6to4 status (again)

Ivan Pepelnjak ipepelnjak at gmail.com
Tue Feb 26 11:36:48 CET 2013 

Maybe it's time someone rewrites that code ;) The box you have should be 
pushing Gbps. See also

http://erratasec.blogspot.co.at/2013/02/custom-stack-it-goes-to-11.html

I know it's not going to happen ...
Ivan

On 26.02.2013 11:29 , Max Tulyev wrote:
> I believe you are using some kind of Linux/BSD box as 6to4 relay. So 
> just launch tcpdump/ethereal/wireshark and see it ;)
>
> We operate the 6to4 relay in Ukraine. There is 400mbps traffic, and it 
> seems it hits maximum available CPU usage (dual QuadXeon L5420) during 
> a peak time.
>
> The most of the traffic is 6to4<->Teredo. The second position is for 
> BitTorrent. But a 'good' traffic is significally increased too, as 
> there is Facebook, Google, Yandex, Vkontakte enabled IPv6 by default.
>
> I see the root of the problem is in algoritm chooses the IPv4/IPv6 
> preference. Mostly it uses IPv6 if it is available, whatever IPv4 path 
> enabled or not. So it used to connect two IPv4-enabled boxes CAN 
> connect through IPv4 - through IPv4<->6to4<->teredo<->IPv4 path. It is 
> not good at all, and should be explained good to all vendors.
>
> May be it will be a good idea to block some kind of IPv6 traffic on 
> the relay to force use IPv4 instead of chains of tunnels?
>
> On 25.02.13 23:48, Kevin Day wrote:
>>
>> I know this was brought up in November, but I didn't see much of a 
>> consensus…
>>
>> We run one of the public 6to4 relays. Lately traffic to it has been 
>> growing very rapidly and I'm really not sure why. Other people 
>> shutting their public relays down? More AAAA records are making more 
>> people fall back to 6to4? Idiots using it for DDoS?
>>
>> For most of 2012 the usage averaged about 50-100mbps, but lately 
>> we're seeing sustained levels of 500mbps-900mbps. I'd rather not 
>> deploy 10GE on our 6to4 box just to handle the traffic growth.
>>
>> Has anyone here looked at public 6to4 usage recently and seen similar 
>> trends?
>>
>> Part of me is thinking we should just rate limit the box to something 
>> more reasonable. While it's still running, it'll be slow enough that 
>> hopefully people will move to a better transitional technology. My 
>> fear is that it will cause more "v6 sucks, it's so slow" and people 
>> shut it off without looking at why.
>>
>>
>>
>

More information about the ipv6-ops mailing list