draft-ietf-v6ops-6to4-to-historic-01.txt   draft-ietf-v6ops-6to4-to-historic-02.txt 
v6ops WG O. Troan v6ops WG O. Troan
Internet-Draft Cisco Internet-Draft Cisco
Obsoletes: 3056, 3068 April 27, 2011 Obsoletes: 3056, 3068 May 2, 2011
(if approved) (if approved)
Intended status: Standards Track Intended status: Standards Track
Expires: October 29, 2011 Expires: November 3, 2011
Request to move Connection of IPv6 Domains via IPv4 Clouds (6to4) to Request to move Connection of IPv6 Domains via IPv4 Clouds (6to4) to
Historic status Historic status
draft-ietf-v6ops-6to4-to-historic-01.txt draft-ietf-v6ops-6to4-to-historic-02.txt
Abstract Abstract
Experience with the "Connection of IPv6 Domains via IPv4 Clouds Experience with the "Connection of IPv6 Domains via IPv4 Clouds
(6to4)" IPv6 transitioning mechanism has shown that the mechanism is (6to4)" IPv6 transitioning mechanism has shown that the mechanism is
unsuitable for widespread deployment and use in the Internet. This unsuitable for widespread deployment and use in the Internet. This
document requests that RFC3056 and the companion document "An Anycast document requests that RFC3056 and the companion document "An Anycast
Prefix for 6to4 Relay Routers" RFC3068 are moved to historic status. Prefix for 6to4 Relay Routers" RFC3068 are moved to historic status.
Status of this Memo Status of this Memo
skipping to change at page 1, line 37 skipping to change at page 1, line 37
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on October 29, 2011. This Internet-Draft will expire on November 3, 2011.
Copyright Notice Copyright Notice
Copyright (c) 2011 IETF Trust and the persons identified as the Copyright (c) 2011 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
1. Introduction 1. Introduction
The managed IPv6 transition mechanism "Connection of IPv6 Domains via There would appear to be no evidence of any substantial deployment of
IPv4 Clouds (6to4)" described in [RFC3056], referred to as "Router the variant of 6to4 described in [RFC3056]. Its extension specified
6to4" in [I-D.ietf-v6ops-6to4-advisory] has rarely if ever been in "An Anycast Prefix for 6to4 Relay Routers" [RFC3068] has been
deployed. Its extension "Anycast 6to4" specified in "An Anycast shown to have severe practical problems when used in the Internet.
Prefix for 6to4 Relay Routers" [RFC3068] has been shown to have This document requests that RFC3056 and RFC3068 be moved to Historic
severe practical problems when used in the Internet. This document status as defined in section 4.2.4 [RFC2026].
requests that RFC3056 and RFC3068 be moved to Historic status as
defined in section 4.2.4 [RFC2026].
6to4 was designed to help transitioning the Internet from IPv4 to 6to4 was designed to help transitioning the Internet from IPv4 to
IPv6. It has been a good mechanism for experimenting with IPv6, but IPv6. It has been a good mechanism for experimenting with IPv6, but
because of the high failure rates seen with 6to4 [HUSTON], end users because of the high failure rates seen with 6to4 [HUSTON], end users
are forced to disable IPv6 on hosts, and content providers are may end up disabling IPv6 on hosts, and content providers are
reluctant to make content available over IPv6. reluctant to make content available over IPv6.
[I-D.ietf-v6ops-6to4-advisory] analyses the known operational issues [I-D.ietf-v6ops-6to4-advisory] analyses the known operational issues
and describes a set of suggestions to improve 6to4 reliability, given and describes a set of suggestions to improve 6to4 reliability, given
the widespread presence of hosts and customer premises equipment that the widespread presence of hosts and customer premises equipment that
support it. support it.
The IETF sees no evolutionary future for the mechanism and it is not The IETF sees no evolutionary future for the mechanism and it is not
recommended to include this mechanism in new implementations. recommended to include this mechanism in new implementations.
skipping to change at page 3, line 30 skipping to change at page 3, line 28
6to4 relay in the forward direction. 6to4 relay in the forward direction.
One model of 6to4 deployment as described in section 5.2, RFC3056, One model of 6to4 deployment as described in section 5.2, RFC3056,
suggests that a 6to4 router should have a set of managed connections suggests that a 6to4 router should have a set of managed connections
(via BGP connections) to a set of 6to4 relay routers. While this (via BGP connections) to a set of 6to4 relay routers. While this
makes the forward path more controlled, it does not guarantee a makes the forward path more controlled, it does not guarantee a
functional reverse path. In any case this model has the same functional reverse path. In any case this model has the same
operational burden has manually configured tunnels and has seen no operational burden has manually configured tunnels and has seen no
deployment in the public Internet. deployment in the public Internet.
6to4 issues: List of some of the known issues with 6to4:
o Use of relays. 6to4 depends on an unknown third- party to operate o Use of relays. 6to4 depends on an unknown third- party to operate
the relays between the 6to4 cloud and the native IPv6 Internet. the relays between the 6to4 cloud and the native IPv6 Internet.
o The placement of the relay can lead to increased latency, and in o The placement of the relay can lead to increased latency, and in
the case the relay is overloaded packet loss. the case the relay is overloaded packet loss.
o There is generally no customer relationship or even a way for the o There is generally no customer relationship or even a way for the
end-user to know who the relay operator is, so no support is end-user to know who the relay operator is, so no support is
possible. possible.
o In case of the reverse path 6to4 relay and the anycast forward o In case of the reverse path 6to4 relay and the anycast forward
6to4 relay, these have to be open for any address. Only limited 6to4 relay, these have to be open for any address. Only limited
by the scope of the routing advertisement. 6to4 relays can be used by the scope of the routing advertisement. 6to4 relays can be used
to anonymize traffic and inject attacks into IPv6 that are very to anonymize traffic and inject attacks into IPv6 that are very
difficult to trace. difficult to trace.
o 6to4 has no specified mechanism to handle the case where the o 6to4 may black hole traffic in the case where protocol (41) is
protocol (41) is blocked in intermediate firewalls. It can not be blocked in intermediate firewalls. Even if a firewall sent an
expected that path MTU discovery across the Internet works ICMP message unreachable back, an IPv4 ICMP message rarely
reliably; ICMP messages may be blocked and in any case an IPv4 contains enough of the original IPv6 packet so that it can be
ICMP message rarely has enough of the original packet in it to be relayed back to the IPv6 sender. That makes this problem hard to
useful to proxy back to the IPv6 sender. detect and react upon by the sender of the packet.
o As 6to4 tunnels across the Internet, the IPv4 addresses used must o As 6to4 tunnels across the Internet, the IPv4 addresses used must
be globally reachable. RFC3056 states that a private address be globally reachable. RFC3056 states that a private address
[RFC1918] MUST NOT be used. 6to4 will not work in networks that [RFC1918] MUST NOT be used. 6to4 will not work in networks that
employ other addresses with limited topological span. employ other addresses with limited topological span.
4. Deprecation 4. Deprecation
This document formally deprecates the 6to4 transition mechanism and This document formally deprecates the 6to4 transition mechanism and
the IPv6 6to4 prefix defined in [RFC3056], i.e., 2002::/16. The the IPv6 6to4 prefix defined in [RFC3056], i.e., 2002::/16. The
prefix MUST NOT be reassigned for other use except by a future IETF prefix MUST NOT be reassigned for other use except by a future IETF
skipping to change at page 5, line 25 skipping to change at page 5, line 18
6. Security Considerations 6. Security Considerations
There are no new security considerations pertaining to this document. There are no new security considerations pertaining to this document.
General security issues with tunnels are listed in General security issues with tunnels are listed in
[I-D.ietf-v6ops-tunnel-security-concerns] and more specifically to [I-D.ietf-v6ops-tunnel-security-concerns] and more specifically to
6to4 in [RFC3964] and [I-D.ietf-v6ops-tunnel-loops]. 6to4 in [RFC3964] and [I-D.ietf-v6ops-tunnel-loops].
7. Acknowledgements 7. Acknowledgements
The authors would like to acknowledge Jack Bates, Cameron Byrne, Gert The authors would like to acknowledge Tore Anderson, Dmitry Anipko,
Doering, Joel Jaeggli, Kurt Erik Lindqvist, Jason Livingood, Keith Jack Bates, Cameron Byrne, Gert Doering, Ray Hunter, Joel Jaeggli,
Moore, Daniel Roesen and Mark Townsley, for their contributions and Kurt Erik Lindqvist, Jason Livingood, Keith Moore, Tom Petch, Daniel
Roesen and Mark Townsley, James Woodyatt, for their contributions and
discussions on this topic. discussions on this topic.
Special thanks go to Fred Baker, Geoff Huston, Brian Carpenter, and Special thanks go to Fred Baker, Geoff Huston, Brian Carpenter, and
Wes George for their significant contributions. Wes George for their significant contributions.
Many thanks to Gunter Van de Velde for documenting the harm caused by Many thanks to Gunter Van de Velde for documenting the harm caused by
non-managed tunnels and to stimulate the creation of this document. non-managed tunnels and to stimulate the creation of this document.
8. References 8. References
8.1. Normative References 8.1. Normative References
[I-D.ietf-6man-rfc3484-revise]
Matsumoto, A., Kato, J., and T. Fujisaki, "Update to RFC
3484 Default Address Selection for IPv6",
draft-ietf-6man-rfc3484-revise-02 (work in progress),
March 2011.
[I-D.ietf-v6ops-6to4-advisory]
Carpenter, B., "Advisory Guidelines for 6to4 Deployment",
draft-ietf-v6ops-6to4-advisory-01 (work in progress),
April 2011.
[RFC2026] Bradner, S., "The Internet Standards Process -- Revision [RFC2026] Bradner, S., "The Internet Standards Process -- Revision
3", BCP 9, RFC 2026, October 1996. 3", BCP 9, RFC 2026, October 1996.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC3056] Carpenter, B. and K. Moore, "Connection of IPv6 Domains [RFC3056] Carpenter, B. and K. Moore, "Connection of IPv6 Domains
via IPv4 Clouds", RFC 3056, February 2001. via IPv4 Clouds", RFC 3056, February 2001.
[RFC3068] Huitema, C., "An Anycast Prefix for 6to4 Relay Routers", [RFC3068] Huitema, C., "An Anycast Prefix for 6to4 Relay Routers",
skipping to change at page 6, line 30 skipping to change at page 6, line 14
[RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an
IANA Considerations Section in RFCs", BCP 26, RFC 5226, IANA Considerations Section in RFCs", BCP 26, RFC 5226,
May 2008. May 2008.
8.2. Informative References 8.2. Informative References
[HUSTON] Huston, "Flailing IPv6", December 2010, [HUSTON] Huston, "Flailing IPv6", December 2010,
<http://www.potaroo.net/ispcol/2010-12/6to4fail.html>. <http://www.potaroo.net/ispcol/2010-12/6to4fail.html>.
[I-D.ietf-6man-rfc3484-revise]
Matsumoto, A., Kato, J., and T. Fujisaki, "Update to RFC
3484 Default Address Selection for IPv6",
draft-ietf-6man-rfc3484-revise-02 (work in progress),
March 2011.
[I-D.ietf-v6ops-6to4-advisory]
Carpenter, B., "Advisory Guidelines for 6to4 Deployment",
draft-ietf-v6ops-6to4-advisory-01 (work in progress),
April 2011.
[I-D.ietf-v6ops-tunnel-loops] [I-D.ietf-v6ops-tunnel-loops]
Nakibly, G. and F. Templin, "Routing Loop Attack using Nakibly, G. and F. Templin, "Routing Loop Attack using
IPv6 Automatic Tunnels: Problem Statement and Proposed IPv6 Automatic Tunnels: Problem Statement and Proposed
Mitigations", draft-ietf-v6ops-tunnel-loops-06 (work in Mitigations", draft-ietf-v6ops-tunnel-loops-06 (work in
progress), March 2011. progress), March 2011.
[I-D.ietf-v6ops-tunnel-security-concerns] [I-D.ietf-v6ops-tunnel-security-concerns]
Krishnan, S., Thaler, D., and J. Hoagland, "Security Krishnan, S., Thaler, D., and J. Hoagland, "Security
Concerns With IP Tunneling", Concerns With IP Tunneling",
draft-ietf-v6ops-tunnel-security-concerns-04 (work in draft-ietf-v6ops-tunnel-security-concerns-04 (work in
 End of changes. 11 change blocks. 
35 lines changed or deleted 33 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/