Best practice for running 6to4 relays (was Re: 6to4 borkeness)
Kevin Day
kevin at your.org
Wed Mar 19 23:52:11 CET 2008
On Mar 19, 2008, at 4:58 PM, Bernhard Schmidt wrote:
>
> a) it is still worth a discussion whether 6to4 relays should source
> IPv4 packets from 192.88.99.1 (pro: does not break with stateful
> firewalls) or some provider unicast address (pro: easier to track
> what 6to4 relay was used on the way back, anycast addresses should
> not be used as source for anything). I chose the latter, plus you
> can force your traffic to go through this gateway by using this
> address instead of 192.88.99.1 as default gw. If you want to source
> from 192.88.99.1, make that address the main address on Lo2002.
I get far more "YOUR RELAY IS BROKEN?!?!!!!!!!" emails if we use our
unicast address than if we use 192.88.99.1 as the source. Unfortunate
because of the loss of troubleshooting help, but I believe making it
work at all is more important. But, we accept 6to4 packets destined to
either address. If you configure a 6to4 client to use our unicast
address, the replies come back sourced from our unicast address.
While this doesn't help everyone, I am following the suggestion in RFC
3068:
> The AS path should also include an
> indication of the actual router providing the service; there is a
> suggestion to perform this function by documenting the router's
> equivalent IPv4 address in the BGP aggregator attribute of the path
>
As far as I can tell, nobody else is doing this though. Anyone know
why? Is it just because of the "should" in there, or is there a
technical reason other relays aren't doing this?
-- Kevin
More information about the ipv6-ops
mailing list