draft-ietf-v6ops-6to4-to-historic-11.txt   rfc7526.txt 
v6ops WG O. Troan Internet Engineering Task Force (IETF) O. Troan
Internet-Draft Cisco Request for Comments: 7526 Cisco
Obsoletes: 3068, 6732 (if approved) B. Carpenter, Ed. BCP: 196 B. Carpenter, Ed.
Intended status: Best Current Practice Univ. of Auckland Obsoletes: 3068, 6732 Univ. of Auckland
Expires: August 1, 2015 January 28, 2015 Category: Best Current Practice May 2015
ISSN: 2070-1721
Deprecating Anycast Prefix for 6to4 Relay Routers Deprecating the Anycast Prefix for 6to4 Relay Routers
draft-ietf-v6ops-6to4-to-historic-11.txt
Abstract Abstract
Experience with the "Connection of IPv6 Domains via IPv4 Clouds Experience with the 6to4 transition mechanism defined in RFC 3056
(6to4)" IPv6 transition mechanism defined in RFC 3056 has shown that ("Connection of IPv6 Domains via IPv4 Clouds") has shown that the
when used in its anycast mode, the mechanism is unsuitable for mechanism is unsuitable for widespread deployment and use in the
widespread deployment and use in the Internet. This document Internet when used in its anycast mode. Therefore, this document
therefore requests that RFC 3068, "An Anycast Prefix for 6to4 Relay requests that RFC 3068 ("An Anycast Prefix for 6to4 Relay Routers")
Routers", be made obsolete and moved to historic status. It also and RFC 6732 ("6to4 Provider Managed Tunnels") be made obsolete and
obsoletes RFC 6732 "6to4 Provider Managed Tunnels". It recommends moved to Historic status. It recommends that future products should
that future products should not support 6to4 anycast and that not support 6to4 anycast and that existing deployments should be
existing deployments should be reviewed. This complements the reviewed. This complements the guidelines in RFC 6343.
guidelines in RFC 6343.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This memo documents an Internet Best Current Practice.
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months This document is a product of the Internet Engineering Task Force
and may be updated, replaced, or obsoleted by other documents at any (IETF). It represents the consensus of the IETF community. It has
time. It is inappropriate to use Internet-Drafts as reference received public review and has been approved for publication by the
material or to cite them other than as "work in progress." Internet Engineering Steering Group (IESG). Further information on
BCPs is available in Section 2 of RFC 5741.
This Internet-Draft will expire on August 1, 2015. Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
http://www.rfc-editor.org/info/rfc7526.
Copyright Notice Copyright Notice
Copyright (c) 2015 IETF Trust and the persons identified as the Copyright (c) 2015 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1. Related Work . . . . . . . . . . . . . . . . . . . . . . 3 1.1. Related Work . . . . . . . . . . . . . . . . . . . . . . 3
2. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 4
3. 6to4 operational problems . . . . . . . . . . . . . . . . . . 3 3. 6to4 Operational Problems . . . . . . . . . . . . . . . . . . 4
4. Deprecation . . . . . . . . . . . . . . . . . . . . . . . . . 4 4. Deprecation . . . . . . . . . . . . . . . . . . . . . . . . . 5
5. Implementation Recommendations . . . . . . . . . . . . . . . 5 5. Implementation Recommendations . . . . . . . . . . . . . . . 5
6. Operational Recommendations . . . . . . . . . . . . . . . . . 5 6. Operational Recommendations . . . . . . . . . . . . . . . . . 6
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7
8. Security Considerations . . . . . . . . . . . . . . . . . . . 6 8. Security Considerations . . . . . . . . . . . . . . . . . . . 7
9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 6 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 7
10. References . . . . . . . . . . . . . . . . . . . . . . . . . 7 9.1. Normative References . . . . . . . . . . . . . . . . . . 7
10.1. Normative References . . . . . . . . . . . . . . . . . . 7 9.2. Informative References . . . . . . . . . . . . . . . . . 8
10.2. Informative References . . . . . . . . . . . . . . . . . 8 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 9
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 8 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 10
1. Introduction 1. Introduction
The original form of the 6to4 transition mechanism [RFC3056] relies The original form of the 6to4 transition mechanism [RFC3056] relies
on unicast addressing. However, its extension specified in "An on unicast addressing. However, its extension specified in "An
Anycast Prefix for 6to4 Relay Routers" [RFC3068] has been shown to Anycast Prefix for 6to4 Relay Routers" [RFC3068] has been shown to
have severe practical problems when used in the Internet. This have severe practical problems when used in the Internet. This
document requests that RFC 3068 and RFC 6732 be moved to Historic document requests that RFCs 3068 and 6732 be moved to Historic
status as defined in section 4.2.4 of [RFC2026]. It complements the status, as defined in Section 4.2.4 of [RFC2026]. It complements the
deployment guidelines in [RFC6343]. deployment guidelines in [RFC6343].
6to4 was designed to help transition the Internet from IPv4 to IPv6. 6to4 was designed to help transition the Internet from IPv4 to IPv6.
It has been a good mechanism for experimenting with IPv6, but because It has been a good mechanism for experimenting with IPv6, but because
of the high failure rates seen with anycast 6to4 [HUSTON], end users of the high failure rates seen with anycast 6to4 [HUSTON], end users
may end up disabling IPv6 on hosts as a result, and in the past some may end up disabling IPv6 on hosts; this has resulted in some content
content providers were reluctant to make content available over IPv6 providers being reluctant to make content available over IPv6 in the
for this reason. past.
[RFC6343] analyses the known operational issues in detail and [RFC6343] analyzes the known operational issues in detail and
describes a set of suggestions to improve 6to4 reliability, given the describes a set of suggestions to improve 6to4 reliability, given the
widespread presence of hosts and customer premises equipment that widespread presence of hosts and customer premises equipment that
support it. The advice to disable 6to4 by default has been widely support it. The advice to disable 6to4 by default has been widely
adopted in recent operating systems, and the failure modes have been adopted in recent operating systems, and the failure modes have been
widely hidden from users by many browsers adopting the "Happy widely hidden from users by many browsers adopting the "Happy
Eyeballs" approach [RFC6555]. Eyeballs" approach [RFC6555].
Nevertheless, a measurable amount of 6to4 traffic is still observed Nevertheless, a measurable amount of 6to4 traffic is still observed
by IPv6 content providers. The remaining successful users of anycast by IPv6 content providers. The remaining successful users of anycast
6to4 are likely to be on hosts using the obsolete policy table 6to4 are likely to be on hosts using the obsolete policy table
[RFC3484], which prefers 6to4 above IPv4, and running without Happy [RFC3484] (which prefers 6to4 above IPv4) and running without Happy
Eyeballs. Furthermore, they must have a route to an operational Eyeballs. Furthermore, they must have a route to an operational
anycast relay and they must be accessing an IPv6 host that has a anycast relay and they must be accessing an IPv6 host that has a
route to an operational return relay. route to an operational return relay.
However, experience shows that operational failures caused by anycast However, experience shows that operational failures caused by anycast
6to4 have continued, despite the advice in RFC 6343 being available. 6to4 have continued despite the advice in RFC 6343 being available.
1.1. Related Work 1.1. Related Work
IPv6 Rapid Deployment on IPv4 Infrastructures (6rd) [RFC5969] "IPv6 Rapid Deployment on IPv4 Infrastructures (6rd) -- Protocol
explicitly builds on the 6to4 mechanism, using a service provider Specification" [RFC5969] explicitly builds on the 6to4 mechanism,
prefix instead of 2002::/16. However, the deployment model is based using a service provider prefix instead of 2002::/16. However, the
on service provider support, such that 6rd avoids the problems deployment model is based on service provider support such that 6rd
observed with anycast 6to4. avoids the problems observed with anycast 6to4.
The framework for 6to4 Provider Managed Tunnels [RFC6732] is intended The framework for "6to4 Provider Managed Tunnels" [RFC6732] is
to help a service provider manage 6to4 anycast tunnels. This intended to help a service provider manage 6to4 anycast tunnels.
framework only exists because of the problems observed with anycast This framework only exists because of the problems observed with
6to4. anycast 6to4.
2. Conventions 2. Conventions
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in RFC "OPTIONAL" in this document are to be interpreted as described in RFC
2119 [RFC2119]. 2119 [RFC2119].
The word "deprecate" and its derivatives are used only in their In this document, the word "deprecate" and its derivatives are used
generic sense of "criticize or express disapproval" and do not have only in their generic sense of "criticize or express disapproval" and
any specific normative meaning. A deprecated function might exist in do not have any specific normative meaning. A deprecated function
the Internet for many years to allow backwards compatibility. might exist in the Internet for many years to allow backwards
compatibility.
3. 6to4 operational problems 3. 6to4 Operational Problems
6to4 is a mechanism designed to allow isolated IPv6 islands to reach 6to4 is a mechanism designed to allow isolated IPv6 islands to reach
each other using IPv6 over IPv4 automatic tunneling. To reach the each other using IPv6-over-IPv4 automatic tunneling. To reach the
native IPv6 Internet the mechanism uses relay routers both in the native IPv6 Internet, the mechanism uses relay routers in both the
forward and reverse direction. The mechanism is supported in many forward and reverse direction. The mechanism is supported in many
IPv6 implementations. With the increased deployment of IPv6, the IPv6 implementations. With the increased deployment of IPv6, the
mechanism has been shown to have a number of shortcomings. mechanism has been shown to have a number of shortcomings.
In the forward direction a 6to4 node will send IPv4 encapsulated IPv6 In the forward direction, a 6to4 node will send IPv4-encapsulated
traffic to a 6to4 relay, that is connected both to the 6to4 cloud and IPv6 traffic to a 6to4 relay that is connected to both the 6to4 cloud
to native IPv6. In the reverse direction a 2002::/16 route is and native IPv6. In the reverse direction, a 2002::/16 route is
injected into the native IPv6 routing domain to attract traffic from injected into the native IPv6 routing domain to attract traffic from
native IPv6 nodes to a 6to4 relay router. It is expected that native IPv6 nodes to a 6to4 relay router. It is expected that
traffic will use different relays in the forward and reverse traffic will use different relays in the forward and reverse
direction. direction.
One model of 6to4 deployment, described in section 5.2 of RFC 3056, One model of 6to4 deployment, described in Section 5.2 of RFC 3056,
suggests that a 6to4 router should have a set of managed connections suggests that a 6to4 router should have a set of managed connections
(via BGP connections) to a set of 6to4 relay routers. While this (via BGP connections) to a set of 6to4 relay routers. While this
makes the forward path more controlled, it does not guarantee a makes the forward path more controlled, it does not guarantee a
functional reverse path. In any case this model has the same functional reverse path. In any case, this model has the same
operational burden as manually configured tunnels and has seen no operational burden as manually configured tunnels and has seen no
deployment in the public Internet. deployment in the public Internet.
RFC 3068 adds an extension that allows the use of a well known IPv4 RFC 3068 adds an extension that allows the use of a well-known IPv4
anycast address to reach the nearest 6to4 relay in the forward anycast address to reach the nearest 6to4 relay in the forward
direction. However, this anycast mechanism has a number of direction. However, this anycast mechanism has a number of
operational issues and problems, which are described in detail in operational issues and problems, which are described in detail in
Section 3 of [RFC6343]. This document is intended to deprecate the Section 3 of [RFC6343]. This document is intended to deprecate the
anycast mechanism. anycast mechanism.
Peer-to-peer usage of the 6to4 mechanism exists in the Internet, Peer-to-peer usage of the 6to4 mechanism exists in the Internet,
likely unknown to many operators. This usage is harmless to third likely unknown to many operators. This usage is harmless to third
parties and is not dependent on the anycast 6to4 mechanism that this parties and is not dependent on the anycast 6to4 mechanism that this
document deprecates. document deprecates.
4. Deprecation 4. Deprecation
This document formally deprecates the anycast 6to4 transition This document formally deprecates the anycast 6to4 transition
mechanism defined in [RFC3068] and the associated anycast IPv4 mechanism defined in [RFC3068] and the associated anycast IPv4
address 192.88.99.1. It is no longer considered to be a useful address 192.88.99.1. It is no longer considered to be a useful
service of last resort. service of last resort.
The prefix 192.88.99.0/24 MUST NOT be reassigned for other use except The prefix 192.88.99.0/24 MUST NOT be reassigned for other use except
by a future IETF standards action. by a future IETF Standards Action.
The basic unicast 6to4 mechanism defined in [RFC3056] and the The basic unicast 6to4 mechanism defined in [RFC3056] and the
associated 6to4 IPv6 prefix 2002::/16 are not deprecated. The associated 6to4 IPv6 prefix 2002::/16 are not deprecated. The
default address selection rules specified in [RFC6724] are not default address selection rules specified in [RFC6724] are not
modified. modified.
In the absence of 6to4 anycast, 6to4 Provider Managed Tunnels In the absence of 6to4 anycast, "6to4 Provider Managed Tunnels"
[RFC6732] will no longer be necessary, so they are also deprecated by [RFC6732] will no longer be necessary, so they are also deprecated by
this document. this document.
Incidental references to 6to4 should be reviewed and possibly removed Incidental references to 6to4 should be reviewed and possibly removed
from other IETF documents if and when they are updated. These from other IETF documents if and when they are updated. These
documents include RFC3162, RFC3178, RFC3790, RFC4191, RFC4213, documents include RFC 3162, RFC 3178, RFC 3790, RFC 4191, RFC 4213,
RFC4389, RFC4779, RFC4852, RFC4891, RFC4903, RFC5157, RFC5245, RFC 4389, RFC 4779, RFC 4852, RFC 4891, RFC 4903, RFC 5157, RFC 5245,
RFC5375, RFC5971, RFC6071 and RFC6890. RFC 5375, RFC 5971, RFC 6071, and RFC 6890.
5. Implementation Recommendations 5. Implementation Recommendations
It is NOT RECOMMENDED to include the anycast 6to4 transition It is NOT RECOMMENDED to include the anycast 6to4 transition
mechanism in new implementations. If included in any mechanism in new implementations. If included in any
implementations, the anycast 6to4 mechanism MUST be disabled by implementations, the anycast 6to4 mechanism MUST be disabled by
default. default.
In host implementations, unicast 6to4 MUST also be disabled by In host implementations, unicast 6to4 MUST also be disabled by
default. All hosts using 6to4 MUST support the IPv6 address default. All hosts using 6to4 MUST support the IPv6-address-
selection policy described in [RFC6724]. selection policy described in [RFC6724].
In router implementations, 6to4 MUST be disabled by default. In In router implementations, 6to4 MUST be disabled by default. In
particular, enabling IPv6 forwarding on a device MUST NOT particular, enabling IPv6 forwarding on a device MUST NOT
automatically enable 6to4. automatically enable 6to4.
6. Operational Recommendations 6. Operational Recommendations
This document does not imply a recommendation for the generalized This document does not imply a recommendation for the generalized
filtering of traffic or routes for 6to4 or even anycast 6to4. It filtering of traffic or routes for 6to4 or even anycast 6to4. It
simply recommends against further deployment of the anycast 6to4 simply recommends against further deployment of the anycast 6to4
mechanism, calls for current 6to4 deployments to evaluate the mechanism, calls for current 6to4 deployments to evaluate the
efficacy of continued use of the anycast 6to4 mechanism, and makes efficacy of continued use of the anycast 6to4 mechanism, and makes
recommendations intended to prevent any use of 6to4 from hampering recommendations intended to prevent any use of 6to4 from hampering
broader deployment and use of native IPv6 on the Internet as a whole. broader deployment and use of native IPv6 on the Internet as a whole.
Networks SHOULD NOT filter out packets whose source address is Networks SHOULD NOT filter out packets whose source address is
192.88.99.1, because this is normal 6to4 traffic from a 6to4 return 192.88.99.1, because this is normal 6to4 traffic from a 6to4 return
relay somewhere in the Internet. This includes ensuring that traffic relay somewhere in the Internet. This includes ensuring that traffic
from a local 6to4 return relay with a source address of 192.88.99.1 from a local 6to4 return relay with a source address of 192.88.99.1
is allowed through anti-spoofing filters such as those described in is allowed through anti-spoofing filters (such as those described in
[RFC2827] and [RFC3704] or through Unicast Reverse-Path-Forwarding [RFC2827] and [RFC3704]) or through Unicast Reverse Path Forwarding
(uRPF) checks [RFC5635]. (uRPF) checks [RFC5635].
The guidelines in Section 4 of [RFC6343] remain valid for those who The guidelines in Section 4 of [RFC6343] remain valid for those who
choose to continue operating Anycast 6to4 despite its deprecation. choose to continue operating anycast 6to4 despite its deprecation.
Current operators of an anycast 6to4 relay with the IPv4 address Current operators of an anycast 6to4 relay with the IPv4 address
192.88.99.1 SHOULD review the information in [RFC6343] and the 192.88.99.1 SHOULD review the information in [RFC6343] and the
present document, and then consider carefully whether the anycast present document, and then consider carefully whether the anycast
relay can be discontinued as traffic diminishes. Internet service relay can be discontinued as traffic diminishes. Internet service
providers that do not operate an anycast relay but do provide their providers that do not operate an anycast relay but do provide their
customers with a route to 192.88.99.1 SHOULD verify that it does in customers with a route to 192.88.99.1 SHOULD verify that it does in
fact lead to an operational anycast relay, as discussed in fact lead to an operational anycast relay, as discussed in
Section 4.2.1 of [RFC6343]. Furthermore, Internet service providers Section 4.2.1 of [RFC6343]. Furthermore, Internet service providers
and other network providers MUST NOT originate a route to and other network providers MUST NOT originate a route to
skipping to change at page 6, line 23 skipping to change at page 7, line 5
Section 4.5 of RFC 6343, content providers might choose to continue Section 4.5 of RFC 6343, content providers might choose to continue
operating a return relay for the benefit of their own residual 6to4 operating a return relay for the benefit of their own residual 6to4
clients. Internet service providers SHOULD announce the IPv6 prefix clients. Internet service providers SHOULD announce the IPv6 prefix
2002::/16 to their own customers if and only if it leads to a 2002::/16 to their own customers if and only if it leads to a
correctly operating return relay as described in RFC 6343. IPv6-only correctly operating return relay as described in RFC 6343. IPv6-only
service providers, including those operating a NAT64 service service providers, including those operating a NAT64 service
[RFC6146], are advised that their own customers need a route to such [RFC6146], are advised that their own customers need a route to such
a relay in case a residual 6to4 user served by a different service a relay in case a residual 6to4 user served by a different service
provider attempts to communicate with them. provider attempts to communicate with them.
Operators of 6to4 Provider Managed Tunnels [RFC6732] SHOULD carefully Operators of "6to4 Provider Managed Tunnels" [RFC6732] SHOULD
consider when this service can be discontinued as traffic diminishes. carefully consider when this service can be discontinued as traffic
diminishes.
7. IANA Considerations 7. IANA Considerations
The document creating the IANA IPv4 Special-Purpose Address Registry The document creating the "IANA IPv4 Special-Purpose Address
[RFC6890] included the 6to4 relay anycast prefix (192.88.99.0/24) as Registry" [RFC6890] included the 6to4 Relay Anycast prefix
Table 10. Instead, IANA is requested to mark the 192.88.99.0/24 (192.88.99.0/24) as Table 10. Per this document, IANA has marked the
prefix originally defined by [RFC3068] as "Deprecated (6to4 Relay 192.88.99.0/24 prefix (originally defined by [RFC3068]) as
Anycast)", pointing to the present document. Redelegation of this "Deprecated (6to4 Relay Anycast)" and added a reference to this RFC.
prefix for any usage requires justification via an IETF Standards The Boolean values for the address block 192.88.99.0/24 have been
Action [RFC5226]. removed. Redelegation of this prefix for any use requires
justification via an IETF Standards Action [RFC5226].
8. Security Considerations 8. Security Considerations
There are no new security considerations pertaining to this document. There are no new security considerations pertaining to this document.
General security issues with tunnels are listed in [RFC6169] and more General security issues with tunnels are listed in [RFC6169] and more
specifically to 6to4 in [RFC3964] and [RFC6324]. specifically to 6to4 in [RFC3964] and [RFC6324].
9. Acknowledgements 9. References
The authors would like to acknowledge Tore Anderson, Mark Andrews,
Dmitry Anipko, Jack Bates, Cameron Byrne, Ben Campbell, Lorenzo
Colitti, Gert Doering, Nick Hilliard, Philip Homburg, Ray Hunter,
Joel Jaeggli, Victor Kuarsingh, Kurt Erik Lindqvist, Jason Livingood,
Jeroen Massar, Keith Moore, Tom Petch, Daniel Roesen, Mark Townsley
and James Woodyatt for their contributions and discussions on this
topic.
Special thanks go to Fred Baker, David Farmer, Wes George, and Geoff
Huston for their significant contributions.
Many thanks to Gunter Van de Velde for documenting the harm caused by
non-managed tunnels and stimulating the creation of this document.
10. References
10.1. Normative References 9.1. Normative References
[RFC2026] Bradner, S., "The Internet Standards Process -- Revision [RFC2026] Bradner, S., "The Internet Standards Process -- Revision
3", BCP 9, RFC 2026, October 1996. 3", BCP 9, RFC 2026, DOI 10.17487/RFC2026, October 1996,
<http://www.rfc-editor.org/info/rfc2026>.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<http://www.rfc-editor.org/info/rfc2119>.
[RFC2827] Ferguson, P. and D. Senie, "Network Ingress Filtering: [RFC2827] Ferguson, P. and D. Senie, "Network Ingress Filtering:
Defeating Denial of Service Attacks which employ IP Source Defeating Denial of Service Attacks which employ IP Source
Address Spoofing", BCP 38, RFC 2827, May 2000. Address Spoofing", BCP 38, RFC 2827, DOI 10.17487/RFC2827,
May 2000, <http://www.rfc-editor.org/info/rfc2827>.
[RFC3056] Carpenter, B. and K. Moore, "Connection of IPv6 Domains [RFC3056] Carpenter, B. and K. Moore, "Connection of IPv6 Domains
via IPv4 Clouds", RFC 3056, February 2001. via IPv4 Clouds", RFC 3056, DOI 10.17487/RFC3056, February
2001, <http://www.rfc-editor.org/info/rfc3056>.
[RFC3068] Huitema, C., "An Anycast Prefix for 6to4 Relay Routers", [RFC3068] Huitema, C., "An Anycast Prefix for 6to4 Relay Routers",
RFC 3068, June 2001. RFC 3068, DOI 10.17487/RFC3068, June 2001,
<http://www.rfc-editor.org/info/rfc3068>.
[RFC3704] Baker, F. and P. Savola, "Ingress Filtering for Multihomed [RFC3704] Baker, F. and P. Savola, "Ingress Filtering for Multihomed
Networks", BCP 84, RFC 3704, March 2004. Networks", BCP 84, RFC 3704, DOI 10.17487/RFC3704, March
2004, <http://www.rfc-editor.org/info/rfc3704>.
[RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an
IANA Considerations Section in RFCs", BCP 26, RFC 5226, IANA Considerations Section in RFCs", BCP 26, RFC 5226,
May 2008. DOI 10.17487/RFC5226, May 2008,
<http://www.rfc-editor.org/info/rfc5226>.
[RFC6146] Bagnulo, M., Matthews, P., and I. van Beijnum, "Stateful [RFC6146] Bagnulo, M., Matthews, P., and I. van Beijnum, "Stateful
NAT64: Network Address and Protocol Translation from IPv6 NAT64: Network Address and Protocol Translation from IPv6
Clients to IPv4 Servers", RFC 6146, April 2011. Clients to IPv4 Servers", RFC 6146, DOI 10.17487/RFC6146,
April 2011, <http://www.rfc-editor.org/info/rfc6146>.
[RFC6724] Thaler, D., Draves, R., Matsumoto, A., and T. Chown, [RFC6724] Thaler, D., Ed., Draves, R., Matsumoto, A., and T. Chown,
"Default Address Selection for Internet Protocol Version 6 "Default Address Selection for Internet Protocol Version 6
(IPv6)", RFC 6724, September 2012. (IPv6)", RFC 6724, DOI 10.17487/RFC6724, September 2012,
<http://www.rfc-editor.org/info/rfc6724>.
[RFC6890] Cotton, M., Vegoda, L., Bonica, R., and B. Haberman, [RFC6890] Cotton, M., Vegoda, L., Bonica, R., Ed., and B. Haberman,
"Special-Purpose IP Address Registries", BCP 153, RFC "Special-Purpose IP Address Registries", BCP 153,
6890, April 2013. RFC 6890, DOI 10.17487/RFC6890, April 2013,
<http://www.rfc-editor.org/info/rfc6890>.
10.2. Informative References 9.2. Informative References
[HUSTON] Huston, , "Flailing IPv6", December 2010, [HUSTON] Huston, G., "Flailing IPv6", The ISP Column, December
2010,
<http://www.potaroo.net/ispcol/2010-12/6to4fail.html>. <http://www.potaroo.net/ispcol/2010-12/6to4fail.html>.
[RFC3484] Draves, R., "Default Address Selection for Internet [RFC3484] Draves, R., "Default Address Selection for Internet
Protocol version 6 (IPv6)", RFC 3484, February 2003. Protocol version 6 (IPv6)", RFC 3484,
DOI 10.17487/RFC3484, February 2003,
<http://www.rfc-editor.org/info/rfc3484>.
[RFC3964] Savola, P. and C. Patel, "Security Considerations for [RFC3964] Savola, P. and C. Patel, "Security Considerations for
6to4", RFC 3964, December 2004. 6to4", RFC 3964, DOI 10.17487/RFC3964, December 2004,
<http://www.rfc-editor.org/info/rfc3964>.
[RFC5635] Kumari, W. and D. McPherson, "Remote Triggered Black Hole [RFC5635] Kumari, W. and D. McPherson, "Remote Triggered Black Hole
Filtering with Unicast Reverse Path Forwarding (uRPF)", Filtering with Unicast Reverse Path Forwarding (uRPF)",
RFC 5635, August 2009. RFC 5635, DOI 10.17487/RFC5635, August 2009,
<http://www.rfc-editor.org/info/rfc5635>.
[RFC5969] Townsley, W. and O. Troan, "IPv6 Rapid Deployment on IPv4 [RFC5969] Townsley, W. and O. Troan, "IPv6 Rapid Deployment on IPv4
Infrastructures (6rd) -- Protocol Specification", RFC Infrastructures (6rd) -- Protocol Specification",
5969, August 2010. RFC 5969, DOI 10.17487/RFC5969, August 2010,
<http://www.rfc-editor.org/info/rfc5969>.
[RFC6169] Krishnan, S., Thaler, D., and J. Hoagland, "Security [RFC6169] Krishnan, S., Thaler, D., and J. Hoagland, "Security
Concerns with IP Tunneling", RFC 6169, April 2011. Concerns with IP Tunneling", RFC 6169,
DOI 10.17487/RFC6169, April 2011,
<http://www.rfc-editor.org/info/rfc6169>.
[RFC6324] Nakibly, G. and F. Templin, "Routing Loop Attack Using [RFC6324] Nakibly, G. and F. Templin, "Routing Loop Attack Using
IPv6 Automatic Tunnels: Problem Statement and Proposed IPv6 Automatic Tunnels: Problem Statement and Proposed
Mitigations", RFC 6324, August 2011. Mitigations", RFC 6324, DOI 10.17487/RFC6324, August 2011,
<http://www.rfc-editor.org/info/rfc6324>.
[RFC6343] Carpenter, B., "Advisory Guidelines for 6to4 Deployment", [RFC6343] Carpenter, B., "Advisory Guidelines for 6to4 Deployment",
RFC 6343, August 2011. RFC 6343, DOI 10.17487/RFC6343, August 2011,
<http://www.rfc-editor.org/info/rfc6343>.
[RFC6555] Wing, D. and A. Yourtchenko, "Happy Eyeballs: Success with [RFC6555] Wing, D. and A. Yourtchenko, "Happy Eyeballs: Success with
Dual-Stack Hosts", RFC 6555, April 2012. Dual-Stack Hosts", RFC 6555, DOI 10.17487/RFC6555, April
2012, <http://www.rfc-editor.org/info/rfc6555>.
[RFC6732] Kuarsingh, V., Lee, Y., and O. Vautrin, "6to4 Provider [RFC6732] Kuarsingh, V., Ed., Lee, Y., and O. Vautrin, "6to4
Managed Tunnels", RFC 6732, September 2012. Provider Managed Tunnels", RFC 6732, DOI 10.17487/RFC6732,
September 2012, <http://www.rfc-editor.org/info/rfc6732>.
Acknowledgements
The authors would like to acknowledge Tore Anderson, Mark Andrews,
Dmitry Anipko, Jack Bates, Cameron Byrne, Ben Campbell, Lorenzo
Colitti, Gert Doering, Nick Hilliard, Philip Homburg, Ray Hunter,
Joel Jaeggli, Victor Kuarsingh, Kurt Erik Lindqvist, Jason Livingood,
Jeroen Massar, Keith Moore, Tom Petch, Daniel Roesen, Mark Townsley,
and James Woodyatt for their contributions and discussions on this
topic.
Special thanks go to Fred Baker, David Farmer, Wes George, and Geoff
Huston for their significant contributions.
Many thanks to Gunter Van de Velde for documenting the harm caused by
non-managed tunnels and stimulating the creation of this document.
Authors' Addresses Authors' Addresses
Ole Troan Ole Troan
Cisco Cisco
Oslo Oslo
Norway Norway
Email: ot@cisco.com EMail: ot@cisco.com
Brian Carpenter (editor) Brian Carpenter (editor)
Department of Computer Science Department of Computer Science
University of Auckland University of Auckland
PB 92019 PB 92019
Auckland 1142 Auckland 1142
New Zealand New Zealand
Email: brian.e.carpenter@gmail.com EMail: brian.e.carpenter@gmail.com
 End of changes. 57 change blocks. 
134 lines changed or deleted 157 lines changed or added

This html diff was produced by rfcdiff 1.42. The latest version is available from http://tools.ietf.org/tools/rfcdiff/