[6bone] 6bone-mess-01.txt
Tim Chown
tjc@ecs.soton.ac.uk
Sun, 17 Nov 2002 20:44:47 +0000
> Comments, please.
>
> (Anyone with more than 5 peers with transit should feel the sting of guilt
> now. :-)
Some comments on -01.txt. I think the dcoument as is makes the point well.
All we need are some agreed answers :) I notice for example that from the
IETF here my IPv6 RTT to home (UK) is 400ms, as opposed to 100ms via IPv4.
(This is not a US-Europe thing per se as the Abilene-Europe link has near
identical RTT due to use of dual-stack links following a very similar path,
and no "errant" tunnels)
- Comments:
Currently, IPv6 Internet is, globally considered, inseparable from
the 6bone network. The 6bone has been built as a tighly meshed
tunneled topology. As the number of participants has grown, it has
become an untangible mess, hindering the real deployment of IPv6 due
to low quality of connections. This memo discusses the nature and
- The key problem is that many users wish to use IPv6 for daily, production
- use, and this is not possible due to the way 6bone prefixes are advertised
- and transit is too often given.
- We should also point out now that SubTLAs are easier to get in the 2001:
- space, we risk the 6boneisation of the so-called "production" IPv6 space.
- We could also argue that there is less genuine demand for 6bone pTLAs; indeed
- new SubTLA owners no longer require 6bone experience as a precondition for
- that allocation(?)
1. Introduction
Currently, IPv6 Internet is, globally considered, inseparable from
the 6bone network. The 6bone has been built as a tighly meshed
tunneled topology. As the number of participants has grown, it has
become an untangible mess, hindering the real deployment of IPv6 due
to low quality of connections.
- I think "low quality" doesn't perhaps state the problem strongly enough.
- perhaps mention the lack of stability and predictablity, hampering the use
- of IPv6 by *any* users, whether on a 6bone or production prefix site, on
- a day-to-day basis.
This memo tries to outline some ways to gain better connectivity for
the future IPv6 Internet. This can be done by increasing the quality
of 6bone (in some applicable parts) and moving the 6bone network to
- Indeed applying the principles that make the current IPv4 Internet usable
- on a day-to-day basis.
It should be noted that as addressing and routing are quite
independent, the same problems also exist, in addition to 6bone-
allocated pTLA's, with RIR-allocated "sTLA" addresses too. It can
often be assumed, though, that those organizations are at least
slightly more knowledgeable and serious than an average pTLA holder,
due to the process it takes to get an sTLA if you're not an
equivalent of Local Internet Registry (LIR). Nevertheless, these are
considered as one category.
- Yes, the slacker SubTLA rules now make this a concern.
This is the root cause why 6bone network is a mess: as there is no
hierarchy, most sites try to gain good connectivity by creating
tighter mesh to other pTLA/sTLA's: increase the number of virtual
peers by creating tunnels.
- And in many cases these tunnels are not optimal, instead often spanning
- a large number of IPv4 hops, with some pTLA owners collecting peerings as
- if they were "trophies". You might expect a typical pTLA to have 5-10
- peerings, in many cases pTLAs have many times this, coupled with lack of
- controls on transit.
Using IPv6-in-IPv4 tunneling is also not so bad in itself, if used
properly; for example, tunneling over resilient IPv4 connectivity
within one AS could be seen as highly advantageous to using
dedicatede circuits for IPv6 under some circumstances. However, the
problem is that tunneling hides the natural, underlying topology: a
link may actually consist of many hops, going through many different
administrative and technical entities. As such, it becomes very
difficult to debug and notice the real problems when using "long"
tunnels. Tunneling can also be used to gain connectivity in the
absence of native IPv6; as long as one does not provide transit
through such "long tunnels", you can only shoot yourself in the foot.
- Indeed, it is the transit that causes the problem.
Full transit, especially in conjunction with points above is the
worst problem: there are no longer useful metrics to choose best
paths (as AS-path length, the most imporant global metric in BGP path
selection, becomes next to useless), and the network topology gets
extremely complicated and unstable. Some metric can naturally be
assigned locally, with usually significant effort, but these are
indeed often only locally useful.
- Witness the resulting mess of paths that cross the atlantic two or even four
- times between sites on the same continent.
4. Coping with the Administrative Problems
Some of the problems are more of an administrative nature. It is
clearly visible that under current pTLA assignment policy
[6BROUTING], there are many organizations which are not significant-
enough ISP's, transits or such but are still getting pTLA's. This is
a double-edged sword: in the absence of IPv6 support by their
upstreams, it could be argued it's good that at least someone will do
something about IPv6 (note, extending this argument, they should also
provide the same services as their ISP would -- ie. not only reap the
benefits but also take up the responsibilities); on the other hand,
these organizations usually have neither skills, equipment nor
customers to understand the operational aspects of being part of a
world-wide network, and are the ones worst burdening the 6bone.
- I think the number of providers is now growing in most regions to the extent
- that this is not the case in the same way as it was 2-3 years ago.
Therefore, as one step, the requirements for a pTLA should be made
stricter by revising [6BROUTING]; the revised edition should also
take more stance on what kind of organization would be eligible for
an allocation (a difficult thing to define precisely, to be sure).
- Agreed 100%, and this is now happening as a result of a recent pTLA case.
Another thing to consider would be whether pTLA allocations could be
revoked from "irresponsible" operators (even more difficult thing to
define as before), possibly as a consequence to not conforming to
possible new guidelines for pTLA's. This might eliminate some
specific problematic operators, but it might be that then the focus
would just shift to the others; in general, removing existing
allocations is a very harsh measure and it is unprobable that it
could be done except for special reasons.
- There should be some way for pTLAs to be reviewed or revoked. But in theory
- filters could also be applied - someone has to offer connectivity for the
- "rogues" to be a problem; the "blockade" method you describe below is also
- interesting for this.
5. Coping with the Connectivity Problems
There are a few main approaches to the connectivity problems
described above:
1. Wait until a significant number of transit providers support
IPv6 and only try to get anything stable then
- I think the path being pursued by the research networks (academic) is to
- look at policies, inparticular through use of community tagging, to establish
- a stable intrastructure between those networks (in Europe, the US and beyond).
- That stability is a prerequisite to using IPv6 applications (e.g. international
- conferencing) with confidence that the applications will run as desired.
Also, this leads to waiting. As it is, IPv6 connections around the
world are, generally speaking, very poor. It is irresponsible to
turn on IPv6 by default on e.g. operating systems, as that would only
lead to a lower quality for the user: for example, if a website is
IPv4/6 dual-stack, trying to use IPv6 by default is often much
slower, and should be avoided until the network is in a reasonably
good shape.
- Well, it's deeper than that, if people go dual stack on web servers, and
- advertise AAAA's, and the browsers (as is I think universally the default)
- try AAAA's before A's, there will be delays for users where the IPv6
- connectivity is broken. As you say, turning on IPv6 on the "clients" is
- currently a "brave" step for site administrators, and only likely to cause
- pain.
5.2. Adjust BGP Path Selection or Route Visibility
Some might even suggest BGP specification modifications (e.g. taking
a lower layer end-to-end latency into account), but those are
definitely considered out of scope: only operational measures are
discussed.
- Some level of network monitoring can give clues to at least perhaps tune
- general BGP/filter policies. Indeed most 6bone-related problems are only
- spotted by user traceroutes in practice right now.
MED is next to useless in itself: with "always-compare-med" -like
option, it can be used to influence the path from between two routes
of equally long AS-path -- but the path length was deemed a next-to-
useless metric in 6bone, so this might only help if AS-paths are very
short, e.g. 1 or 2 AS's.
- I suppose that the IPv6 BGP would like to know the number of hops in the
- underlying IPv4 tunnel, if a plain hop metric is being used, as a 2-hop
- AS path may indeed pass through many more IPv4 AS's due to tunnels.
5.2.1. Example of Route Visibility Control
In addition to the implemented example of 6NET communities, see
below, one could sketch additional ones, like often used in IPv4.
Some possibilities are show below.
- 6NET is introduced rather suddenly here?
(Note that there are several vendor-specific problems with no-export
communities, see Appendix A for more information.) There are many
possibilities; these are indeed just examples. It is not the purpose
of this memo to try to standardize (requiring IANA action) "well-
known" communities; but either to give ideas what could be
implemented in a non-global scope, e.g. regionally or locally, or
come up with simple "if you don't know what to do, you can do this"
-rules.
- Well, common meaning of the values would be nice, to be able to look at
- other policies and understand them more readily. But I think that is as
- "standardised" as much as DSCP 8 is standardised for Scavenger/LBE.
It should also be noted that this kind of fine-grained policing could
prove to be very useful in traditional 6bone routing context -- but
that is what we try to escape: simplicity is very rarely gained by
adding more complexity.
- True.
6.1. Guidelines for End-sites
End-sites, usually obtaining a /48 assignment, do not really need to
do much, as their possibilities in affecting 6bone routing are, by
design, limited (common prefix filters do not allow them to advertise
their specific routes).
- Assuming those filters are in place! Many sites use 6bone and SubTLA
- space combined to try out multihoming, which is one reason why "Old" pTLAs
- don't get handed back.
The most important things for the end-sites are to:
1. Ask their local ISP(s), both marketing and technical people,
for IPv6 if they do not yet provide service: ISP(s) will not
usually react unless there is an observed demand, and this will
help in making production networks closer to reality.
- NOte that tunnel brokers and 6to4 can reduce this demand, as users and sites
- can connect and not knock on their admin or upstream ISP door, so long as
- Protocol 41 is allowed.
3. Due to designed restrictions regarding advertising more
specific routes, usually obtaining two connections doesn't
really help much and may cause problems if the ISP(s) implement
ingress filtering. It's better to just use one for simplicity
unless there are special reasons to do otherwise.
- Multihoming experiments?
Therefore the benefit (for the whole Internet) of having such an
organization establish peering relations with others all over the
world, just for itself and the customers, is small.
These kinds of organizations must seek transit providers to create
hierarchy: when there is enough hierarchy, the branch can be
considered globally significant. The most natural action would be to
find these from the IPv4 upstreams, but that may not always be
possible. If not, as above, it's always good to try to underline
that IPv6 transit service is something that's needed. There are some
organizations in the community which are often willing to perform
transit free of charge, though, too.
- Agreed 100% - this single recommendation is perhaps key.
2. Disbanding especially "long tunnels", in particular if these
include providing transit. If they cannot be removed, some
extra measures like AS-path prepending (outlined in sections
above) should be implemented.
- Some spring to mind, but best left unnamed here :)
6.3. Guidelines for Transit sTLA/pTLA's
"Real" transit-providing organizations should consider whether they
could provide limited transit to other organizations too, at least
initially. For example, research organizations could be able to
provide research-to-commercial and commercial-to-research transit for
others too, but fully commercial might be unacceptable due to higher-
level policies.
- Yes, this may be a bit of a mire. But it is very hard for anyone to offer
- commercial IPv6 services with the current 6bone-ness situation.
To re-iterate, especially when providing transit for others, care
must be observed so that it is done in a controlled fashion. Transit
networks are in the key position when applying and forcing proper
policies on 6bone: working together, they might be able for force
some of the more "irresponsible" pTLA/sTA's to act in a more sensible
manner: together they might have much more power in the arm-wrestling
match against the 6bone routing mess.
- The second key recommendation, I think.
The scheme can be extended to other networks too: to add proper
certain communities and preferences to routes learned through other
networks (like commercial transits, other research networks, etc.)
and that way the benefits of good, native connections can be more
widely realized. Perhaps then commercial pTLA's/sTLA's would need a
lot smaller number of tunnels and transit services (at least to
research organizations).
- This is happening at the moment, bringing in other academic/research networks
- such as Abilene.
Something similar could be done in other networks too. The key is to
build something that prefers local (hopefully native, but short
tunnels are also okay) connections and disallows any uncontrolled
transit.
- Key recommendation #3 :)
So, the role should change from addressing and routing to only (or
mainly) addressing.
A good question is where these stub/non-transiting sites/pTLA's would
get transit from -- who would offer them that. There must be
solution for this if this path is to be adopted.
One solution would be getting that from one of their ISP's (or their
ISPs' upstreams), or secondarily, from some willing third parties.
In some cases this may not be possible though.
Ideas for the ways to proceed would be appreciated.
- I think that sites that already have IPv4 transit need to look for IPv6 transit
- from the same supplier. This is easier in the research network case, where
- for example in 6NET the universities go to their NRENs, who in turn will look
- to 6NET (or GEANT) for transit, or who will have existing peering agreements
- with international links (e.g. to the USA). I don't see that IPv6 would demand
- any different structure to the connectivity - do we really foresee that new
- carriers will emerge for IPv6 traffic, or that (much more likely) existing
- carriers will offer (dual-stack) IPv6?
tim