6to4 relay routers
berni at birkenwald.de
Wed Jul 27 22:00:26 CEST 2005
Joe Abley wrote:
> In the cases that I have debugged, it has turned out that the problem
> was an unreachable (or apparently malfunctioning) RFC3608-numbered relay
> router from the 6to4-numbered client, or a missing route to 2002::/16
> from our network.
In cases where the relay (either IPv4 or IPv6) is unreachable I've seen
(several times) well connected public relays advertised to peers with
the no-export community to limit propagation and thus the bandwidth
usage on the local relay. Unfortunately this can break visibility for
downstream neighbors which just don't get the routes from their upstreams.
> I am looking at providing a public relay router in AS 3557 in
> California, and advertising both 2002::/16 and 22.214.171.124/24 for global
> transit as a public service. This seems very much in keeping with ISC's
> goals as a public-benefit corporation, and hopefully would also have the
> side effect of reducing NOC calls about 6to4 reachability of stuff
> hosted in our network :-)
I fully encourage you to do that :-)
Maybe you want to to some fiddling with the communities for your
upstreams since advertising 126.96.36.199/24 to your intercontinental
upstream is less than optimal for latencies. Especially european users
might not be that happy to see their packets go to .us first.
> Anybody know if the various 6to4 relay router operators are coordinating
> their efforts in any way? We're happy to host a web page and keep it
> up-to-date if that seems like it might be helpful.
There is the mailinglist 6to4-ops at bit.nl run by Pim van Pelt which
occasionally has some 6to4 related traffic (sorry, I don't know the
subscription address or webpage). But generally there is no real
coordination, whoever asks to be added to RFC3068-MNT to be able to
create a route object is added, but there are several operators
announcing the prefix without route object.
Unfortunately 6to4 is a mess to debug, as long as you don't have a node
in your network doing both directions though your relay you can't even
monitor it reliably.
For the parties interested I've written a config sample in the
#networker-wiki some time ago
Configuring a relay is quite straight forward, but to keep it running
(see monitoring) is not that easy. Basically you have to trust your
Cisco. For intrasite users we're now doing tests with ISATAP, since all
relays are in your own control it is easier to debug and has usually
More information about the ipv6-ops