[AusNOG] My Predictions for the ISP Industry

Mattia Rossi mrossi at swin.edu.au
Fri Mar 16 15:32:14 EST 2012


On 16/03/2012 15:18, Geoff Huston wrote:
>
> On 16/03/2012, at 3:05 PM, Mark Andrews wrote:
>
>>
>> In message<20120316025931.GA86708 at atdot.dotat.org>, Mark Newton writes:
>>> On Fri, Mar 16, 2012 at 01:55:20PM +1100, Paul Brooks wrote:
>>>
>>>> Which means the HE figures are conservative, and there are likely to
>>>> be a whole pile more people using mechanisms like 6to4 above and
>>>> beyond the real tunnel figures.
>>>
>>> Yeah, but a counterpoint is that 6to4 often doesn't work.
>>>
>>> Check Geoff's presso at APNIC31 for the lowdown.
>>
>> And neither do 6in4 tunnels, like HE offer, if they are initiated
>> from the same points in the network.
>>
>> Now if people wrote their applications with multi-homed support
>> that didn't suck, broken 6to4 tunnels wouldn't be a major issue.
>> You don't have to wait 30 seconds to try the next address.  You can
>> try more than one address.  This could be multiple IPv4 addresses,
>> multiple IPv6 address or a mix of IPv4 and IPv6 addresses.
>
> Its not the broken tunnels in 6to4 that are the major problem - it's than many (15% or so, +/- 5%) edge devices use pretty tight filter rules and deny incoming protocol 41 packets. So you can send 6to4, but you receive nothing! This is, of course, a problem, because your system only detects the brokenness by waiting for a packet for ages. And your system is also unduly optimistic. It will forget that it had to fail back to IPv4 and when you head to a new dual stack site it will do this send and wait in 6to4 all over again. And again. ...
>

Here I have a question:

To me it seems that Paul is using 6to4 on the CPE. This means that the 
CPE is creating a 6to4 prefix out of it's public facing IPv4 address,
which is then used to distribute v6 addresses to all his IPv6 devices in 
the house.
So it also seems to me, that the 6to4 tunneling bit happens in the "DMZ" 
of the house, so there shouldn't be any firewall blocking it.

So far so good... but my question is: how do machines inside the house 
handle addresses of the 2002::/16 prefix? Because that's what you get.
Wouldn't WinXP automatically deprecate the use of that address, and you 
would just run into trouble?

I'm a bit surprised that this actually works...

Mat



More information about the AusNOG mailing list