IPv6 routing /48s

Mike Leber mleber at he.net
Wed Nov 19 17:16:26 CST 2008


Christopher Morrow wrote:
 >Jack Bates wrote:
>> A good example is that traceroutes through my he.net tunnel using 6to4
>> source addresses do not get replies through he.net's network, presumably due
>> to their routers not being 6to4 aware and having no route to respond.
> 
> can you explain this a little more? is it possible your v6 packets hit
> something like 6pe inside HE and exit to NTT without hitting a

(Chris thank you for automatically going into customer service mode :)

A bunch of background first, then some questions to help diagnose this 
specific case.

We don't filter 6to4 in any way.

We don't run 6PE.

We don't operate any 6to4 gateways.

We've been considering it carefully, and haven't taken the plunge. 
There is sort of a "routing the whole Internet for free" aspect that 
will occur as v6 takes off and it's not clear how one manages that (i.e. 
If you do it in the beginning until people depend on it and traffic 
grows to 100 Gbps and you no longer can afford to do it for free, do you 
stop?  What about all the IPv4 traffic traveling directly between 6to4 
gateways on IPv4?  abuse, security, man in the middle by definition, etc).

This means any 6to4 gateway action is happening on somebody's 6to4 
gateway not operated by us.

There are people that are using 6to4 on our network that works just 
fine.  You can reach several 6to4 gateways on both IPv4 and IPv6 via our 
network.

However, what is likely happening is a random 6to4 gateway operator may 
have seen fit to rate limit or filter ICMP.

To properly diagnose 6to4 problems you potentially need as many as 4 
traceroutes, IPv6 traceroutes from the source and destination endpoints 
and a IPv4 traceroutes to the 6to4 gateway addresses from the source and 
destination endpoint.  There a few other tips I'm forgetting at the 
moment, however if you send us email (to ipv6 at he.net) we will make sure 
to research it thoroughly.

Because 6to4 gateways are *anycast* the gateways you use in any part of 
the world in any part of a specific network may be different.

This makes debugging it "interesting".

>> Responses pick up again after picking up a network such as NTT that is 6to4
>> aware. My 2001:: addressing works just fine the entire route.
> 
> '6to4 aware' doesn't compute...

Jack, it seems you are saying traffic passes end to end just fine, you 
just don't get ICMP responses from some of the hops in the middle.  Is 
this correct?

If you would like, please send email to ipv6 at he.net with the detail 
regarding what you are seeing with all of the endpoint information and 
the traceroutes and we will work from our side to see where the 
"interesting" 6to4 gateway is that is affecting your traceroute.  We 
will probably also need you to have access to the destination side as well.

Mike.

-- 
+---------------- H U R R I C A N E - E L E C T R I C ----------------+
| Mike Leber        Wholesale IPv4 and IPv6 Transit      510 580 4100 |
| Hurricane Electric                                           AS6939 |
| mleber at he.net     Internet Backbone & Colocation      http://he.net |
+---------------------------------------------------------------------+




More information about the NANOG mailing list