Instant IPv6 PI solution for everyone (Was: BBC does IPv6 ;) (Was: large multi-site enterprises and PI)

Mon Nov 29 10:12:29 UTC 2004

On Mon, 2004-11-29 at 01:59 -0800, Owen DeLong wrote:
> > 2002:<AB>:<CD>::/48, eg, 192.0.2.42 becomes 2002:c000:22a::/48, 6to4,
> > quite in use and works fine when the 6to4 relays are close-by for both
> > ends.
> >
> OK... Seems a bit messier, and more wasteful of address space, but, if we
> want to blow away 4 billion /48s to accomodate v4 connectivity, it's not
> like we'll miss them.

2002::/16 is used as a transition mechanism as such it should go away at
one point, also it would only reach maybe the ~160k IPv4 routes that
already exist in IPv4 space _if_ people would use it and ignore the RFC.

> > Say, you currently have 192.0.2.0/24 (IPv4 doc prefix, can't use ;) then
> > you thus also have 2002:c000:22a::/48 or larger of course, depending on
> > your IPv4 space, though a /48 should be enough for most folks.
> >
> Actually, I think that would be 2002:c000:0200::, but, that's not a /48,
> it's a /40 (2002:c000:0200:: to 2002:c000:02ff::).  One of us must be
> confused.

Cut and pasto from the above, forgetting to strip the .42 and making it
a /40 indeed.

> > Tada, because you have one single IPv4 address, that is most likely
> > already PI in IPv4, you also have a IPv6 prefix that is PI.
> >
> Agreed... That's pretty much what I've been saying (sort of).
> 
> > Now can everybody stop complaining that the installed IPv4 base already
> > has PI and needs it too for IPv6, use above solution and get it over
> > with. Also if you are multihomed by multiple IPv4 prefixes you can do
> > that with the above too, just RA multiple prefixes on your network.
> >
> I'm perfectly willing to live with that, but, a bunch of people are saying
> that that's "Not deployment of v6", "an ugly hack", and, "we don't want to
> keep that alive any longer than we have to."  As such, there needs to be
> some other solution.  Also, eventually, there will need to be a solution
> for organizations that don't have and can't get v4 space but still have
> the same requirements and meet the same criteria as orgs that can get v4
> space today.

It is not real IPv6, only sort of, it is transition, but it can be
abused for some setup like this too ;) There are quite a number of
organizations who simply are using 6to4 addresses because this way they
don't have to go to the RIR's and the prefixes also work behind a NAT.
For that matter, next to ULA, one could use the IPv6 doc prefix
internally, but you will get clashes when joining organizations, it
really is not allowed in the global routing table and effectively you
are stealing address space. Then again, anyone could setup his/her own
registry, it would be totally not Internet related then though ;)

If they can meet the v4 requirement, get some v4 space and use it for
IPv6 too, two flies in one go. Note that many resources (read: google,
cnn, ebay, itunes, kazaa and all your favorite nature sites) are not
available in IPv6 unless using some proxy method anyway, thus you will
need IPv4 at the moment for one reason or another.

> > There is one catch-22 though, according to RFC3056 Section 2.2:
> > 8<-------------------
> >    On its native IPv6 interface, the relay router MUST advertise a route
> >    to 2002::/16.  It MUST NOT advertise a longer 2002:: routing prefix
> >    on that interface.  Routing policy within the native IPv6 routing
> >    domain determines the scope of that advertisement, thereby limiting
> >    the visibility of the relay router in that domain.
> > ------------------->8
> > Because it would introduce a lot of IPv4 routes into the IPv6 routing
> > tables...
> >
> Then that isn't really a solution.

One can ignore it, it has been done and people keep doing it.
There is also a "one should not announce a prefix longer than the
allocation" rule, but there are ISP's announcing /64's etc also.

> > As at the moment most ISP's don't filter >/48 this should not be much of
> > a problem. And folks, don't forget to setup your _own_ 6to4 relay
> > otherwise your connectivity will be terrible.
> >
> So I don't understand how this ends up actually working.  How does the
> rest of the world know which 6to4 relay to send which IPv4 prefixes to?

See the RFC3056 and more relevant RFC3058.

In short:

* 2001:db8:300:42a:202:55ff:fe2a:580c ('real' ipv6, doc prefix) wants to
send a packet to 2002:c000:22a:202:55ff:fe74:c924

Packet find a route to the router that announces 2002::/16 or longer.
This box knows the 6to4 trick and deducts: 2002:c000:22a::/48 ->
192.0.2.42 and send the packet using proto-41 to that IPv4 address. That
machine receives it and forwards it to the real endhost.

* 2002:c000:22a:202:55ff:fe74:c924 replies packet to
2001:db8:300:42a:202:55ff:fe2a:580c

Sends packet to default router, which has a default route to IPv6
prefixes and forwards it.

Greets,
 Jeroen

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 240 bytes
Desc: This is a digitally signed message part
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20041129/ec520138/attachment.sig>