Denic (.de) blocking 6to4 nameservers (since begin feb 2010)
nanog at daork.net
Mon Feb 15 16:31:45 CST 2010
On 16/02/2010, at 5:03 AM, Tim Chown wrote:
> On Fri, Feb 12, 2010 at 08:16:56AM +1100, Mark Andrews wrote:
>> If you can't get native IPv6 then use a tunneled service like
>> Hurricane Electric's (HE.NET). It is qualitatively better than
>> 6to4 as it doesn't require random nodes on the net to be performing
>> translation services for you which you can't track down the
>> administrators of. You can get /48's from HE.
> Our external IPv6 web accesses are still very low, but have grown
> linearly over the last five years from 0.1% in 2005/06 to 0.5% of
> total web traffic now. Internally of course our figures are higher.
> Of that IPv6 traffic, 1% comes from 2002::/16 prefixes. Even less
> from Teredo prefixes. I guess we could run stats against known TB
> prefixes to determine who is using those.
You are very unlikely to get traffic from Teredo, because:
1) Windows only asks for AAAA if it has non-Teredo IPv6 connectivity
2) When Windows has non-Teredo IPv6 connectivity and so can ask for AAAA, preference for reaching your web content is going to be non-Teredo IPv6 -> IPv4 -> Teredo, due to the prefix policy table, unless you have an AAAA in 2001::/32 (Teredo space), in which case it will prefer IPv4 -> Teredo.
With 6to4, Windows hosts will ask for AAAA, and will prefer non-6to4 IPv6 over 6to4 over IPv4. I'm a little surprised at how little 6to4 traffic you get.
Teredo gets most use when an application asks for a connection to a certain IPv6 address, without DNS. This is most common in peer to peer - you're not going to levels of web traffic and P2P traffic using Teredo that are comparable ratios to IPv4.
My expectation is that lines in your web logs in 2001::/32 have user agent strings indicating non-Windows hosts - or perhaps someone has miredo running on a proxy server, or perhaps the users' non-Teredo IPv6 AND IPv4 paths to you were broken when they tried to make a request. Stranger things have happened..
I wrote some code that will allow you to better understand the connectivity that end users of your web content have - when they visit your site it has them get 1x1 px transparent GIF images from various different hostnames with different characteristics in the DNS, and then reports back which loaded and how long.
Wikipedia were running this for a while, on every 100th hit. They did a modification to this where they also had a large image to test for pmtud errors. Google are using a similar technique to test IPv6 capabilities and networks.
I'll add something with the pmtud stuff in the next week or so, and I'll also push the code to github.
You'll probably want to make you own changes based on what you're interested in, also.
More information about the NANOG