v6ops WG                                                        O. Troan
Internet-Draft                                                     Cisco
Obsoletes: 3068, 6732 (if approved)                    B. Carpenter, Ed.
Intended status: Best Current Practice                 Univ. of Auckland
Expires: June 13, July 8, 2015                                    January 4, 2015                                 December 10, 2014

           Deprecating Anycast Prefix for 6to4 Relay Routers
                draft-ietf-v6ops-6to4-to-historic-09.txt
                draft-ietf-v6ops-6to4-to-historic-10.txt

Abstract

   Experience with the "Connection of IPv6 Domains via IPv4 Clouds
   (6to4)" IPv6 transition mechanism defined in RFC 3056 has shown that
   when used in its anycast mode, the mechanism is unsuitable for
   widespread deployment and use in the Internet.  This document
   therefore requests that RFC 3068, "An Anycast Prefix for 6to4 Relay
   Routers", be made obsolete and moved to historic status.  It also
   obsoletes RFC 6732 "6to4 Provider Managed Tunnels".  It recommends
   that future products should not support 6to4 anycast and that
   existing deployments should be reviewed.  This complements the
   guidelines in RFC 6343.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on June 13, July 8, 2015.

Copyright Notice

   Copyright (c) 2014 2015 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

1.  Introduction

   There would appear to be little evidence of substantial active use of
   the

   The original form of the 6to4 described in [RFC3056]. transition mechanism [RFC3056] relies
   on unicast addressing.  However, its extension specified in "An
   Anycast Prefix for 6to4 Relay Routers" [RFC3068] has been shown to
   have severe practical problems when used in the Internet.  This
   document requests that RFC 3068 and RFC 6732 be moved to Historic
   status as defined in section 4.2.4 of [RFC2026].  It complements the
   deployment guidelines in [RFC6343].

   6to4 was designed to help transition the Internet from IPv4 to IPv6.
   It has been a good mechanism for experimenting with IPv6, but because
   of the high failure rates seen with anycast 6to4 [HUSTON], end users
   may end up disabling IPv6 on hosts as a result, and some content
   providers have been reluctant to make content available over IPv6.

   [RFC6343] analyses the known operational issues in detail and
   describes a set of suggestions to improve 6to4 reliability, given the
   widespread presence of hosts and customer premises equipment that
   support it.  However, experience shows that operational failures have
   continued despite this advice being available.  Fortunately the  The advice to disable 6to4 by default has been widely
   adopted in recent operating systems, and the failure modes have been largely
   widely hidden from users by many browsers adopting the "Happy
   Eyeballs" approach [RFC6555].

   Nevertheless, a substantial amount of 6to4 traffic is still observed and the operational problems caused
   by 6to4 still
   occur.

   Although facts are hard to obtain, the IPv6 content providers.  The remaining successful users of anycast
   6to4 are likely to be on hosts using the obsolete policy table [RFC3484] (which
   [RFC3484], which prefers 6to4 above IPv4), IPv4, and running without Happy
   Eyeballs, with
   Eyeballs.  Furthermore, they must have a route to an operational
   anycast relay, relay and they must be accessing
   sites an IPv6 host that have has a
   route to an operational return relay.

   However, experience shows that operational failures caused by anycast
   6to4 have continued, despite the advice in RFC 6343 being available.

1.1.  Related Work

   IPv6 Rapid Deployment on IPv4 Infrastructures (6rd) [RFC5969]
   explicitly builds on the 6to4 mechanism, and could be viewed as a
   superset of 6to4, using a service provider
   prefix instead of 2002::/16.  However, the deployment model is based
   on service povider provider support, such that 6rd can avoid avoids the problems described here.  In
   this sense, 6rd can be viewed as superseding
   observed with anycast 6to4.

   The framework for 6to4 as described in
   section 4.2.4 Provider Managed Tunnels [RFC6732] is intended
   to help a service provider manage 6to4 anycast tunnels.  This
   framework only exists because of [RFC2026].

   Given that native IPv6 support and various reliable transition
   mechanisms are now becoming common, the IETF sees no evolutionary
   future for the 6to4 mechanism. problems observed with anycast
   6to4.

2.  Conventions

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
   "OPTIONAL" in this document are to be interpreted as described in RFC
   2119 [RFC2119].

   The word "deprecate" and its derivatives are used only in their
   generic sense of "criticize or express disapproval" and do not have
   any specific normative meaning.  A deprecated function might exist in
   the Internet for many years to allow backwards compatibility.

3.  6to4 operational problems

   6to4 is a mechanism designed to allow isolated IPv6 islands to reach
   each other using IPv6 over IPv4 automatic tunneling.  To reach the
   native IPv6 Internet the mechanism uses relay routers both in the
   forward and reverse direction.  The mechanism is supported in many
   IPv6 implementations.  With the increased deployment of IPv6, the
   mechanism has been shown to have a number of fundamental shortcomings.

   6to4 depends on relays both in the forward and reverse direction to
   enable connectivity with the native IPv6 Internet.  A 6to4 node will
   send IPv4 encapsulated IPv6 traffic to a 6to4 relay, that is
   connected both to the 6to4 cloud and to native IPv6.  In the reverse
   direction a 2002::/16 route is injected into the native IPv6 routing
   domain to attract traffic from native IPv6 nodes to a 6to4 relay
   router.  It is expected that traffic will use different relays in the
   forward and reverse direction.  RFC 3068 adds an extension that
   allows the use of a well known IPv4 anycast address to reach the
   nearest 6to4 relay in the forward direction.

   One model of 6to4 deployment, described in section 5.2 of RFC 3056,
   suggests that a 6to4 router should have a set of managed connections
   (via BGP connections) to a set of 6to4 relay routers.  While this
   makes the forward path more controlled, it does not guarantee a
   functional reverse path.  In any case this model has the same
   operational burden as manually configured tunnels and has seen no
   deployment in the public Internet.

   List of some of the known issues with 6to4:

   o  Use of relays. 6to4 depends on

   RFC 3068 adds an unknown third party to operate
      the relays between the 6to4 cloud and extension that allows the native IPv6 Internet.
   o  The placement use of the relay can lead to increased latency, and in
      the case the relay is overloaded, packet loss.
   o  There is generally no customer relationship between the end-user
      and the relay operator, or even a way for the end-user well known IPv4
   anycast address to know who
      the relay operator is, so no support is possible.
   o  A 6to4 relay for reach the reverse path and an anycast nearest 6to4 relay used
      for the forward path, are openly accessible, limited only by the
      scope of routing. 6to4 relays can be used to anonymize traffic and
      inject attacks into IPv6 that are very difficult to trace.
   o  6to4 may silently discard traffic in the case where protocol (41)
      is blocked in intermediate firewalls.  Even if forward
   direction.  However, this anycast mechanism has a firewall sent an
      ICMP message unreachable back, an IPv4 ICMP message rarely
      contains enough number of the original IPv6 packet so that it can be
      relayed back to the IPv6 sender.  That makes this problem hard to
      detect
   operational issues and react upon by the sender of the packet.
   o  As 6to4 tunnels across the Internet, the IPv4 addresses used must
      be globally reachable.  RFC 3056 states that a private address
      [RFC1918] MUST NOT be used. 6to4 will not work problems, which are described in networks that
      employ other addresses with limited topological span.  In
      particular it will predictably fail detail in the case
   Section 3 of double network
      address translation (NAT444).

   For further analysis, see [RFC6343].  This document is intended to deprecate the
   anycast mechanism.

   Peer-to-peer usage of the 6to4 mechanism, not depending on the
   anycast mechanism, might exist in the Internet, largely unknown to
   operators.  This is harmless to third parties and the current
   document is not intended to prevent such traffic continuing.

4.  Deprecation

   This document formally deprecates the anycast 6to4 transition
   mechanism defined in [RFC3068] and the associated anycast IPv4
   address 192.88.99.1.  It is NOT RECOMMENDED to include this mechanism
   in new implementations.  It is no longer considered to be a useful
   service of last resort.

   The prefix 192.88.99.0/24 MUST NOT be reassigned for other use except
   by a future IETF standards action.

   The basic unicast 6to4 mechanism defined in [RFC3056] and the
   associated 6to4 IPv6 prefix 2002::/16 are not deprecated.  The
   default address selection rules specified in [RFC6724] are not
   modified.  However, if included in implementations, unicast 6to4 MUST
   be disabled by default.

   Implementations capable of acting as 6to4 routers MUST NOT enable
   6to4 without explicit user configuration.  In particular, enabling
   IPv6 forwarding on a device MUST NOT automatically enable 6to4.

   Current operators of an anycast 6to4 relay with the IPv4 address
   192.88.99.1 SHOULD review the information in [RFC6343] and the
   present document, and then consider carefully whether the anycast
   relay can be discontinued as traffic diminishes.  Internet service
   providers that do not operate an anycast relay but do provide their
   customers with a route to 192.88.99.1 SHOULD verify that it does in
   fact lead to an operational anycast relay, as discussed in
   Section 4.2.1 of [RFC6343].  Furthermore, Internet service providers
   and other network providers MUST NOT originate a route to
   192.88.99.1, unless they actively operate and monitor an anycast 6to4
   relay service as detailed in Section 4.2.1 of [RFC6343].

   Networks SHOULD NOT filter out packets whose source address is
   192.88.99.1, because this is normal 6to4 traffic from a 6to4 return
   relay somewhere in the Internet.

   Operators of a 6to4 return relay responding to the IPv6 prefix
   2002::/16 SHOULD review the information in [RFC6343] and the present
   document, and then consider carefully whether the return relay can be
   discontinued as traffic diminishes.  To avoid confusion, note that
   nothing in the design of 6to4 assumes or requires that return packets
   are handled by the same relay as outbound packets.  As discussed in
   Section 4.5 of RFC 6343, content providers might choose to continue
   operating a return relay for the benefit of their own residual 6to4
   clients.  Internet service providers SHOULD announce the IPv6 prefix
   2002::/16 to their own customers if and only if it leads to a
   correctly operating return relay as described in RFC 6343.  IPv6-only
   service providers, including those operating a NAT64 service
   [RFC6146], are advised that their own customers need a route to such
   a relay in case a residual 6to4 user served by a different service
   provider attempts to communicate with them.

   The guidelines in Section 4 of [RFC6343] remain valid for those who
   choose to continue operating Anycast 6to4 despite its deprecation.
   However, 6to4 Provider Managed Tunnels [RFC6732] will no longer be
   necessary.
   necessary, so they are also deprecated by this document.

   Incidental references to 6to4 should be reviewed and possibly removed
   from other IETF documents if and when they are updated.  These
   documents include RFC3162, RFC3178, RFC3790, RFC4191, RFC4213,
   RFC4389, RFC4779, RFC4852, RFC4891, RFC4903, RFC5157, RFC5245,
   RFC5375, RFC5971, RFC6071 and RFC6890.

5.  IANA Considerations

   The document creating the IANA IPv4 Special-Purpose Address Registry
   [RFC6890] included the 6to4 relay anycast prefix (192.88.99.0/24) as
   Table 10.  Instead, IANA is requested to mark the 192.88.99.0/24
   prefix originally defined by [RFC3068] as "Deprecated (6to4 Relay
   Anycast)", pointing to the present document.  Redelegation of this
   prefix for any usage requires justification via an IETF Standards
   Action [RFC5226].

6.  Security Considerations

   There are no new security considerations pertaining to this document.
   General security issues with tunnels are listed in [RFC6169] and more
   specifically to 6to4 in [RFC3964] and [RFC6324].

7.  Acknowledgements

   The authors would like to acknowledge Tore Anderson, Mark Andrews,
   Dmitry Anipko, Jack Bates, Cameron Byrne, Ben Campbell, Lorenzo
   Colitti, Gert Doering, David Farmer, Nick Hilliard, Philip Homburg,
   Ray Hunter, Joel Jaeggli, Victor Kuarsingh, Kurt Erik Lindqvist,
   Jason Livingood, Keith Moore, Tom Petch, Daniel Roesen, Mark Townsley
   and James Woodyatt for their contributions and discussions on this
   topic.

   Special thanks go to Fred Baker, Geoff Huston, and Wes George for
   their significant contributions.

   Many thanks to Gunter Van de Velde for documenting the harm caused by
   non-managed tunnels and stimulating the creation of this document.

8.  References

8.1.  Normative References

   [RFC2026]  Bradner, S., "The Internet Standards Process -- Revision
              3", BCP 9, RFC 2026, October 1996.

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119, March 1997.

   [RFC3056]  Carpenter, B. and K. Moore, "Connection of IPv6 Domains
              via IPv4 Clouds", RFC 3056, February 2001.

   [RFC3068]  Huitema, C., "An Anycast Prefix for 6to4 Relay Routers",
              RFC 3068, June 2001.

   [RFC5226]  Narten, T. and H. Alvestrand, "Guidelines for Writing an
              IANA Considerations Section in RFCs", BCP 26, RFC 5226,
              May 2008.

   [RFC6146]  Bagnulo, M., Matthews, P., and I. van Beijnum, "Stateful
              NAT64: Network Address and Protocol Translation from IPv6
              Clients to IPv4 Servers", RFC 6146, April 2011.

   [RFC6724]  Thaler, D., Draves, R., Matsumoto, A., and T. Chown,
              "Default Address Selection for Internet Protocol Version 6
              (IPv6)", RFC 6724, September 2012.

   [RFC6890]  Cotton, M., Vegoda, L., Bonica, R., and B. Haberman,
              "Special-Purpose IP Address Registries", BCP 153, RFC
              6890, April 2013.

8.2.  Informative References

   [HUSTON]   Huston, , "Flailing IPv6", December 2010,
              <http://www.potaroo.net/ispcol/2010-12/6to4fail.html>.

   [RFC1918]  Rekhter, Y., Moskowitz, R., Karrenberg, D., Groot, G., and
              E. Lear, "Address Allocation for Private Internets", BCP
              5, RFC 1918, February 1996.

   [RFC3484]  Draves, R., "Default Address Selection for Internet
              Protocol version 6 (IPv6)", RFC 3484, February 2003.

   [RFC3964]  Savola, P. and C. Patel, "Security Considerations for
              6to4", RFC 3964, December 2004.

   [RFC5969]  Townsley, W. and O. Troan, "IPv6 Rapid Deployment on IPv4
              Infrastructures (6rd) -- Protocol Specification", RFC
              5969, August 2010.

   [RFC6169]  Krishnan, S., Thaler, D., and J. Hoagland, "Security
              Concerns with IP Tunneling", RFC 6169, April 2011.

   [RFC6324]  Nakibly, G. and F. Templin, "Routing Loop Attack Using
              IPv6 Automatic Tunnels: Problem Statement and Proposed
              Mitigations", RFC 6324, August 2011.

   [RFC6343]  Carpenter, B., "Advisory Guidelines for 6to4 Deployment",
              RFC 6343, August 2011.

   [RFC6555]  Wing, D. and A. Yourtchenko, "Happy Eyeballs: Success with
              Dual-Stack Hosts", RFC 6555, April 2012.

   [RFC6732]  Kuarsingh, V., Lee, Y., and O. Vautrin, "6to4 Provider
              Managed Tunnels", RFC 6732, September 2012.

Authors' Addresses

   Ole Troan
   Cisco
   Oslo
   Norway

   Email: ot@cisco.com

   Brian Carpenter (editor)
   Department of Computer Science
   University of Auckland
   PB 92019
   Auckland  1142
   New Zealand

   Email: brian.e.carpenter@gmail.com