One document matched: draft-ietf-v6ops-6to4-to-historic-05.xml
<?xml version="1.0"?>
<?xml-stylesheet type='text/xsl' href='rfc2629.xslt' ?>
<?rfc toc="no" ?>
<?rfc tocompact="yes" ?>
<?rfc compact="yes" ?>
<?rfc subcompact="yes" ?>
<?rfc symrefs="yes"?>
<?rfc sortrefs="yes" ?>
<?rfc comments="yes" ?>
<?rfc inline="yes" ?>
<!DOCTYPE rfc SYSTEM "rfc2629.dtd" [
<!ENTITY rfc2119 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.2119.xml'>
<!ENTITY rfc1918 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.1918.xml'>
<!ENTITY rfc2026 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.2026.xml'>
<!ENTITY rfc5226 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.5226.xml'>
<!ENTITY rfc3056 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.3056.xml'>
<!ENTITY rfc3068 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.3068.xml'>
<!ENTITY rfc3964 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.3964.xml'>
<!ENTITY rfc5156 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.5156.xml'>
<!ENTITY rfc5158 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.5158.xml'>
<!ENTITY rfc5735 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.5735.xml'>
<!ENTITY rfc5969 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.5969.xml'>
<!ENTITY I-D.ietf-v6ops-tunnel-security-concerns SYSTEM 'http://xml.resource.org/public/rfc/bibxml3/reference.I-D.ietf-v6ops-tunnel-security-concerns.xml'>
<!ENTITY I-D.ietf-v6ops-tunnel-loops SYSTEM 'http://xml.resource.org/public/rfc/bibxml3/reference.I-D.ietf-v6ops-tunnel-loops.xml'>
<!ENTITY I-D.ietf-6man-rfc3484-revise SYSTEM 'http://xml.resource.org/public/rfc/bibxml3/reference.I-D.ietf-6man-rfc3484-revise.xml'>
<!ENTITY I-D.ietf-v6ops-6to4-advisory SYSTEM 'http://xml.resource.org/public/rfc/bibxml3/reference.I-D.ietf-v6ops-6to4-advisory.xml'>
]>
<rfc category="info" ipr="trust200902" docName="draft-ietf-v6ops-6to4-to-historic-05.txt" obsoletes="3056, 3068">
<front>
<title abbrev="6to4 to Historic status">
Request to move Connection of IPv6 Domains via IPv4 Clouds (6to4) to
Historic status
</title>
<author initials="O" surname="Troan" fullname="Ole Troan">
<organization abbrev="">Cisco</organization>
<address>
<postal>
<street></street>
<city>Oslo</city>
<region></region>
<code></code>
<country>Norway</country>
</postal>
<email>ot@cisco.com</email>
</address>
</author>
<date year="2011" />
<area>Internet</area>
<workgroup>v6ops WG</workgroup>
<!------------------------------------------------>
<!-- SECTION 0: Abstract -->
<!------------------------------------------------>
<abstract>
<t>Experience with the "Connection of IPv6 Domains via IPv4 Clouds
(6to4)" IPv6 transitioning mechanism has shown that the mechanism is
unsuitable for widespread deployment and use in the Internet. This
document requests that RFC3056 and the companion document "An
Anycast Prefix for 6to4 Relay Routers" RFC3068 are made obsolete and
moved to historic status.</t>
</abstract>
</front>
<middle>
<!------------------------------------------------>
<!-- SECTION 1: Introduction -->
<!------------------------------------------------>
<section title="Introduction">
<t>There would appear to be no evidence of any substantial
deployment of the variant of 6to4 described in <xref
target="RFC3056"></xref>. Its extension specified in "An Anycast
Prefix for 6to4 Relay Routers" <xref target="RFC3068"></xref> has
been shown to have severe practical problems when used in the
Internet. This document requests that RFC3056 and RFC3068 be moved
to Historic status <xref target="RFC2026">as defined in section
4.2.4</xref>.</t>
<t>6to4 was designed to help transition the Internet from IPv4 to
IPv6. It has been a good mechanism for experimenting with IPv6, but
because of the high failure rates seen with 6to4 <xref
target="HUSTON"></xref>, end users may end up disabling IPv6 on
hosts, and content providers are reluctant to make content available
over IPv6.</t>
<t><xref target="I-D.ietf-v6ops-6to4-advisory"></xref> analyses the
known operational issues and describes a set of suggestions to
improve 6to4 reliability, given the widespread presence of hosts and
customer premises equipment that support it.</t>
<t>The IETF sees no evolutionary future for the mechanism and it is
not recommended to include this mechanism in new
implementations.</t>
<t>IPv6 Rapid Deployment on IPv4 Infrastructures (6rd) <xref
target="RFC5969"></xref> utilizes the same encapsulation and base
mechanism as 6to4, and could be viewed as a superset of 6to4 (6to4
could be achieved by setting the 6rd prefix to 2002::/16). However,
the deployment model is such that 6rd can avoid the problems
described here. In this sense, 6rd can be viewed as superseding 6to4
as described in section 4.2.4 of <xref target="RFC2026"></xref></t>
</section>
<!-------------------------------------------------------------------------------->
<!-- SECTION 2: REQUIREMENTS LANGUAGE --->
<!-------------------------------------------------------------------------------->
<section anchor="sec:conventions" title="Conventions">
<t>The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL
NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL"
in this document are to be interpreted as described in RFC 2119
<xref target="RFC2119"/>.</t>
</section> <!-- conventions -->
<!------------------------------------------------------------>
<!-- SECTION 3: 6to4 analysis -->
<!------------------------------------------------------------>
<section anchor="sec:proc-rules" title="6to4 operational problems">
<t>6to4 is a mechanism designed to allow isolated IPv6 islands to
reach each other using IPv6 over IPv4 automatic tunneling. To reach
the native IPv6 Internet the mechanism uses relay routers both in
the forward and reverse direction. The mechanism is supported in
many IPv6 implementations. With the increased deployment of IPv6,
the mechanism has been shown to have a number of fundamental
shortcomings.</t>
<t>6to4 depends on relays both in the forward and reverse direction
to enable connectivity with the native IPv6 Internet. A 6to4 node
will send IPv4 encapsulated IPv6 traffic to a 6to4 relay, that is
connected both to the 6to4 cloud and to native IPv6. In the reverse
direction a 2002::/16 route is injected into the native IPv6 routing
domain to attract traffic from native IPv6 nodes to a 6to4 relay
router. It is expected that traffic will use different relays in the
forward and reverse direction. RFC3068 adds an extension that allows
the use of a well known IPv4 anycast address to reach the nearest
6to4 relay in the forward direction.</t>
<t>One model of 6to4 deployment as described in section 5.2,
RFC3056, suggests that a 6to4 router should have a set of managed
connections (via BGP connections) to a set of 6to4 relay
routers. While this makes the forward path more controlled, it does
not guarantee a functional reverse path. In any case this model has
the same operational burden as manually configured tunnels and has
seen no deployment in the public Internet.</t>
<t>List of some of the known issues with 6to4:</t>
<t><list style="symbols">
<t>Use of relays. 6to4 depends on an unknown third- party to
operate the relays between the 6to4 cloud and the native IPv6
Internet.</t>
<t>The placement of the relay can lead to increased latency, and
in the case the relay is overloaded, packet loss.</t>
<t>There is generally no customer relationship between the
end-user and the relay operator, or even a way for the end-user to
know who the relay operator is, so no support is possible.</t>
<t>A 6to4 relay for the reverse path and an anycast 6to4 relay
used for the forward path, are openly accessible, limited
only by the scope of routing. 6to4 relays can be used to anonymize
traffic and inject attacks into IPv6 that are very difficult to
trace.</t>
<t>6to4 may silently discard traffic in the case where protocol
(41) is blocked in intermediate firewalls. Even if a firewall sent
an ICMP message unreachable back, an IPv4 ICMP message rarely
contains enough of the original IPv6 packet so that it can be
relayed back to the IPv6 sender. That makes this problem hard to
detect and react upon by the sender of the packet.</t>
<t>As 6to4 tunnels across the Internet, the IPv4 addresses used
must be globally reachable. RFC3056 states that a private address
<xref target="RFC1918"></xref> MUST NOT be used. 6to4 will not
work in networks that employ other addresses with limited
topological span.</t>
</list></t>
</section>
<section title="Deprecation">
<t>This document formally deprecates the 6to4 transition mechanism
and the IPv6 6to4 prefix defined in <xref target="RFC3056"></xref>,
i.e., 2002::/16. The prefix MUST NOT be reassigned for other use
except by a future IETF standards action.</t>
<t>Disabling 6to4 in the IPv6 Internet will take some time. The
initial approach is to make 6to4 a service of "last resort" in host
implementations, ensure that the 6to4 service is disabled by default
in 6to4 routers, and deploy native IPv6 services. In order to limit
the impact of end-users, it is recommended that operators retain
their existing 6to4 relay routers and follow the recommendations
found in <xref target="I-D.ietf-v6ops-6to4-advisory"></xref>. When
traffic levels diminish, these routers can be decommissioned.</t>
<t>IPv6 nodes SHOULD treat 6to4 as a service of "last resort" as
recommended in <xref
target="I-D.ietf-6man-rfc3484-revise"></xref></t>
<t>Implementations capable of acting as 6to4 routers SHOULD NOT
enable 6to4 without explicit user configuration. In particular,
enabling IPv6 forwarding on a device, SHOULD NOT automatically
enable 6to4.</t>
<t>Existing implementations and deployments MAY continue to use 6to4.</t>
<t>The references to 6to4 should be removed as soon as practical
from the revision of the Special-Use IPv6 Addresses <xref
target="RFC5156"></xref>.</t>
<t>The references to the 6to4 relay anycast addresses
(192.88.99.0/24) should be removed as soon as practical from the
revision of the Special Use IPv4 addresses <xref
target="RFC5735"></xref>.</t>
<t>Incidental references to 6to4 should be removed from other IETF
documents if and when they are updated. These documents include
RFC3162, RFC3178, RFC3790, RFC4191, RFC4213, RFC4389, RFC4779,
RFC4852, RFC4891, RFC4903, RFC5157, RFC5245, RFC5375, RFC5971, and
RFC6071.</t>
</section>
<!------------------------------------------------>
<!-- SECTION 4: IANA Considerations -->
<!------------------------------------------------>
<section title="IANA Considerations">
<t>IANA is requested to mark the 2002::/16 prefix as "deprecated",
pointing to this document. Reassignment of the prefix for any usage
requires justification via an IETF Standards Action <xref
target="RFC5226"></xref>.</t>
<t>The delegation of the 2.0.0.2.ip6.arpa domain <xref
target="RFC5158"></xref> should be left in place. Redelegation of
the domain for any usage requires justification via an IETF
Standards Action <xref target="RFC5226"></xref>.</t>
<t>IANA is requested to mark the 192.88.99.0/24 prefix <xref
target="RFC3068"></xref> as "deprecated", pointing to this
document. Redelegation of the domain for any usage requires
justification via an IETF Standards Action <xref
target="RFC5226"></xref>.</t>
</section>
<!------------------------------------------------>
<!-- SECTION 5: Security Considerations -->
<!------------------------------------------------>
<section title="Security Considerations">
<t>There are no new security considerations pertaining to this
document. General security issues with tunnels are listed in <xref
target="I-D.ietf-v6ops-tunnel-security-concerns"></xref> and more
specifically to 6to4 in <xref target="RFC3964"></xref> and <xref
target="I-D.ietf-v6ops-tunnel-loops"></xref>.</t>
</section>
<!------------------------------------------------>
<!-- SECTION 6: Acknowledgements -->
<!------------------------------------------------>
<section title="Acknowledgements">
<t>The authors would like to acknowledge Tore Anderson, Dmitry
Anipko, Jack Bates, Cameron Byrne, Ben Campbell, Gert Doering, Ray
Hunter, Joel Jaeggli, Kurt Erik Lindqvist, Jason Livingood, Keith
Moore, Tom Petch, Daniel Roesen and Mark Townsley, James Woodyatt,
for their contributions and discussions on this topic.</t>
<t>Special thanks go to Fred Baker, Geoff Huston, Brian Carpenter,
and Wes George for their significant contributions.</t>
<t>Many thanks to Gunter Van de Velde for documenting the harm
caused by non-managed tunnels and to stimulate the creation of this
document.</t>
</section>
</middle>
<back>
<!------------------------------------------------>
<!-- SECTION 8.1: Normative References -->
<!------------------------------------------------>
<references title="Normative References">
&rfc2119;
&rfc2026;
&rfc3056;
&rfc3068;
&rfc5156;
&rfc5226;
&rfc5735;
</references>
<references title="Informative References">
&rfc1918;
&rfc3964;
&rfc5158;
&rfc5969;
&I-D.ietf-v6ops-6to4-advisory;
&I-D.ietf-6man-rfc3484-revise;
&I-D.ietf-v6ops-tunnel-security-concerns;
&I-D.ietf-v6ops-tunnel-loops;
<reference anchor="HUSTON" target="http://www.potaroo.net/ispcol/2010-12/6to4fail.html">
<front>
<title>Flailing IPv6</title>
<author fullname="Geoff Huston" surname="Huston">
<organization></organization>
</author>
<date month="December" year="2010" />
</front>
</reference>
</references>
<!------------------------------------------------>
<!-- SECTION 8.2: Informative References -->
<!------------------------------------------------>
</back>
</rfc>
| PAFTECH AB 2003-2026 | 2026-04-24 01:57:24 |