<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
</head>
<body dir="auto">
I did not graph it or anything, but it’s no more than a few Mbps.<br>
<br>
<div id="AppleMailSignature" dir="ltr">
<div style="text-align: left;direction: ltr; ">Amos</div>
<div><br>
</div>
Sent from my iPhone</div>
<div dir="ltr"><br>
On 14 May 2019, at 23:56, Brian E Carpenter <<a href="mailto:brian.e.carpenter@gmail.com">brian.e.carpenter@gmail.com</a>> wrote:<br>
<br>
</div>
<blockquote type="cite">
<div dir="ltr"><span>On 15-May-19 04:22, Amos Rosenboim wrote:</span><br>
<blockquote type="cite"><span>Let me just clarify few points:</span><br>
</blockquote>
<blockquote type="cite"><span>The suggested filter is not for the protocol, but for the 2002::/16 address space.</span><br>
</blockquote>
<span></span><br>
<span>Sure. But this is quite complicated; more complicated than I imagined when we invented 6to4. I really suggest reading
<a href="https://tools.ietf.org/html/rfc6343">https://tools.ietf.org/html/rfc6343</a> and then
<a href="https://tools.ietf.org/html/rfc7526">https://tools.ietf.org/html/rfc7526</a> carefully, for those that haven't done so.</span><br>
<span></span><br>
<span>According to Google statistics, 6to4 has been immeasurably small for at least a year (0.00%), but I don't see why it would do you any harm.</span><br>
<span></span><br>
<blockquote type="cite"><span>Also the traffic I am seeing is between addresses within this prefix to addresses of our native IPv6 users.</span><br>
</blockquote>
<span></span><br>
<span>That's exactly what you should see, IMHO. What % of total IPv6 traffic is that, as a matter of curiosity?</span><br>
<span></span><br>
<blockquote type="cite"><span>As for policy - we tend to be as permissive as we can, and we certainly wouldn’t like to restrict what is left from p2p apps.</span><br>
</blockquote>
<span></span><br>
<span>No argument from me.</span><br>
<span></span><br>
<span> Brian</span><br>
<span></span><br>
<blockquote type="cite"><span></span><br>
</blockquote>
<blockquote type="cite"><span>Amos</span><br>
</blockquote>
<blockquote type="cite"><span></span><br>
</blockquote>
<blockquote type="cite"><span>Sent from my iPhone</span><br>
</blockquote>
<blockquote type="cite"><span></span><br>
</blockquote>
<blockquote type="cite"><span>On 14 May 2019, at 18:50, JORDI PALET MARTINEZ <<a href="mailto:jordi.palet@consulintel.es">jordi.palet@consulintel.es</a> <<a href="mailto:jordi.palet@consulintel.es">mailto:jordi.palet@consulintel.es</a>>> wrote:</span><br>
</blockquote>
<blockquote type="cite"><span></span><br>
</blockquote>
<blockquote type="cite">
<blockquote type="cite"><span>Hi Marc,</span><br>
</blockquote>
</blockquote>
<blockquote type="cite">
<blockquote type="cite"><span></span><br>
</blockquote>
</blockquote>
<blockquote type="cite">
<blockquote type="cite"><span> </span><br>
</blockquote>
</blockquote>
<blockquote type="cite">
<blockquote type="cite"><span></span><br>
</blockquote>
</blockquote>
<blockquote type="cite">
<blockquote type="cite"><span>I don’t agree. There are many users with tunnel brokers that use 6in4. If you filter 6to4 as a protocol, you’re also filtering all those users’ traffic.</span><br>
</blockquote>
</blockquote>
<blockquote type="cite">
<blockquote type="cite"><span></span><br>
</blockquote>
</blockquote>
<blockquote type="cite">
<blockquote type="cite"><span> </span><br>
</blockquote>
</blockquote>
<blockquote type="cite">
<blockquote type="cite"><span></span><br>
</blockquote>
</blockquote>
<blockquote type="cite">
<blockquote type="cite"><span>Not everybody is lucky enough to have native IPv6 support from its ISP.</span><br>
</blockquote>
</blockquote>
<blockquote type="cite">
<blockquote type="cite"><span></span><br>
</blockquote>
</blockquote>
<blockquote type="cite">
<blockquote type="cite"><span></span><br>
</blockquote>
</blockquote>
<blockquote type="cite">
<blockquote type="cite"><span>Saludos,</span><br>
</blockquote>
</blockquote>
<blockquote type="cite">
<blockquote type="cite"><span></span><br>
</blockquote>
</blockquote>
<blockquote type="cite">
<blockquote type="cite"><span>Jordi</span><br>
</blockquote>
</blockquote>
<blockquote type="cite">
<blockquote type="cite"><span></span><br>
</blockquote>
</blockquote>
<blockquote type="cite">
<blockquote type="cite"><span> </span><br>
</blockquote>
</blockquote>
<blockquote type="cite">
<blockquote type="cite"><span></span><br>
</blockquote>
</blockquote>
<blockquote type="cite">
<blockquote type="cite"><span> </span><br>
</blockquote>
</blockquote>
<blockquote type="cite">
<blockquote type="cite"><span></span><br>
</blockquote>
</blockquote>
<blockquote type="cite">
<blockquote type="cite"><span> </span><br>
</blockquote>
</blockquote>
<blockquote type="cite">
<blockquote type="cite"><span></span><br>
</blockquote>
</blockquote>
<blockquote type="cite">
<blockquote type="cite"><span>El 14/5/19 17:46, "Marc Blanchet" <<a href="mailto:ipv6-ops-bounces+jordi.palet=consulintel.es@lists.cluenet.de">ipv6-ops-bounces+jordi.palet=consulintel.es@lists.cluenet.de</a> <<a href="mailto:ipv6-ops-bounces+jordi.palet=consulintel.es@lists.cluenet.de">mailto:ipv6-ops-bounces+jordi.palet=consulintel.es@lists.cluenet.de</a>>
en nombre de <a href="mailto:marc.blanchet@viagenie.ca">marc.blanchet@viagenie.ca</a> <<a href="mailto:marc.blanchet@viagenie.ca">mailto:marc.blanchet@viagenie.ca</a>>> escribió:</span><br>
</blockquote>
</blockquote>
<blockquote type="cite">
<blockquote type="cite"><span></span><br>
</blockquote>
</blockquote>
<blockquote type="cite">
<blockquote type="cite"><span> </span><br>
</blockquote>
</blockquote>
<blockquote type="cite">
<blockquote type="cite"><span></span><br>
</blockquote>
</blockquote>
<blockquote type="cite">
<blockquote type="cite"><span>6to4 has been a good transition technology to help deploy IPv6 in the early days. However, it has intrinsically bad latency issues as its routing is based on the underlying IPv4, which can be pretty bad for non 6to4 destinations
(e.g. normal IPv6 addresses). Moreover, its IPv6 in IPv4 tunnelling technology is likely to be filtered by various intermediate devices in the path. My take is that we shall declare 6to4 over and dead, thank you very much for your service. So I would suggest
to filter it. If not, users may get latency issues that will go into support calls unncessarily.</span><br>
</blockquote>
</blockquote>
<blockquote type="cite">
<blockquote type="cite"><span></span><br>
</blockquote>
</blockquote>
<blockquote type="cite">
<blockquote type="cite"><span>Marc.</span><br>
</blockquote>
</blockquote>
<blockquote type="cite">
<blockquote type="cite"><span></span><br>
</blockquote>
</blockquote>
<blockquote type="cite">
<blockquote type="cite"><span>On 14 May 2019, at 11:24, Amos Rosenboim wrote:</span><br>
</blockquote>
</blockquote>
<blockquote type="cite">
<blockquote type="cite"><span></span><br>
</blockquote>
</blockquote>
<blockquote type="cite">
<blockquote type="cite"><span> Hello,</span><br>
</blockquote>
</blockquote>
<blockquote type="cite">
<blockquote type="cite"><span></span><br>
</blockquote>
</blockquote>
<blockquote type="cite">
<blockquote type="cite"><span> </span><br>
</blockquote>
</blockquote>
<blockquote type="cite">
<blockquote type="cite"><span></span><br>
</blockquote>
</blockquote>
<blockquote type="cite">
<blockquote type="cite"><span> </span><br>
</blockquote>
</blockquote>
<blockquote type="cite">
<blockquote type="cite"><span></span><br>
</blockquote>
</blockquote>
<blockquote type="cite">
<blockquote type="cite"><span> As we are trying to tighten the security for IPv6 traffic in our network, I was looking for a reference IPv6 ingress filter.</span><br>
</blockquote>
</blockquote>
<blockquote type="cite">
<blockquote type="cite"><span></span><br>
</blockquote>
</blockquote>
<blockquote type="cite">
<blockquote type="cite"><span> I came up with Job Snijders suggestion (thank you Job) that can be conveniently found at whois -h
<a href="http://whois.ripe.net">whois.ripe.net</a> <<a href="http://whois.ripe.net">http://whois.ripe.net</a>> fltr-martian-v6</span><br>
</blockquote>
</blockquote>
<blockquote type="cite">
<blockquote type="cite"><span></span><br>
</blockquote>
</blockquote>
<blockquote type="cite">
<blockquote type="cite"><span> </span><br>
</blockquote>
</blockquote>
<blockquote type="cite">
<blockquote type="cite"><span></span><br>
</blockquote>
</blockquote>
<blockquote type="cite">
<blockquote type="cite"><span> After applying the filter I noticed some traffic from 6to4 addresses (2002::/16) to our native IPv6 prefixes (residential users in this case).</span><br>
</blockquote>
</blockquote>
<blockquote type="cite">
<blockquote type="cite"><span></span><br>
</blockquote>
</blockquote>
<blockquote type="cite">
<blockquote type="cite"><span> The traffic is a mix of both UDP and TCP but all on high port numbers on both destination and source.</span><br>
</blockquote>
</blockquote>
<blockquote type="cite">
<blockquote type="cite"><span></span><br>
</blockquote>
</blockquote>
<blockquote type="cite">
<blockquote type="cite"><span> It seems to me like some P2P traffic, but I really can’t tell.</span><br>
</blockquote>
</blockquote>
<blockquote type="cite">
<blockquote type="cite"><span></span><br>
</blockquote>
</blockquote>
<blockquote type="cite">
<blockquote type="cite"><span> </span><br>
</blockquote>
</blockquote>
<blockquote type="cite">
<blockquote type="cite"><span></span><br>
</blockquote>
</blockquote>
<blockquote type="cite">
<blockquote type="cite"><span> This got me thinking, why should we filter these addresses at all ?</span><br>
</blockquote>
</blockquote>
<blockquote type="cite">
<blockquote type="cite"><span></span><br>
</blockquote>
</blockquote>
<blockquote type="cite">
<blockquote type="cite"><span> I know 6to4 is mostly dead, but is it inherently bad ?</span><br>
</blockquote>
</blockquote>
<blockquote type="cite">
<blockquote type="cite"><span></span><br>
</blockquote>
</blockquote>
<blockquote type="cite">
<blockquote type="cite"><span> </span><br>
</blockquote>
</blockquote>
<blockquote type="cite">
<blockquote type="cite"><span></span><br>
</blockquote>
</blockquote>
<blockquote type="cite">
<blockquote type="cite"><span> And if so, why is the prefix (2002::/16) still being routed ?</span><br>
</blockquote>
</blockquote>
<blockquote type="cite">
<blockquote type="cite"><span></span><br>
</blockquote>
</blockquote>
<blockquote type="cite">
<blockquote type="cite"><span> </span><br>
</blockquote>
</blockquote>
<blockquote type="cite">
<blockquote type="cite"><span></span><br>
</blockquote>
</blockquote>
<blockquote type="cite">
<blockquote type="cite"><span> Thanks,</span><br>
</blockquote>
</blockquote>
<blockquote type="cite">
<blockquote type="cite"><span></span><br>
</blockquote>
</blockquote>
<blockquote type="cite">
<blockquote type="cite"><span> </span><br>
</blockquote>
</blockquote>
<blockquote type="cite">
<blockquote type="cite"><span></span><br>
</blockquote>
</blockquote>
<blockquote type="cite">
<blockquote type="cite"><span> Amos Rosenboim</span><br>
</blockquote>
</blockquote>
<blockquote type="cite">
<blockquote type="cite"><span></span><br>
</blockquote>
</blockquote>
<blockquote type="cite">
<blockquote type="cite"><span> -- </span><br>
</blockquote>
</blockquote>
<blockquote type="cite">
<blockquote type="cite"><span></span><br>
</blockquote>
</blockquote>
<blockquote type="cite">
<blockquote type="cite"><span> </span><br>
</blockquote>
</blockquote>
<blockquote type="cite">
<blockquote type="cite"><span></span><br>
</blockquote>
</blockquote>
<blockquote type="cite">
<blockquote type="cite"><span></span><br>
</blockquote>
</blockquote>
<blockquote type="cite">
<blockquote type="cite"><span>**********************************************</span><br>
</blockquote>
</blockquote>
<blockquote type="cite">
<blockquote type="cite"><span>IPv4 is over</span><br>
</blockquote>
</blockquote>
<blockquote type="cite">
<blockquote type="cite"><span>Are you ready for the new Internet ?</span><br>
</blockquote>
</blockquote>
<blockquote type="cite">
<blockquote type="cite"><span><a href="http://www.theipv6company.com">http://www.theipv6company.com</a></span><br>
</blockquote>
</blockquote>
<blockquote type="cite">
<blockquote type="cite"><span>The IPv6 Company</span><br>
</blockquote>
</blockquote>
<blockquote type="cite">
<blockquote type="cite"><span></span><br>
</blockquote>
</blockquote>
<blockquote type="cite">
<blockquote type="cite"><span>This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying,
distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution
or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.</span><br>
</blockquote>
</blockquote>
<blockquote type="cite">
<blockquote type="cite"><span></span><br>
</blockquote>
</blockquote>
<span></span><br>
</div>
</blockquote>
</body>
</html>