1. Yes.
2. Perhaps, but, it's minimal internal risk and the risk it poses to others
can be mitigated by those others installing appropriate services
on their own networks.
3. We agree here as well.
Owen
Doug,
I am aware of the drafts you cited earlier, as Mikael mentions below the
existence of the same will not result in 6to4 being turned off
automatically or immediately. This process will likely take years.I was going to let this go, but after so many responses in the same vein I feel compelled to clarify. *I personally* believe that the answer to 6to4 is to just turn it off. These things have long tails because we insist that they do, not because they have to. *However,* I am realistic enough to know that it isn't going to happen, regardless of how disappointed I may be about that.
Turnning off the servers will not reduce the brokenness of 6to4, it will increase it.
The best way to get rid of 6to4 is to deploy native IPv6.
The best way to improve 6to4 behavior until that time is to deploy more, not less 6to4 relays.
Hurricane Electric has proven this.
Comcast has proven this.
Every provider that has deployed more 6to4 relays has proven this.
Please note the goal here is not to make 6to4 great, like many others we
hope to see 6to4 use diminish over time."Hope is not a plan." Meanwhile, my main goal in posting was to make sure that to the extent that you(Comcast) intend to make changes to your 6to4 infrastructure that you take into account the current thinking about that, and I'm very pleased to hear that you have.
The best way to make 6to4 diminish has always been and still remains:
Deploy Native IPv6 Now.
That's a plan and a necessity at this point, but, execution is still somewhat lagging.
Owen
Of course, Comcast *is* deploying native IPv6; see, for example,
http://mailman.nanog.org/pipermail/nanog/2011-January/031624.html
It just takes a while -- and a non-trivial number of zorkmids -- to
do things like replacing all of the non-v6 CPE.
--Steve Bellovin, https://www.cs.columbia.edu/~smb
Depends on your definitions of "increase" and "broken." If all the relays disappeared tomorrow then the failure rate would be 100%, sure. But that would mean a single, (more or less) instant, deterministic failure that any modern OS ought to be able to handle intelligently; rather than the myriad of ways that 6to4 can half-succeed now. To me, that's a win.
Doug
Turnning off the servers will not reduce the brokenness of 6to4, it will increase it.
Depends on your definitions of "increase" and "broken." If all the relays disappeared tomorrow then the failure rate would be 100%, sure. But that would mean a single, (more or less) instant, deterministic failure that any modern OS ought to be able to handle intelligently; rather than the myriad of ways that 6to4 can half-succeed now. To me, that's a win.
Uh, no. It would, indeed, be a single deterministic failure. However, most OS are coded that if there isn't native, they'll try 6to4 if it's turned on. Many OS have it turned on by default.
As such, it would simply be a 100% failure, not one that was automatically dealt with in a
rational or useful manner. It would require manual intervention on a large number of hosts.
To me, that's not a win. That's a loss.
The success rate for 6to4 today in most environments is close to 90%. There are many environments in widespread use today (hotel networks and airports come to mind) where IPv4 does not enjoy that level of success.
Owen
The best way to make 6to4 diminish has always been and still remains:
Deploy Native IPv6 Now.
That's a plan and a necessity at this point, but, execution is still somewhat lagging.
Of course, Comcast *is* deploying native IPv6; see, for example,
http://mailman.nanog.org/pipermail/nanog/2011-January/031624.html
It just takes a while -- and a non-trivial number of zorkmids -- to
do things like replacing all of the non-v6 CPE.--Steve Bellovin, Steven M. Bellovin
Comcast was not the target of my comment... The networks saying Comcast shouldn't help the rest of the net by providing open 6to4 relays were the ones I was referring to.
I again applaud Comcast's leadership on IPv6 to the end user, even if they haven't gotten
it to me yet. 
Owen
A "little" bit older one, but bigger - took down the whole internet:
for a small value of "whole internet"
same for ripe/duke experiment gone bad
randy
They already have if you can run either 6rd or 6to4 and are a Comcast customer, even if you didn't happen to know they had. (Though they do plan to turn off the 6rd hack they were using this summer; their native trial and 6to4 work well enough to not need yet another transition mechanism).
Their kind offer is to extend availability of their 6to4 relays to others who aren't even Comcast customers...
(Says this reasonably happy participant in Comcast's IPv6 trial; my unhappiness is the state of CPE firmware, not with how well Comcast's end of things work; I plan to ditch commercial firmware on my home router for OpenWRT momentarily...)
- Jim
The best way to make 6to4 diminish has always been and still remains:
Deploy Native IPv6 Now.
That's a plan and a necessity at this point, but, execution is still somewhat lagging.
Of course, Comcast *is* deploying native IPv6; see, for example,
http://mailman.nanog.org/pipermail/nanog/2011-January/031624.html
It just takes a while -- and a non-trivial number of zorkmids -- to
do things like replacing all of the non-v6 CPE.--Steve Bellovin, Steven M. Bellovin
Comcast was not the target of my comment... The networks saying Comcast shouldn't help the rest of the net by providing open 6to4 relays were the ones I was referring to.
I again applaud Comcast's leadership on IPv6 to the end user, even if they haven't gotten
it to me yet.They already have if you can run either 6rd or 6to4 and are a Comcast customer, even if you didn't happen to know they had. (Though they do plan to turn off the 6rd hack they were using this summer; their native trial and 6to4 work well enough to not need yet another transition mechanism).
I'm already running IPv6 over 6in4 tunnels to my cool routers. 6rd is not an improvement.
I'm looking forward to the day when Comcast can deliver straight native IPv6 to me.
Their kind offer is to extend availability of their 6to4 relays to others who aren't even Comcast customers...
(Says this reasonably happy participant in Comcast's IPv6 trial; my unhappiness is the state of CPE firmware, not with how well Comcast's end of things work; I plan to ditch commercial firmware on my home router for OpenWRT momentarily...)
- Jim
lol... The commercial JunOS on my home gateway seems to be working OK.
Owen
While I can appreciate that 6to4 is far from perfect, and can create broken
situations - I will also admit to using 6to4 on more than an occasional
basis ... whether that be because:
- my aircard gets a public IPv4 address, and thus 6to4 spins up
automatically
- my Linksys CPE, out of the box, does 6to4 (SLAAC-advertising a prefix)
- thus all of my home PCs do it as well (Win*, Ubuntu, etc.)
I find 6to4 to be far superior to no IPv6 connectivity, far easier than
launching a TSP client (which I also have, just in case) ... and, in fact,
to largely "just work" for all of my machines. More relays will do nothing
but make this better, and as native IPv6 becomes available I will happily
(and automatically!) move to that instead.
/TJ ... also a happy Comcast 6RD-beta user right now, so technically I am
not using 6to4 at home *right now* (but will be using 6to4 again after June
30th, when the 6RD trial ends).