[6bone] Getting ISPs to use IPv6

Michael Richardson mcr@sandelman.ottawa.on.ca
Mon, 03 Mar 2003 13:34:14 -0500


-----BEGIN PGP SIGNED MESSAGE-----


So, there are two ways to get /48s that you can use.

1) from places like freenet6 or xs6.
2) via 6to4.

The problem with freenet6-type things is that they depend upon tunnels
to places that aren't necessarily that well connected. xs6 is much better,
but not perfect.

But, you can't advertise 6to4 addresses to the DFZ. You could do so
via private peering arrangements, but the peer could as easily configure
a 6to4 interface, and you wouldn't need to IPv6 peer at all.

The problem with 6to4 is ironic - traffic to any other 6to4 peer is very
efficient - following the IPv4 routing table. The problem is that 6bone
is SO POORLY CONNECTED from the 6to4 user's point of view.  

A lot of purists want to run IPv6 natively, and don't seem to care about
connecting to actual end users... result, no traffic on the native backbone.

So, we need more sites people on the 6bone that have local 6to4
encapsulators, and we need more 6to4 relays out there so that the 6to4 end
users can get things done efficiently. The question is how, given that many
ISPs are not interested in IPv6 at all yet.

I was thinking of putting together a machine for a local IX that would
advertise the 6to4 anycast address. The issue is what do you do with the
resulting IPv6 packets?  You have to get IPv6 transit from somewhere.
In some cases, it may well be available for low cost. Not at our IX.

My idea was to have such a box form a series of static tunnels to 
various friendly IPv6 sites. Here is the key - when sending the packet
back out, one should look at the MAC address that it arrived from. Since this
is the ISP that sent the packet, send a new packet out via that MAC address
that is the encapsulated packet to the 6bone.

The effect here is that route used for the packets from ISP A is back out
ISP A. Since the original packet is presumeably from a customer of ISP A,
ISP A shouldn't have a problem with paying to transit the resulting
packet. (And if they do, then one doesn't accept packets from them)

I can see this as being even more important for Teredo.
What do you think? 

]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Finger me for keys

iQCVAwUBPmOgIoqHRg3pndX9AQGiawP8CSclFfs8tiGIT3EEEUzPO6qj8t5uu6S1
x+W5lC7KA68u/Rby2WEPJK+r31jS/5kPznNXguXVIPd08RxkFxT+oWccYamE7/zr
0uotp60dJBEEesc6aCBzz/Hb/nbNn+Ph2CBL9ceoSmcfKgP8q5UGleKEyOdz6bKI
JgYpUpArdVM=
=mlJC
-----END PGP SIGNATURE-----