draft-ietf-v6ops-6to4-to-historic-05.txt   draft-ietf-v6ops-6to4-to-historic-06.txt 
v6ops WG O. Troan v6ops WG O. Troan
Internet-Draft Cisco Internet-Draft Cisco
Obsoletes: 3056, 3068 June 24, 2011 Obsoletes: 3056, 3068 (if approved) B. Carpenter, Ed.
(if approved) Intended status: Best Current Practice Univ. of Auckland
Intended status: Informational Expires: April 23, 2015 October 20, 2014
Expires: December 26, 2011
Request to move Connection of IPv6 Domains via IPv4 Clouds (6to4) to Deprecating Connection of IPv6 Domains via IPv4 Clouds (6to4)
Historic status draft-ietf-v6ops-6to4-to-historic-06.txt
draft-ietf-v6ops-6to4-to-historic-05.txt
Abstract Abstract
Experience with the "Connection of IPv6 Domains via IPv4 Clouds Experience with the "Connection of IPv6 Domains via IPv4 Clouds
(6to4)" IPv6 transitioning mechanism has shown that the mechanism is (6to4)" IPv6 transition mechanism has shown that the mechanism is
unsuitable for widespread deployment and use in the Internet. This unsuitable for widespread deployment and use in the Internet. This
document requests that RFC3056 and the companion document "An Anycast document requests that RFC3056 and the companion document "An Anycast
Prefix for 6to4 Relay Routers" RFC3068 are made obsolete and moved to Prefix for 6to4 Relay Routers" RFC3068 are made obsolete and moved to
historic status. historic status. It also recommends that future products should not
support 6to4 and that existing deployments should be reviewed.
Status of this Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on December 26, 2011. This Internet-Draft will expire on April 23, 2015.
Copyright Notice Copyright Notice
Copyright (c) 2011 IETF Trust and the persons identified as the Copyright (c) 2014 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
skipping to change at page 2, line 21 skipping to change at page 2, line 20
There would appear to be no evidence of any substantial deployment of There would appear to be no evidence of any substantial deployment of
the variant of 6to4 described in [RFC3056]. Its extension specified the variant of 6to4 described in [RFC3056]. Its extension specified
in "An Anycast Prefix for 6to4 Relay Routers" [RFC3068] has been in "An Anycast Prefix for 6to4 Relay Routers" [RFC3068] has been
shown to have severe practical problems when used in the Internet. shown to have severe practical problems when used in the Internet.
This document requests that RFC3056 and RFC3068 be moved to Historic This document requests that RFC3056 and RFC3068 be moved to Historic
status as defined in section 4.2.4 [RFC2026]. status as defined in section 4.2.4 [RFC2026].
6to4 was designed to help transition the Internet from IPv4 to IPv6. 6to4 was designed to help transition the Internet from IPv4 to IPv6.
It has been a good mechanism for experimenting with IPv6, but because It has been a good mechanism for experimenting with IPv6, but because
of the high failure rates seen with 6to4 [HUSTON], end users may end of the high failure rates seen with 6to4 [HUSTON], end users may end
up disabling IPv6 on hosts, and content providers are reluctant to up disabling IPv6 on hosts as a result, and some content providers
make content available over IPv6. have been reluctant to make content available over IPv6.
[I-D.ietf-v6ops-6to4-advisory] analyses the known operational issues
and describes a set of suggestions to improve 6to4 reliability, given
the widespread presence of hosts and customer premises equipment that
support it.
The IETF sees no evolutionary future for the mechanism and it is not [RFC6343] analyses the known operational issues in detail and
recommended to include this mechanism in new implementations. describes a set of suggestions to improve 6to4 reliability, given the
widespread presence of hosts and customer premises equipment that
support it. However, experience shows that operational failures have
continued despite this advice being available. Fortunately the
advice to disable 6to4 by default has been widely adopted in recent
operating systems, and the failure modes have been largely hidden
from users by many browsers adopting the "happy eyeballs" approach
[RFC6555]. Nevertheless, operational problems caused by 6to4 still
occur.
IPv6 Rapid Deployment on IPv4 Infrastructures (6rd) [RFC5969] IPv6 Rapid Deployment on IPv4 Infrastructures (6rd) [RFC5969]
utilizes the same encapsulation and base mechanism as 6to4, and could utilizes the same encapsulation and base mechanism as 6to4, and could
be viewed as a superset of 6to4 (6to4 could be achieved by setting be viewed as a superset of 6to4 (6to4 could be achieved by setting
the 6rd prefix to 2002::/16). However, the deployment model is such the 6rd prefix to 2002::/16). However, the deployment model is such
that 6rd can avoid the problems described here. In this sense, 6rd that 6rd can avoid the problems described here. In this sense, 6rd
can be viewed as superseding 6to4 as described in section 4.2.4 of can be viewed as superseding 6to4 as described in section 4.2.4 of
[RFC2026] [RFC2026]
Given that native IPv6 support and reliable transition mechanisms
such as 6rd are now becoming common, the IETF sees no evolutionary
future for the 6to4 mechanism.
2. Conventions 2. Conventions
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
document are to be interpreted as described in RFC 2119 [RFC2119]. "OPTIONAL" in this document are to be interpreted as described in RFC
2119 [RFC2119].
3. 6to4 operational problems 3. 6to4 operational problems
6to4 is a mechanism designed to allow isolated IPv6 islands to reach 6to4 is a mechanism designed to allow isolated IPv6 islands to reach
each other using IPv6 over IPv4 automatic tunneling. To reach the each other using IPv6 over IPv4 automatic tunneling. To reach the
native IPv6 Internet the mechanism uses relay routers both in the native IPv6 Internet the mechanism uses relay routers both in the
forward and reverse direction. The mechanism is supported in many forward and reverse direction. The mechanism is supported in many
IPv6 implementations. With the increased deployment of IPv6, the IPv6 implementations. With the increased deployment of IPv6, the
mechanism has been shown to have a number of fundamental mechanism has been shown to have a number of fundamental
shortcomings. shortcomings.
skipping to change at page 3, line 32 skipping to change at page 3, line 36
One model of 6to4 deployment as described in section 5.2, RFC3056, One model of 6to4 deployment as described in section 5.2, RFC3056,
suggests that a 6to4 router should have a set of managed connections suggests that a 6to4 router should have a set of managed connections
(via BGP connections) to a set of 6to4 relay routers. While this (via BGP connections) to a set of 6to4 relay routers. While this
makes the forward path more controlled, it does not guarantee a makes the forward path more controlled, it does not guarantee a
functional reverse path. In any case this model has the same functional reverse path. In any case this model has the same
operational burden as manually configured tunnels and has seen no operational burden as manually configured tunnels and has seen no
deployment in the public Internet. deployment in the public Internet.
List of some of the known issues with 6to4: List of some of the known issues with 6to4:
o Use of relays. 6to4 depends on an unknown third- party to operate o Use of relays. 6to4 depends on an unknown third party to operate
the relays between the 6to4 cloud and the native IPv6 Internet. the relays between the 6to4 cloud and the native IPv6 Internet.
o The placement of the relay can lead to increased latency, and in o The placement of the relay can lead to increased latency, and in
the case the relay is overloaded, packet loss. the case the relay is overloaded, packet loss.
o There is generally no customer relationship between the end-user o There is generally no customer relationship between the end-user
and the relay operator, or even a way for the end-user to know who and the relay operator, or even a way for the end-user to know who
the relay operator is, so no support is possible. the relay operator is, so no support is possible.
o A 6to4 relay for the reverse path and an anycast 6to4 relay used o A 6to4 relay for the reverse path and an anycast 6to4 relay used
for the forward path, are openly accessible, limited only by the for the forward path, are openly accessible, limited only by the
scope of routing. 6to4 relays can be used to anonymize traffic and scope of routing. 6to4 relays can be used to anonymize traffic and
inject attacks into IPv6 that are very difficult to trace. inject attacks into IPv6 that are very difficult to trace.
skipping to change at page 3, line 49 skipping to change at page 4, line 4
o A 6to4 relay for the reverse path and an anycast 6to4 relay used o A 6to4 relay for the reverse path and an anycast 6to4 relay used
for the forward path, are openly accessible, limited only by the for the forward path, are openly accessible, limited only by the
scope of routing. 6to4 relays can be used to anonymize traffic and scope of routing. 6to4 relays can be used to anonymize traffic and
inject attacks into IPv6 that are very difficult to trace. inject attacks into IPv6 that are very difficult to trace.
o 6to4 may silently discard traffic in the case where protocol (41) o 6to4 may silently discard traffic in the case where protocol (41)
is blocked in intermediate firewalls. Even if a firewall sent an is blocked in intermediate firewalls. Even if a firewall sent an
ICMP message unreachable back, an IPv4 ICMP message rarely ICMP message unreachable back, an IPv4 ICMP message rarely
contains enough of the original IPv6 packet so that it can be contains enough of the original IPv6 packet so that it can be
relayed back to the IPv6 sender. That makes this problem hard to relayed back to the IPv6 sender. That makes this problem hard to
detect and react upon by the sender of the packet. detect and react upon by the sender of the packet.
o As 6to4 tunnels across the Internet, the IPv4 addresses used must o As 6to4 tunnels across the Internet, the IPv4 addresses used must
be globally reachable. RFC3056 states that a private address be globally reachable. RFC3056 states that a private address
[RFC1918] MUST NOT be used. 6to4 will not work in networks that [RFC1918] MUST NOT be used. 6to4 will not work in networks that
employ other addresses with limited topological span. employ other addresses with limited topological span. In
particular it will predictably fail in the case of double network
address translation (NAT444).
For further analysis, see [RFC6343].
4. Deprecation 4. Deprecation
This document formally deprecates the 6to4 transition mechanism and This document formally deprecates the 6to4 transition mechanism and
the IPv6 6to4 prefix defined in [RFC3056], i.e., 2002::/16. The the IPv6 6to4 prefix defined in [RFC3056], i.e., 2002::/16. The
prefix MUST NOT be reassigned for other use except by a future IETF prefix MUST NOT be reassigned for other use except by a future IETF
standards action. standards action.
Disabling 6to4 in the IPv6 Internet will take some time. The initial Disabling 6to4 in the IPv6 Internet will take some time. Firstly, it
approach is to make 6to4 a service of "last resort" in host is NOT RECOMMENDED to include this mechanism in new implementations.
implementations, ensure that the 6to4 service is disabled by default If included, it MUST be disabled by default. It is no longer
in 6to4 routers, and deploy native IPv6 services. In order to limit considered to be a useful service of "last resort" as supported by
the impact of end-users, it is recommended that operators retain [RFC6724].
their existing 6to4 relay routers and follow the recommendations
found in [I-D.ietf-v6ops-6to4-advisory]. When traffic levels
diminish, these routers can be decommissioned.
IPv6 nodes SHOULD treat 6to4 as a service of "last resort" as
recommended in [I-D.ietf-6man-rfc3484-revise]
Implementations capable of acting as 6to4 routers SHOULD NOT enable Implementations capable of acting as 6to4 routers MUST NOT enable
6to4 without explicit user configuration. In particular, enabling 6to4 without explicit user configuration. In particular, enabling
IPv6 forwarding on a device, SHOULD NOT automatically enable 6to4. IPv6 forwarding on a device, MUST NOT automatically enable 6to4.
Existing implementations and deployments MAY continue to use 6to4. Current operators of an anycast 6to4 relay with the IPv4 address
192.88.99.1 SHOULD review the information in [RFC6343] and the
present document, and then consider carefully when the anycast relay
can be discontinued as traffic diminishes.
Operators of a 6to4 return relay announcing the IPv6 prefix 2002::/16
SHOULD review the information in [RFC6343] and the present document,
and then consider carefully when the return relay can be discontinued
as traffic diminishes. As discussed in Section 4.5 of RFC 6343,
content providers might choose to continue operating such a relay for
the benefit of any residual 6to4 clients.
Peer-to-peer usage of the 6to4 mechanism, not depending on the
anycast mechanism, might exist in the Internet, largely unknown to
operators. This is harmless to third parties and the current
document is not intended to prevent such traffic continuing.
The references to 6to4 should be removed as soon as practical from The references to 6to4 should be removed as soon as practical from
the revision of the Special-Use IPv6 Addresses [RFC5156]. the revision of the Special-Use IPv6 Addresses [RFC6890].
The references to the 6to4 relay anycast addresses (192.88.99.0/24) The references to the 6to4 relay anycast addresses (192.88.99.0/24)
should be removed as soon as practical from the revision of the should be removed as soon as practical from the revision of the
Special Use IPv4 addresses [RFC5735]. Special Use IPv4 addresses [RFC6890].
Incidental references to 6to4 should be removed from other IETF Incidental references to 6to4 should be removed from other IETF
documents if and when they are updated. These documents include documents if and when they are updated. These documents include
RFC3162, RFC3178, RFC3790, RFC4191, RFC4213, RFC4389, RFC4779, RFC3162, RFC3178, RFC3790, RFC4191, RFC4213, RFC4389, RFC4779,
RFC4852, RFC4891, RFC4903, RFC5157, RFC5245, RFC5375, RFC5971, and RFC4852, RFC4891, RFC4903, RFC5157, RFC5245, RFC5375, RFC5971, and
RFC6071. RFC6071.
5. IANA Considerations 5. IANA Considerations
IANA is requested to mark the 2002::/16 prefix as "deprecated", IANA is requested to mark the 2002::/16 prefix as "deprecated",
skipping to change at page 5, line 17 skipping to change at page 5, line 33
justification via an IETF Standards Action [RFC5226]. justification via an IETF Standards Action [RFC5226].
IANA is requested to mark the 192.88.99.0/24 prefix [RFC3068] as IANA is requested to mark the 192.88.99.0/24 prefix [RFC3068] as
"deprecated", pointing to this document. Redelegation of the domain "deprecated", pointing to this document. Redelegation of the domain
for any usage requires justification via an IETF Standards Action for any usage requires justification via an IETF Standards Action
[RFC5226]. [RFC5226].
6. Security Considerations 6. Security Considerations
There are no new security considerations pertaining to this document. There are no new security considerations pertaining to this document.
General security issues with tunnels are listed in General security issues with tunnels are listed in [RFC6169] and more
[I-D.ietf-v6ops-tunnel-security-concerns] and more specifically to specifically to 6to4 in [RFC3964] and [RFC6324].
6to4 in [RFC3964] and [I-D.ietf-v6ops-tunnel-loops].
7. Acknowledgements 7. Acknowledgements
The authors would like to acknowledge Tore Anderson, Dmitry Anipko, The authors would like to acknowledge Tore Anderson, Dmitry Anipko,
Jack Bates, Cameron Byrne, Ben Campbell, Gert Doering, Ray Hunter, Jack Bates, Cameron Byrne, Ben Campbell, Gert Doering, Ray Hunter,
Joel Jaeggli, Kurt Erik Lindqvist, Jason Livingood, Keith Moore, Tom Joel Jaeggli, Kurt Erik Lindqvist, Jason Livingood, Keith Moore, Tom
Petch, Daniel Roesen and Mark Townsley, James Woodyatt, for their Petch, Daniel Roesen and Mark Townsley, James Woodyatt, for their
contributions and discussions on this topic. contributions and discussions on this topic.
Special thanks go to Fred Baker, Geoff Huston, Brian Carpenter, and Special thanks go to Fred Baker, Geoff Huston, and Wes George for
Wes George for their significant contributions. their significant contributions.
Many thanks to Gunter Van de Velde for documenting the harm caused by Many thanks to Gunter Van de Velde for documenting the harm caused by
non-managed tunnels and to stimulate the creation of this document. non-managed tunnels and to stimulate the creation of this document.
8. References 8. References
8.1. Normative References 8.1. Normative References
[RFC2026] Bradner, S., "The Internet Standards Process -- Revision [RFC2026] Bradner, S., "The Internet Standards Process -- Revision
3", BCP 9, RFC 2026, October 1996. 3", BCP 9, RFC 2026, October 1996.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC3056] Carpenter, B. and K. Moore, "Connection of IPv6 Domains [RFC3056] Carpenter, B. and K. Moore, "Connection of IPv6 Domains
via IPv4 Clouds", RFC 3056, February 2001. via IPv4 Clouds", RFC 3056, February 2001.
[RFC3068] Huitema, C., "An Anycast Prefix for 6to4 Relay Routers", [RFC3068] Huitema, C., "An Anycast Prefix for 6to4 Relay Routers",
RFC 3068, June 2001. RFC 3068, June 2001.
[RFC5156] Blanchet, M., "Special-Use IPv6 Addresses", RFC 5156,
April 2008.
[RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an
IANA Considerations Section in RFCs", BCP 26, RFC 5226, IANA Considerations Section in RFCs", BCP 26, RFC 5226,
May 2008. May 2008.
[RFC5735] Cotton, M. and L. Vegoda, "Special Use IPv4 Addresses", [RFC6724] Thaler, D., Draves, R., Matsumoto, A., and T. Chown,
BCP 153, RFC 5735, January 2010. "Default Address Selection for Internet Protocol Version 6
(IPv6)", RFC 6724, September 2012.
[RFC6890] Cotton, M., Vegoda, L., Bonica, R., and B. Haberman,
"Special-Purpose IP Address Registries", BCP 153, RFC
6890, April 2013.
8.2. Informative References 8.2. Informative References
[HUSTON] Huston, "Flailing IPv6", December 2010, [HUSTON] Huston, , "Flailing IPv6", December 2010,
<http://www.potaroo.net/ispcol/2010-12/6to4fail.html>. <http://www.potaroo.net/ispcol/2010-12/6to4fail.html>.
[I-D.ietf-6man-rfc3484-revise]
Matsumoto, A., Kato, J., and T. Fujisaki, "Update to RFC
3484 Default Address Selection for IPv6",
draft-ietf-6man-rfc3484-revise-03 (work in progress),
June 2011.
[I-D.ietf-v6ops-6to4-advisory]
Carpenter, B., "Advisory Guidelines for 6to4 Deployment",
draft-ietf-v6ops-6to4-advisory-02 (work in progress),
June 2011.
[I-D.ietf-v6ops-tunnel-loops]
Nakibly, G. and F. Templin, "Routing Loop Attack using
IPv6 Automatic Tunnels: Problem Statement and Proposed
Mitigations", draft-ietf-v6ops-tunnel-loops-07 (work in
progress), May 2011.
[I-D.ietf-v6ops-tunnel-security-concerns]
Krishnan, S., Thaler, D., and J. Hoagland, "Security
Concerns With IP Tunneling",
draft-ietf-v6ops-tunnel-security-concerns-04 (work in
progress), October 2010.
[RFC1918] Rekhter, Y., Moskowitz, R., Karrenberg, D., Groot, G., and [RFC1918] Rekhter, Y., Moskowitz, R., Karrenberg, D., Groot, G., and
E. Lear, "Address Allocation for Private Internets", E. Lear, "Address Allocation for Private Internets", BCP
BCP 5, RFC 1918, February 1996. 5, RFC 1918, February 1996.
[RFC3964] Savola, P. and C. Patel, "Security Considerations for [RFC3964] Savola, P. and C. Patel, "Security Considerations for
6to4", RFC 3964, December 2004. 6to4", RFC 3964, December 2004.
[RFC5158] Huston, G., "6to4 Reverse DNS Delegation Specification", [RFC5158] Huston, G., "6to4 Reverse DNS Delegation Specification",
RFC 5158, March 2008. RFC 5158, March 2008.
[RFC5969] Townsley, W. and O. Troan, "IPv6 Rapid Deployment on IPv4 [RFC5969] Townsley, W. and O. Troan, "IPv6 Rapid Deployment on IPv4
Infrastructures (6rd) -- Protocol Specification", Infrastructures (6rd) -- Protocol Specification", RFC
RFC 5969, August 2010. 5969, August 2010.
Author's Address [RFC6169] Krishnan, S., Thaler, D., and J. Hoagland, "Security
Concerns with IP Tunneling", RFC 6169, April 2011.
[RFC6324] Nakibly, G. and F. Templin, "Routing Loop Attack Using
IPv6 Automatic Tunnels: Problem Statement and Proposed
Mitigations", RFC 6324, August 2011.
[RFC6343] Carpenter, B., "Advisory Guidelines for 6to4 Deployment",
RFC 6343, August 2011.
[RFC6555] Wing, D. and A. Yourtchenko, "Happy Eyeballs: Success with
Dual-Stack Hosts", RFC 6555, April 2012.
Authors' Addresses
Ole Troan Ole Troan
Cisco Cisco
Oslo, Oslo
Norway Norway
Email: ot@cisco.com Email: ot@cisco.com
Brian Carpenter (editor)
Department of Computer Science
University of Auckland
PB 92019
Auckland 1142
New Zealand
Email: brian.e.carpenter@gmail.com
 End of changes. 31 change blocks. 
81 lines changed or deleted 93 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/