Best practice for running 6to4 relays (was Re: 6to4 borkeness)

Kevin Day kevin at your.org
Thu Mar 20 00:46:19 CET 2008 

>>
>>
>> On our end, this is what we've got:
>>
>> Dedicated box doing nothing other than 6to4. It's a dual P3 866 Xeon,
>> and it's pretty much got 99% idle time on it.
>>
>> This box uses Quagga to announce 192.88.99.0/24 and 2002::/16 to our
>> core router. This way if the box dies, our announcements get  
>> withdrawn.
> A quagga conf file (example or real) would be helpful to look at...
>

It's pretty simple really:

router bgp 19255
  bgp router-id 192.88.99.1
  network 192.88.99.0/24
  neighbor 216.14.98.5 remote-as 19255
  neighbor 216.14.98.5 update-source 216.14.98.26
  neighbor 2001:4978:1:410::ffff remote-as 19255
  no neighbor 2001:4978:1:410::ffff activate
!
  address-family ipv6
  network 2002::/16
  neighbor 2001:4978:1:410::ffff activate
  exit-address-family
!

216.14.98.5 is our core router's v4 address for this link.  
2001:4978:1:410::ffff is it's v6 address.


> I note that everybody doing this seems utterly reliant on BGP, in  
> terms
> of distributing the anycast address to the world. In the inside the
> smaller (wireless) ISP case, BGP is not in use. I wonder what will
> happen (router trafficwise) if I use another protocol... or don't use
> one at all. what additional traffic would dns udp over ipv6  
> generate...
>

There's nothing special about BGP, it's just what a lot of us are  
using elsewhere, so it's easier to reuse that infrastructure than run  
another routing protocol just for this. Nothing says you can't use  
OSPF or IS-IS or even static routes that I'm aware of. You just need  
to concern yourself with BGP if you want people outside your network  
to be able to use your relay.

If you're just doing this for purely internal use and don't care if  
you break connectivity to your own clients if your 6to4 relay goes  
down, you can just static route all of it.

> I assume you are doing BGP announcements to the core router from  
> quagga.
>
> Similarly, I assume your core router filters out bogus announcements  
> of
> other 6to4 routers (for example, someone as crazy as I am, inside your
> network, mistakenly announcing they have 6to4 with a better metric  
> than
> you do...
>

Yep, prefix filters on every BGP session will make sure we're only  
accept what we're expecting from anyone we have a BGP session with.  
BGP sessions have to be explicitly configured though, so there's not  
much chance of a random user setting up a BGP router and breaking our  
network.

>> The occasional burst over 100mbps often enough to justify a GigE port
>> for this, but average use for our Chicago relay is less than 10mbps.
>> Average use for our Amsterdam relay is less than 30mbps.
> I look forward to the results of your ipv6experiment! :)

It's coming.. I know i've been saying that for months, but it's really  
almost ready now. :)

-- Kevin

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.cluenet.de/pipermail/ipv6-ops/attachments/20080319/e24f0a8e/attachment-0001.htm

More information about the ipv6-ops mailing list