North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: IPv6 routing /48s
A good example is that traceroutes through my he.net tunnel using 6to4 source addresses do not get replies through he.net's network, presumably due to their routers not being 6to4 aware and having no route to respond.
(Chris thank you for automatically going into customer service mode :)
A bunch of background first, then some questions to help diagnose this specific case.
We don't filter 6to4 in any way.
We don't run 6PE.
We don't operate any 6to4 gateways.
We've been considering it carefully, and haven't taken the plunge. There is sort of a "routing the whole Internet for free" aspect that will occur as v6 takes off and it's not clear how one manages that (i.e. If you do it in the beginning until people depend on it and traffic grows to 100 Gbps and you no longer can afford to do it for free, do you stop? What about all the IPv4 traffic traveling directly between 6to4 gateways on IPv4? abuse, security, man in the middle by definition, etc).
This means any 6to4 gateway action is happening on somebody's 6to4 gateway not operated by us.
There are people that are using 6to4 on our network that works just fine. You can reach several 6to4 gateways on both IPv4 and IPv6 via our network.
However, what is likely happening is a random 6to4 gateway operator may have seen fit to rate limit or filter ICMP.
To properly diagnose 6to4 problems you potentially need as many as 4 traceroutes, IPv6 traceroutes from the source and destination endpoints and a IPv4 traceroutes to the 6to4 gateway addresses from the source and destination endpoint. There a few other tips I'm forgetting at the moment, however if you send us email (to [email protected]) we will make sure to research it thoroughly.
Because 6to4 gateways are *anycast* the gateways you use in any part of the world in any part of a specific network may be different.
This makes debugging it "interesting".
Responses pick up again after picking up a network such as NTT that is 6to4 aware. My 2001:: addressing works just fine the entire route.
Jack, it seems you are saying traffic passes end to end just fine, you just don't get ICMP responses from some of the hops in the middle. Is this correct?
If you would like, please send email to [email protected] with the detail regarding what you are seeing with all of the endpoint information and the traceroutes and we will work from our side to see where the "interesting" 6to4 gateway is that is affecting your traceroute. We will probably also need you to have access to the destination side as well.
-- +---------------- H U R R I C A N E - E L E C T R I C ----------------+ | Mike Leber Wholesale IPv4 and IPv6 Transit 510 580 4100 | | Hurricane Electric AS6939 | | [email protected] Internet Backbone & Colocation http://he.net | +---------------------------------------------------------------------+