draft-ietf-v6ops-6to4-to-historic-08.txt   draft-ietf-v6ops-6to4-to-historic-09.txt 
v6ops WG O. Troan v6ops WG O. Troan
Internet-Draft Cisco Internet-Draft Cisco
Obsoletes: 3068 (if approved) B. Carpenter, Ed. Obsoletes: 3068, 6732 (if approved) B. Carpenter, Ed.
Updates: 6343 (if approved) Univ. of Auckland Intended status: Best Current Practice Univ. of Auckland
Intended status: Best Current Practice November 13, 2014 Expires: June 13, 2015 December 10, 2014
Expires: May 17, 2015
Deprecating Anycast Prefix for 6to4 Relay Routers Deprecating Anycast Prefix for 6to4 Relay Routers
draft-ietf-v6ops-6to4-to-historic-08.txt draft-ietf-v6ops-6to4-to-historic-09.txt
Abstract Abstract
Experience with the "Connection of IPv6 Domains via IPv4 Clouds Experience with the "Connection of IPv6 Domains via IPv4 Clouds
(6to4)" IPv6 transition mechanism defined in RFC 3056 has shown that (6to4)" IPv6 transition mechanism defined in RFC 3056 has shown that
the mechanism is unsuitable for widespread deployment and use in the when used in its anycast mode, the mechanism is unsuitable for
Internet, especially in its anycast mode. This document requests widespread deployment and use in the Internet. This document
that RFC 3068, "An Anycast Prefix for 6to4 Relay Routers", be made therefore requests that RFC 3068, "An Anycast Prefix for 6to4 Relay
obsolete and moved to historic status. It also recommends that Routers", be made obsolete and moved to historic status. It also
future products should not support 6to4 anycast and that existing obsoletes RFC 6732 "6to4 Provider Managed Tunnels". It recommends
deployments should be reviewed. Thus it updates the guidelines in that future products should not support 6to4 anycast and that
RFC 6343. existing deployments should be reviewed. This complements the
guidelines in RFC 6343.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on May 17, 2015. This Internet-Draft will expire on June 13, 2015.
Copyright Notice Copyright Notice
Copyright (c) 2014 IETF Trust and the persons identified as the Copyright (c) 2014 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
1. Introduction 1. Introduction
There would appear to be no evidence of any substantial deployment of There would appear to be little evidence of substantial active use of
the variant of 6to4 described in [RFC3056]. Its extension specified the original form of 6to4 described in [RFC3056]. However, its
in "An Anycast Prefix for 6to4 Relay Routers" [RFC3068] has been extension specified in "An Anycast Prefix for 6to4 Relay Routers"
shown to have severe practical problems when used in the Internet. [RFC3068] has been shown to have severe practical problems when used
This document requests that RFC 3068 be moved to Historic status as in the Internet. This document requests that RFC 3068 and RFC 6732
defined in section 4.2.4 of [RFC2026]. It also updates the be moved to Historic status as defined in section 4.2.4 of [RFC2026].
deployment guidelines in [RFC6343]. It complements the deployment guidelines in [RFC6343].
6to4 was designed to help transition the Internet from IPv4 to IPv6. 6to4 was designed to help transition the Internet from IPv4 to IPv6.
It has been a good mechanism for experimenting with IPv6, but because It has been a good mechanism for experimenting with IPv6, but because
of the high failure rates seen with anycast 6to4 [HUSTON], end users of the high failure rates seen with anycast 6to4 [HUSTON], end users
may end up disabling IPv6 on hosts as a result, and some content may end up disabling IPv6 on hosts as a result, and some content
providers have been reluctant to make content available over IPv6. providers have been reluctant to make content available over IPv6.
[RFC6343] analyses the known operational issues in detail and [RFC6343] analyses the known operational issues in detail and
describes a set of suggestions to improve 6to4 reliability, given the describes a set of suggestions to improve 6to4 reliability, given the
widespread presence of hosts and customer premises equipment that widespread presence of hosts and customer premises equipment that
support it. However, experience shows that operational failures have support it. However, experience shows that operational failures have
continued despite this advice being available. Fortunately the continued despite this advice being available. Fortunately the
advice to disable 6to4 by default has been widely adopted in recent advice to disable 6to4 by default has been widely adopted in recent
operating systems, and the failure modes have been largely hidden operating systems, and the failure modes have been largely hidden
from users by many browsers adopting the "happy eyeballs" approach from users by many browsers adopting the "Happy Eyeballs" approach
[RFC6555]. Nevertheless, operational problems caused by 6to4 still [RFC6555]. Nevertheless, a substantial amount of 6to4 traffic is
still observed and the operational problems caused by 6to4 still
occur. occur.
Although facts are hard to obtain, the remaining successful users of
anycast 6to4 are likely to be on hosts using the obsolete policy
table [RFC3484] (which prefers 6to4 above IPv4), without Happy
Eyeballs, with a route to an operational anycast relay, and accessing
sites that have a route to an operational return relay.
IPv6 Rapid Deployment on IPv4 Infrastructures (6rd) [RFC5969] IPv6 Rapid Deployment on IPv4 Infrastructures (6rd) [RFC5969]
utilizes the same encapsulation and base mechanism as 6to4, and could explicitly builds on the 6to4 mechanism, and could be viewed as a
be viewed as a superset of 6to4 (6to4 could be achieved by setting superset of 6to4, using a service provider prefix instead of
the 6rd prefix to 2002::/16). However, the deployment model is such 2002::/16. However, the deployment model is based on service povider
that 6rd can avoid the problems described here. In this sense, 6rd support, such that 6rd can avoid the problems described here. In
can be viewed as superseding 6to4 as described in section 4.2.4 of this sense, 6rd can be viewed as superseding 6to4 as described in
[RFC2026] section 4.2.4 of [RFC2026].
Given that native IPv6 support and reliable transition mechanisms Given that native IPv6 support and various reliable transition
such as 6rd are now becoming common, the IETF sees no evolutionary mechanisms are now becoming common, the IETF sees no evolutionary
future for the 6to4 mechanism. future for the 6to4 mechanism.
2. Conventions 2. Conventions
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in RFC "OPTIONAL" in this document are to be interpreted as described in RFC
2119 [RFC2119]. 2119 [RFC2119].
The word "deprecate" and its derivatives are used only in their
generic sense of "criticize or express disapproval" and do not have
any specific normative meaning. A deprecated function might exist in
the Internet for many years to allow backwards compatibility.
3. 6to4 operational problems 3. 6to4 operational problems
6to4 is a mechanism designed to allow isolated IPv6 islands to reach 6to4 is a mechanism designed to allow isolated IPv6 islands to reach
each other using IPv6 over IPv4 automatic tunneling. To reach the each other using IPv6 over IPv4 automatic tunneling. To reach the
native IPv6 Internet the mechanism uses relay routers both in the native IPv6 Internet the mechanism uses relay routers both in the
forward and reverse direction. The mechanism is supported in many forward and reverse direction. The mechanism is supported in many
IPv6 implementations. With the increased deployment of IPv6, the IPv6 implementations. With the increased deployment of IPv6, the
mechanism has been shown to have a number of fundamental mechanism has been shown to have a number of fundamental
shortcomings. shortcomings.
skipping to change at page 4, line 49 skipping to change at page 5, line 11
default address selection rules specified in [RFC6724] are not default address selection rules specified in [RFC6724] are not
modified. However, if included in implementations, unicast 6to4 MUST modified. However, if included in implementations, unicast 6to4 MUST
be disabled by default. be disabled by default.
Implementations capable of acting as 6to4 routers MUST NOT enable Implementations capable of acting as 6to4 routers MUST NOT enable
6to4 without explicit user configuration. In particular, enabling 6to4 without explicit user configuration. In particular, enabling
IPv6 forwarding on a device MUST NOT automatically enable 6to4. IPv6 forwarding on a device MUST NOT automatically enable 6to4.
Current operators of an anycast 6to4 relay with the IPv4 address Current operators of an anycast 6to4 relay with the IPv4 address
192.88.99.1 SHOULD review the information in [RFC6343] and the 192.88.99.1 SHOULD review the information in [RFC6343] and the
present document, and then consider carefully when the anycast relay present document, and then consider carefully whether the anycast
can be discontinued as traffic diminishes. Internet service relay can be discontinued as traffic diminishes. Internet service
providers SHOULD filter out routes to 192.88.99.1. However, networks providers that do not operate an anycast relay but do provide their
SHOULD NOT filter out packets whose source address is 192.88.99.1, customers with a route to 192.88.99.1 SHOULD verify that it does in
because this is normal 6to4 traffic from a 6to4 return relay fact lead to an operational anycast relay, as discussed in
somewhere in the Internet. Section 4.2.1 of [RFC6343]. Furthermore, Internet service providers
and other network providers MUST NOT originate a route to
192.88.99.1, unless they actively operate and monitor an anycast 6to4
relay service as detailed in Section 4.2.1 of [RFC6343].
Operators of a 6to4 return relay announcing the IPv6 prefix 2002::/16 Networks SHOULD NOT filter out packets whose source address is
SHOULD review the information in [RFC6343] and the present document, 192.88.99.1, because this is normal 6to4 traffic from a 6to4 return
and then consider carefully when the return relay can be discontinued relay somewhere in the Internet.
as traffic diminishes. As discussed in Section 4.5 of RFC 6343,
content providers might choose to continue operating such a relay for Operators of a 6to4 return relay responding to the IPv6 prefix
the benefit of their own residual 6to4 clients. Internet service 2002::/16 SHOULD review the information in [RFC6343] and the present
providers SHOULD announce the IPv6 prefix 2002::/16 to their own document, and then consider carefully whether the return relay can be
customers if and only if it leads to a correctly operating return discontinued as traffic diminishes. To avoid confusion, note that
relay as described in RFC 6343. IPv6-only service providers are nothing in the design of 6to4 assumes or requires that return packets
advised that their own customers need such a relay to be available in are handled by the same relay as outbound packets. As discussed in
case a residual 6to4 user served by a different service provider Section 4.5 of RFC 6343, content providers might choose to continue
attempts to communicate with them. operating a return relay for the benefit of their own residual 6to4
clients. Internet service providers SHOULD announce the IPv6 prefix
2002::/16 to their own customers if and only if it leads to a
correctly operating return relay as described in RFC 6343. IPv6-only
service providers, including those operating a NAT64 service
[RFC6146], are advised that their own customers need a route to such
a relay in case a residual 6to4 user served by a different service
provider attempts to communicate with them.
The guidelines in Section 4 of [RFC6343] remain valid for those who The guidelines in Section 4 of [RFC6343] remain valid for those who
choose to continue operating Anycast 6to4 despite its deprecation. choose to continue operating Anycast 6to4 despite its deprecation.
However, 6to4 Provider Managed Tunnels [RFC6732] will no longer be
necessary.
Incidental references to 6to4 should be reviewed and possibly removed Incidental references to 6to4 should be reviewed and possibly removed
from other IETF documents if and when they are updated. These from other IETF documents if and when they are updated. These
documents include RFC3162, RFC3178, RFC3790, RFC4191, RFC4213, documents include RFC3162, RFC3178, RFC3790, RFC4191, RFC4213,
RFC4389, RFC4779, RFC4852, RFC4891, RFC4903, RFC5157, RFC5245, RFC4389, RFC4779, RFC4852, RFC4891, RFC4903, RFC5157, RFC5245,
RFC5375, RFC5971, RFC6071 and RFC6890. RFC5375, RFC5971, RFC6071 and RFC6890.
5. IANA Considerations 5. IANA Considerations
The document creating the IANA IPv4 Special-Purpose Address Registry The document creating the IANA IPv4 Special-Purpose Address Registry
skipping to change at page 5, line 48 skipping to change at page 6, line 23
Action [RFC5226]. Action [RFC5226].
6. Security Considerations 6. Security Considerations
There are no new security considerations pertaining to this document. There are no new security considerations pertaining to this document.
General security issues with tunnels are listed in [RFC6169] and more General security issues with tunnels are listed in [RFC6169] and more
specifically to 6to4 in [RFC3964] and [RFC6324]. specifically to 6to4 in [RFC3964] and [RFC6324].
7. Acknowledgements 7. Acknowledgements
The authors would like to acknowledge Tore Anderson, Dmitry Anipko, The authors would like to acknowledge Tore Anderson, Mark Andrews,
Jack Bates, Cameron Byrne, Ben Campbell, Gert Doering, David Farmer, Dmitry Anipko, Jack Bates, Cameron Byrne, Ben Campbell, Lorenzo
Ray Hunter, Joel Jaeggli, Kurt Erik Lindqvist, Jason Livingood, Keith Colitti, Gert Doering, David Farmer, Nick Hilliard, Philip Homburg,
Moore, Tom Petch, Daniel Roesen, Mark Townsley and James Woodyatt for Ray Hunter, Joel Jaeggli, Victor Kuarsingh, Kurt Erik Lindqvist,
their contributions and discussions on this topic. Jason Livingood, Keith Moore, Tom Petch, Daniel Roesen, Mark Townsley
and James Woodyatt for their contributions and discussions on this
topic.
Special thanks go to Fred Baker, Geoff Huston, and Wes George for Special thanks go to Fred Baker, Geoff Huston, and Wes George for
their significant contributions. their significant contributions.
Many thanks to Gunter Van de Velde for documenting the harm caused by Many thanks to Gunter Van de Velde for documenting the harm caused by
non-managed tunnels and stimulating the creation of this document. non-managed tunnels and stimulating the creation of this document.
8. References 8. References
8.1. Normative References 8.1. Normative References
skipping to change at page 6, line 33 skipping to change at page 7, line 9
[RFC3056] Carpenter, B. and K. Moore, "Connection of IPv6 Domains [RFC3056] Carpenter, B. and K. Moore, "Connection of IPv6 Domains
via IPv4 Clouds", RFC 3056, February 2001. via IPv4 Clouds", RFC 3056, February 2001.
[RFC3068] Huitema, C., "An Anycast Prefix for 6to4 Relay Routers", [RFC3068] Huitema, C., "An Anycast Prefix for 6to4 Relay Routers",
RFC 3068, June 2001. RFC 3068, June 2001.
[RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an
IANA Considerations Section in RFCs", BCP 26, RFC 5226, IANA Considerations Section in RFCs", BCP 26, RFC 5226,
May 2008. May 2008.
[RFC6146] Bagnulo, M., Matthews, P., and I. van Beijnum, "Stateful
NAT64: Network Address and Protocol Translation from IPv6
Clients to IPv4 Servers", RFC 6146, April 2011.
[RFC6724] Thaler, D., Draves, R., Matsumoto, A., and T. Chown, [RFC6724] Thaler, D., Draves, R., Matsumoto, A., and T. Chown,
"Default Address Selection for Internet Protocol Version 6 "Default Address Selection for Internet Protocol Version 6
(IPv6)", RFC 6724, September 2012. (IPv6)", RFC 6724, September 2012.
[RFC6890] Cotton, M., Vegoda, L., Bonica, R., and B. Haberman, [RFC6890] Cotton, M., Vegoda, L., Bonica, R., and B. Haberman,
"Special-Purpose IP Address Registries", BCP 153, RFC "Special-Purpose IP Address Registries", BCP 153, RFC
6890, April 2013. 6890, April 2013.
8.2. Informative References 8.2. Informative References
[HUSTON] Huston, , "Flailing IPv6", December 2010, [HUSTON] Huston, , "Flailing IPv6", December 2010,
<http://www.potaroo.net/ispcol/2010-12/6to4fail.html>. <http://www.potaroo.net/ispcol/2010-12/6to4fail.html>.
[RFC1918] Rekhter, Y., Moskowitz, R., Karrenberg, D., Groot, G., and [RFC1918] Rekhter, Y., Moskowitz, R., Karrenberg, D., Groot, G., and
E. Lear, "Address Allocation for Private Internets", BCP E. Lear, "Address Allocation for Private Internets", BCP
5, RFC 1918, February 1996. 5, RFC 1918, February 1996.
[RFC3484] Draves, R., "Default Address Selection for Internet
Protocol version 6 (IPv6)", RFC 3484, February 2003.
[RFC3964] Savola, P. and C. Patel, "Security Considerations for [RFC3964] Savola, P. and C. Patel, "Security Considerations for
6to4", RFC 3964, December 2004. 6to4", RFC 3964, December 2004.
[RFC5969] Townsley, W. and O. Troan, "IPv6 Rapid Deployment on IPv4 [RFC5969] Townsley, W. and O. Troan, "IPv6 Rapid Deployment on IPv4
Infrastructures (6rd) -- Protocol Specification", RFC Infrastructures (6rd) -- Protocol Specification", RFC
5969, August 2010. 5969, August 2010.
[RFC6169] Krishnan, S., Thaler, D., and J. Hoagland, "Security [RFC6169] Krishnan, S., Thaler, D., and J. Hoagland, "Security
Concerns with IP Tunneling", RFC 6169, April 2011. Concerns with IP Tunneling", RFC 6169, April 2011.
[RFC6324] Nakibly, G. and F. Templin, "Routing Loop Attack Using [RFC6324] Nakibly, G. and F. Templin, "Routing Loop Attack Using
IPv6 Automatic Tunnels: Problem Statement and Proposed IPv6 Automatic Tunnels: Problem Statement and Proposed
Mitigations", RFC 6324, August 2011. Mitigations", RFC 6324, August 2011.
[RFC6343] Carpenter, B., "Advisory Guidelines for 6to4 Deployment", [RFC6343] Carpenter, B., "Advisory Guidelines for 6to4 Deployment",
RFC 6343, August 2011. RFC 6343, August 2011.
[RFC6555] Wing, D. and A. Yourtchenko, "Happy Eyeballs: Success with [RFC6555] Wing, D. and A. Yourtchenko, "Happy Eyeballs: Success with
Dual-Stack Hosts", RFC 6555, April 2012. Dual-Stack Hosts", RFC 6555, April 2012.
[RFC6732] Kuarsingh, V., Lee, Y., and O. Vautrin, "6to4 Provider
Managed Tunnels", RFC 6732, September 2012.
Authors' Addresses Authors' Addresses
Ole Troan Ole Troan
Cisco Cisco
Oslo Oslo
Norway Norway
Email: ot@cisco.com Email: ot@cisco.com
Brian Carpenter (editor) Brian Carpenter (editor)
 End of changes. 17 change blocks. 
53 lines changed or deleted 89 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/