush | 1 Sep 2010 08:50

ipv6 anycast

anyone have pointers to production operational use of ipv6 anycast on
the real interwebz?

randy
Permalink | Reply | 21 comments |
headers
Mikael Abrahamsson | 1 Sep 2010 09:20
Picon
Favicon

Re: ipv6 anycast

On Wed, 1 Sep 2010, Randy Bush wrote:

> anyone have pointers to production operational use of ipv6 anycast on
> the real interwebz?

I've been confused before, so I just have to ask. Do you mean the BGP kind 
of Anycast, or the IPv6 Anycast spoken about in here: 
http://www.iana.org/assignments/ipv6-anycast-addresses/ ?

I think it's very unfortunate that there are two concepts sharing the 
same name. I saw someone asking on a Linux list about this, and before 
everybody figured out what he wanted there was some confusion...

--

-- 
Mikael Abrahamsson    email: swmike@...
Permalink | Reply | 19 comments |
headers
Randy Bush | 1 Sep 2010 09:43

Re: ipv6 anycast

>> anyone have pointers to production operational use of ipv6 anycast on
>> the real interwebz?
> I've been confused before, so I just have to ask. Do you mean the BGP kind 
> of Anycast, or the IPv6 Anycast spoken about in here: 
> http://www.iana.org/assignments/ipv6-anycast-addresses/ ?

the ipv6 new invention.

randy
Permalink | Reply | 3 comments |
headers
Tina TSOU | 1 Sep 2010 09:57
Favicon

Re: ipv6 anycast


B. R.
Tina
http://tinatsou.weebly.com/index.html
----- Original Message ----- 
From: "Randy Bush" <randy@...>
To: "Mikael Abrahamsson" <swmike@...>
Cc: "IPv6 v6ops" <v6ops@...>
Sent: Wednesday, September 01, 2010 3:43 PM
Subject: Re: ipv6 anycast

>>> anyone have pointers to production operational use of ipv6 anycast on
>>> the real interwebz?
>> I've been confused before, so I just have to ask. Do you mean the BGP 
>> kind
>> of Anycast, or the IPv6 Anycast spoken about in here:
>> http://www.iana.org/assignments/ipv6-anycast-addresses/ ?
>
> the ipv6 new invention.
People used IPv4 anycast in 6to4 and 6rd nowadays. Who knows that people may 
use IPv6 anycast in the future? (Randy, here are you Q-tips;-)

>
> randy
>
>
Permalink | Reply | 1 comment |
headers
Jeroen Massar | 1 Sep 2010 10:08
Favicon
Gravatar

Re: ipv6 anycast

On 2010-09-01 09:43, Randy Bush wrote:
>>> anyone have pointers to production operational use of ipv6 anycast on
>>> the real interwebz?
>> I've been confused before, so I just have to ask. Do you mean the BGP kind 
>> of Anycast, or the IPv6 Anycast spoken about in here: 
>> http://www.iana.org/assignments/ipv6-anycast-addresses/ ?
> 
> the ipv6 new invention.

As that list states there effectively is only mobility & subnet-anycast.

I have never seen anybody use mobility except for a test setup and
subnet-anycast, I actually don't know the reason for existence...
Well, there is one of course, that if you ping it you know which nodes
are configured to use that prefix, which is only useful if you have
multiple prefix on the same link.

"Production operational" use == 0 though on my score card.

Greets,
 Jeroen
Permalink | Reply | 0 comments |
headers
Randy Bush | 1 Sep 2010 10:15

Re: ipv6 anycast

> People used IPv4 anycast in 6to4 and 6rd nowadays.

which has nothing to do with my question.  been using ipv4 style anycast
for a decade and a half.  i have too much operatonal experience with it.

> Who knows that people may use IPv6 anycast in the future? (Randy, here
> are you Q-tips;-)

if i could predict the future, i would bet on the horses not hack on
routers and computers.  if you can do better, why are you wasing your
time here?

but again, this has nothing to do with what i asked.  deploy q-tips, and
i will try again.

>> anyone have pointers to production operational use of ipv6 anycast on
>> the real interwebz?

that speaks to the present and past tense.  i am not interested in what
might happen.  i am interested in real operational experience with ipv6
(not ipv4-style) anycast on the real interwebz.

randy
Permalink | Reply | 0 comments |
headers
Randy Bush | 1 Sep 2010 11:32

Re: ipv6 anycast

> So practically there's only a single anycast concept now in IPv6 as 
> well.

then explain why there is reservation for an anycast address on a subnet
link?

randy
Permalink | Reply | 12 comments |
headers
Pekka Savola | 1 Sep 2010 11:29
Picon

Re: ipv6 anycast

On Wed, 1 Sep 2010, Mikael Abrahamsson wrote:
>>  anyone have pointers to production operational use of ipv6 anycast
>>  on the real interwebz?
>
> I've been confused before, so I just have to ask. Do you mean the BGP kind of 
> Anycast, or the IPv6 Anycast spoken about in here: 
> http://www.iana.org/assignments/ipv6-anycast-addresses/ ?

This distinction is less relevant today because since RFC4291, it's 
allowed to use ipv6 anycast address as a source address.  From the 
RFC:

     o The restrictions on using IPv6 anycast addresses were removed
       because there is now sufficient experience with the use of anycast
       addresses, the issues are not specific to IPv6, and the GROW
       working group is working in this area.

So practically there's only a single anycast concept now in IPv6 as 
well.

Special thanks to Joe Abley who pushed this through.

--

-- 
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
Permalink | Reply | 13 comments |

Gmane