[AusNOG] IPv6: Where's my tunnel?

Mattia Rossi mattia.rossi.mailinglists at gmail.com
Fri Mar 8 19:30:42 EST 2013

Am 08.03.2013 01:45, schrieb Karl Auer:
> On Fri, 2013-03-08 at 13:10 +1300, Don Gould wrote:
>> On 8/03/2013 11:57 a.m., Geoff Huston wrote:
>>> You are far better off avoiding tunnels.
>> I need to know how to set up work arounds.
> No, you don't. There is no point setting up workarounds for other
> people's misconfigurations unless you have a specific reason to be
> interested in the misconfigured sites, and then only if they cannot or
> will not fix their misconfiguration. In that case - specific need - it
> makes sense. Otherwise, just enjoy the rest of the IPv6 Internet, where
> tunnels just work.
I believe with "work arounds" Don actually meant using tunnels, and was 
confused by Geoffs statement that tunnels are bad.
The point that Geoff's making, is that there might be plenty of home 
IPv6 user with native IPv6 which use a PMTU of 1500 behind a dodgy CPE 
which filter ICMPv6 messages. In that case such users will connect to 
your server behind the tunnel, with a PMTU of 1280. As soon as a packet 
larger than 1280 gets from the client to your server, an ICMPv6 message 
is sent back to the client to tell it to send a smaller packet, does get 
filtered, and the TCP connection stalls: You just provided the client 
with the worst user experience ever.

It also works the other way round (tunneled home user, native hoster), 
which is more likely to happen in terms of hitting the large packet 
size, but it's also less likely that the provider sits behind dodgy 
boxes which filter ICMPv6.

I might be terribly wrong about the "more or less likely" thing though, 
haven't seen recent statistics.

I think it's your call, whether you want to risk the possibility to run 
into this problem, but still provide IPv6 connectivity to end users via 
a tunnel, or whether you find it too risky.

My suggestion to Don is to tunnel if there's really no chance at all to 
get IPv6 otherwise, rather than doing nothing, as you'll miss out on the 
IPv6 learning curve otherwise.  But also keep pestering your 
connectivity provider asking them for v6 connectivity :-)



More information about the AusNOG mailing list