Maybe I missed it, but was there some concerted effort to remove or block
access to the 2002::/16 route on the v6 backbone in North America recently?
Connectivity to/from 6to4-only hosts seems sketchy at best. Of the US hosts
I've tried, only ISC has responded at all to a 6to4 packet -- and they're
routing 2002::/16 through WIDE in Japan from what I can tell.
From about half the US IPv6 looking glasses I've tried, the route is missing
entirely. By contrast, I can see it everywhere, typically from multiple
upstreams, in JP (no surprise there), CH, DE, and FR that I've tried so far.
I haven't been using 6to4 for almost 6 months now, but this seems like a
really alarming step backwards as far as v6 adoptability goes in dynamic
v4-pool environments. Yes, I'm aware of the security implications of 6to4
-- but if the RFC-suggested header address checks are properly performed at
the ingress 6to4 gateway, the burden of security falls on the 6to4 user
alone, which is (IMHO) an acceptable situation.
Right now we're using a 6to4 relay router in Verio's network for most traffic, although we do see other paths, so mileage may vary depending on which edge router the outbound traffic from ISC happens to exit through.
jabley@r2.sfo2> traceroute 2002::
traceroute6 to 2002:: (2002:
from 2001:4f8:4::2, 30 hops max, 12 byte packets
1 r2.r3.sfo2.isc.org (2001:4f8:0:1::6:2) 0.891 ms r2-2.r3.sfo2.isc.org (2001:4f8:0:1::f:2) 0.736 ms r2.r3.sfo2.isc.org (2001:4f8:0:1::6:2) 0.675 ms
2 r3-sfo2.r8.pao1.isc.org (2001:4f8:0:1::5:1) 1.701 ms 1.606 ms 1.517 ms
3 r8.r7.pao1.isc.org (2001:4f8:0:1::4:1) 1.505 ms r8-2.r7.pao1.isc.org (2001:4f8:0:1::3:1) 1.855 ms 1.472 ms
4 p4-2-0-2.r00.plalca01.us.bb.verio.net (2001:418:0:5000::1d) 1.737 ms 9.352 ms 1.55 ms
5 p16-0-1-0.r20.plalca01.us.bb.verio.net (2001:418:0:2000::189) 1.486 ms 1.588 ms 1.477 ms
6 ge-2-0.r02.plalca01.us.bb.verio.net (2001:418:0:2000::1fe) 1.574 ms 1.547 ms 1.537 ms
^C
jabley@r2.sfo2>
We had a local 6to4 relay running for some time in the lab, but it's not up right now. If there's general interest in a 6to4 relay in AS 3557 for public use, we could definitely look at making one available.
Joe
Hm. I traced now and I see a route similar to yours, from what appears to
be the opposite interface sides of those boxes. In any case, your routing
*is* working. However, that doesn't seem to be the case for many North
American providers.
Worse yet, I don't think anyone is volunteering a route into the global
BGP4+ table -- so all these little networks are simply on their own if their
v6 upstreams don't hand them a direct 2002::/16 route.
(ObNANOG: "Hint, hint, hint, hint, hint, hint, hint, hint, hint, hint.")
And wouldn't you know, now I can't see part of the RIPE world -- including
www.ripe.net itself -- from a 6to4 host, but a fixed tunnel host sees it
fine. This doesn't look good. <sigh>