[Docs] [txt|pdf] [Tracker] [Email] [Diff1] [Diff2] [Nits]

Versions: 00 01 draft-ietf-v6ops-6to4-to-historic

v6ops WG                                                        O. Troan
Internet-Draft                                           G. Van de Velde
Obsoletes: 3056 (if approved)                                      Cisco
Intended status: Standards Track                          March 10, 2011
Expires: September 11, 2011


  Request to move Connection of IPv6 Domains via IPv4 Clouds (6to4) to
                            Historic status
               draft-troan-v6ops-6to4-to-historic-01.txt

Abstract

   Experience with the "Connection of IPv6 Domains via IPv4 Clouds
   (6to4)" IPv6 transitioning mechanism has shown that the mechanism is
   unsuitable for widespread deployment and use in the Internet.  This
   document requests that RFC3056 and the companion document "An Anycast
   Prefix for 6to4 Relay Routers" RFC3068 are moved to historic status.

Status of this Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on September 11, 2011.

Copyright Notice

   Copyright (c) 2011 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of



Troan & Van de Velde   Expires September 11, 2011               [Page 1]


Internet-Draft           6to4 to Historic status              March 2011


   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.


1.  Introduction

   The IPv6 transitioning mechanism "Connection of IPv6 Domains via IPv4
   Clouds (6to4) described in [RFC3056] and the extension in "An Anycast
   Prefix for 6to4 Relay Routers" RFC3068 [RFC3068] have been shown to
   have severe practical problems being used in the Internet.  This
   document requests that RFC3056 and RFC3068 be moved to Historic
   status as defined in section 4.2.4 [RFC2026].

   See also the document Non-Managed IPv6 Tunnels considered Harmful
   [I-D.vandevelde-v6ops-harmful-tunnels] for details.

   [I-D.kuarsingh-v6ops-6to4-provider-managed-tunnel] are proposing a
   mechanism using IPv6 NAT to solve the 6to4 reverse path problem.

   [I-D.carpenter-v6ops-6to4-teredo-advisory] are proposing a set of
   suggestions to improve 6to4 reliability.

   Declaring the mechanism historic is not expected to have immediate
   product implications.  The IETF sees no evolutionary future for the
   mechanism and it is not recommended to include this mechanism in new
   implementations.


2.  Conventions

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in RFC 2119 [RFC2119].


3.  6to4 operational problems

   6to4 is a mechanism designed to allow isolated IPv6 islands to reach
   each other using IPv6 over IPv4 automatic tunneling.  To reach the
   native IPv6 Internet the mechanism uses relay routers both in the
   forward and reverse direction.  The mechanism is supported in many
   IPv6 implementations.  With the increased deployment of IPv6, the
   mechanism has been shown to have a number of fundamental
   shortcomings.

   6to4 depends on relays both in the forward and reverse direction to
   enable connectivity with the native IPv6 Internet.  A 6to4 node will
   send IPv4 encapsulated IPv6 traffic to a 6to4 relay, that is



Troan & Van de Velde   Expires September 11, 2011               [Page 2]


Internet-Draft           6to4 to Historic status              March 2011


   connected both to the 6to4 cloud and to native IPv6.  In the reverse
   direction a 2002::/16 route is injected into the native IPv6 routing
   domain to attract traffic from native IPv6 nodes to a 6to4 relay
   router.  It is expected that traffic will use different relays in the
   forward and reverse direction.  RFC3068 adds an extension that allows
   the use of a well known IPv4 anycast address to reach the nearest
   6to4 relay in the forward direction.

   One model of 6to4 deployment as described in section 5.2, RFC3056,
   suggests that a 6to4 router should have a set of managed connections
   (read BGP peers) to a set of 6to4 relay routers.  While this makes
   the forward path more controlled, it does not help the reverse path.
   In any case this model has the same operational burden has manually
   configured tunnels and has seen no deployment in the public Internet.

   6to4 issues:
   o  Use of relays. 6to4 depends on the charity of an unknown third-
      party to operate the relays between the 6to4 cloud and the native
      IPv6 Internet.  With the use of mechanism specified in [RFC3068]
      in both directions, without it only in the reverse direction (from
      native to 6to4) [RFC3056].
   o  The placement of the relay can lead to increased latency, and in
      the case the relay is overloaded packet loss.
   o  There is generally no customer relationship or even a way for the
      end-user to know who the relay operator is, so no support is
      possible.
   o  In case of the reverse path 6to4 relay and the anycast forward
      6to4 relay, these have to be open for any address.  Only limited
      by the scope of the routing advertisement. 6to4 relays can be used
      to anonymize traffic and inject attacks into IPv6 that are very
      difficult to trace.
   o  6to4 has no specified mechanism to handle the case where the
      protocol (41) is blocked in intermediate firewalls.  It can not be
      expected that path MTU discovery across the Internet works
      reliably; ICMP messages may be blocked and in any case an IPv4
      ICMP message rarely has enough of the original packet in it to be
      useful to proxy back to the IPv6 sender.
   o  As 6to4 tunnels across the Internet, the IPv4 addresses used must
      be globally reachable.  RFC3056 states that a private address
      [RFC1918] MUST NOT be used. 6to4 will not work in networks that
      employ addresses with limited topological span.


4.  Recommendations for 6to4 Relay Operators

   See [I-D.carpenter-v6ops-6to4-teredo-advisory].





Troan & Van de Velde   Expires September 11, 2011               [Page 3]


Internet-Draft           6to4 to Historic status              March 2011


5.  Recommendations for implementors

   If the implementation continues to support 6to4, then the 6to4
   functionality MUST NOT be enabled by default.

   If the implementation continues to support 6to4, then the Source
   Address Selection algorithm [RFC3484] MUST use a 6to4 address as a
   last resort.  I.e. only use it the node has no other means of IPv6
   connectivity and the destination is IPv6 only.


6.  IANA Considerations

   This specification does not require any IANA actions.


7.  Security Considerations

   There are no new security considerations pertaining to this document.
   General security issues with tunnels are listed in
   [I-D.ietf-v6ops-tunnel-security-concerns] and more specifically to
   6to4 in [I-D.ietf-v6ops-tunnel-loops] and
   [I-D.vandevelde-v6ops-harmful-tunnels].


8.  Acknowledgements

   The authors would like to acknowledge Fred Baker, Jack Bates, Cameron
   Byrne, Brian Carpenter, Gert Doering, Joel Jaeggli, Jason Livingood,
   Keith Moore, Daniel Roesen and Mark Townsley, for their contributions
   and discussions on this topic.


9.  References

9.1.  Normative References

   [RFC1918]  Rekhter, Y., Moskowitz, R., Karrenberg, D., Groot, G., and
              E. Lear, "Address Allocation for Private Internets",
              BCP 5, RFC 1918, February 1996.

   [RFC2026]  Bradner, S., "The Internet Standards Process -- Revision
              3", BCP 9, RFC 2026, October 1996.

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119, March 1997.

   [RFC3056]  Carpenter, B. and K. Moore, "Connection of IPv6 Domains



Troan & Van de Velde   Expires September 11, 2011               [Page 4]


Internet-Draft           6to4 to Historic status              March 2011


              via IPv4 Clouds", RFC 3056, February 2001.

   [RFC3068]  Huitema, C., "An Anycast Prefix for 6to4 Relay Routers",
              RFC 3068, June 2001.

   [RFC3484]  Draves, R., "Default Address Selection for Internet
              Protocol version 6 (IPv6)", RFC 3484, February 2003.

9.2.  Informative References

   [I-D.carpenter-v6ops-6to4-teredo-advisory]
              Carpenter, B., "Advisory Guidelines for 6to4 Deployment",
              draft-carpenter-v6ops-6to4-teredo-advisory-02 (work in
              progress), February 2011.

   [I-D.ietf-v6ops-tunnel-loops]
              Nakibly, G. and F. Templin, "Routing Loop Attack using
              IPv6 Automatic Tunnels: Problem Statement and Proposed
              Mitigations", draft-ietf-v6ops-tunnel-loops-04 (work in
              progress), March 2011.

   [I-D.ietf-v6ops-tunnel-security-concerns]
              Krishnan, S., Thaler, D., and J. Hoagland, "Security
              Concerns With IP Tunneling",
              draft-ietf-v6ops-tunnel-security-concerns-04 (work in
              progress), October 2010.

   [I-D.kuarsingh-v6ops-6to4-provider-managed-tunnel]
              Kuarsingh, V., Lee, Y., and O. Vautrin, "6to4 Provider
              Managed Tunnels",
              draft-kuarsingh-v6ops-6to4-provider-managed-tunnel-01
              (work in progress), February 2011.

   [I-D.vandevelde-v6ops-harmful-tunnels]
              Velde, G., Troan, O., and T. Chown, "Non-Managed IPv6
              Tunnels considered Harmful",
              draft-vandevelde-v6ops-harmful-tunnels-01 (work in
              progress), August 2010.













Troan & Van de Velde   Expires September 11, 2011               [Page 5]


Internet-Draft           6to4 to Historic status              March 2011


Authors' Addresses

   Ole Troan
   Cisco
   Oslo,
   Norway

   Email: ot@cisco.com


   Gunter Van de Velde
   Cisco
   De Kleetlaan 6a
   Diegem  1831
   Belgium

   Phone: +32 2704 5473
   Email: gvandeve@cisco.com

































Troan & Van de Velde   Expires September 11, 2011               [Page 6]


Html markup produced by rfcmarkup 1.129c, available from https://tools.ietf.org/tools/rfcmarkup/