RING measurements don't match access-networks (Was: Some very nice broken IPv6 networks...)

Job Snijders job at instituut.net
Mon Nov 10 11:48:49 CET 2014 

On Mon, Nov 10, 2014 at 08:46:50AM +0100, Jeroen Massar wrote:
> > Some hosts are behind exotic 6to4 NATted tunnels,
> 
> I am a bit surprised by such a statement, or the need for it

Because that's what it looks like? I don't know what else i'd call this:

job at amazon01:~$ ifconfig tun6to4
tun6to4   Link encap:IPv6-in-IPv4
          inet6 addr: 2406:da00:ff00::1715:b057/128 Scope:Global
          inet6 addr: ::10.28.34.28/128 Scope:Compat

> Also making a claim like that they are 6to4 that is known to be false,
> is a bit weird as there is no 2002::/16 address in the participants
> hosts:

All I wanted to point out is that there is a large diversity in how RING
nodes' IPv6 connectivity is arranged. I'll rephrase it as "Some hosts
are behind exotic setups". 

> <snip>

> Actually, what that demonstrates is that out of a set of well-managed
> nodes, there are issues with PMTU. Hence, please contact these
> networks (they are part of the ring, thus that should be easy) and
> make them behave properly. That solves another set of problems.

Do you want to help engage with these networks? 

> You might want to run a similar one from all the nodes, thus making a
> cross-RING MTU determination to get even better results, as I did it
> only from one vantage point. Maybe time for ring-mtu? :)

That sounds like a great idea, maybe it can be added to RING SQA as a
secondary type of alert? "MTU suddenly decreased or increased towards a
significant set of RING nodes"? https://github.com/NLNOG/ring-sqa

> > For NLNOG RING applications we mandate that there is 1 globally unique
> > IPv6 address on the host, we do not specify how this should be
> > accomplished. This leads to some variety, not all of those
> > implementations I would describe as "well behaved".
> 
> While that is absolutely true, most of those boxes ARE well behaved, as
> the providers involved will take sure that there are no problems.
> 
> And they definitely are not located in an access network on a dingy home
> DSL line...

I've asked some incumbents to provide this, but so far no dice. Thanks
for taking a deep dive. Randy Bush presented at RIPE69 comparing the
RING with RIPE Atlas, I thought it interesting:

    https://ripe69.ripe.net/presentations/92-141105.ripe-atlas-nlnog-compare.pdf

Kind regards,

Job

More information about the ipv6-ops mailing list