[122503] in North American Network Operators' Group
Re: Denic (.de) blocking 6to4 nameservers (since begin feb 2010)
daemon@ATHENA.MIT.EDU (Nathan Ward)
Mon Feb 15 17:32:58 2010
From: Nathan Ward <nanog@daork.net>
In-Reply-To: <EMEW3|3de23ee44b7e4fdf946fc274cbb5378dm1EG3Y03tjc|login.ecs.soton.ac.uk|20100215160326.GE20660@login.ecs.soton.ac.uk>
Date: Tue, 16 Feb 2010 11:31:45 +1300
To: nanOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 16/02/2010, at 5:03 AM, Tim Chown wrote:
> On Fri, Feb 12, 2010 at 08:16:56AM +1100, Mark Andrews wrote:
>>=20
>> If you can't get native IPv6 then use a tunneled service like
>> Hurricane Electric's (HE.NET). It is qualitatively better than
>> 6to4 as it doesn't require random nodes on the net to be performing
>> translation services for you which you can't track down the
>> administrators of. You can get /48's from HE.
>=20
> Our external IPv6 web accesses are still very low, but have grown
> linearly over the last five years from 0.1% in 2005/06 to 0.5% of
> total web traffic now. Internally of course our figures are higher.
>=20
> Of that IPv6 traffic, 1% comes from 2002::/16 prefixes. Even less
> from Teredo prefixes. I guess we could run stats against known TB
> prefixes to determine who is using those. =20
You are very unlikely to get traffic from Teredo, because:
1) Windows only asks for AAAA if it has non-Teredo IPv6 connectivity
2) When Windows has non-Teredo IPv6 connectivity and so can ask for =
AAAA, preference for reaching your web content is going to be non-Teredo =
IPv6 -> IPv4 -> Teredo, due to the prefix policy table, unless you have =
an AAAA in 2001::/32 (Teredo space), in which case it will prefer IPv4 =
-> Teredo.
=0D=0D
With 6to4, Windows hosts will ask for AAAA, and will prefer non-6to4 =
IPv6 over 6to4 over IPv4. I'm a little surprised at how little 6to4 =
traffic you get.
Teredo gets most use when an application asks for a connection to a =
certain IPv6 address, without DNS. This is most common in peer to peer - =
you're not going to levels of web traffic and P2P traffic using Teredo =
that are comparable ratios to IPv4.
My expectation is that lines in your web logs in 2001::/32 have user =
agent strings indicating non-Windows hosts - or perhaps someone has =
miredo running on a proxy server, or perhaps the users' non-Teredo IPv6 =
AND IPv4 paths to you were broken when they tried to make a request. =
Stranger things have happened..
I wrote some code that will allow you to better understand the =
connectivity that end users of your web content have - when they visit =
your site it has them get 1x1 px transparent GIF images from various =
different hostnames with different characteristics in the DNS, and then =
reports back which loaded and how long.
http://www.braintrust.co.nz/ipv6wwwtest/
Wikipedia were running this for a while, on every 100th hit. They did a =
modification to this where they also had a large image to test for pmtud =
errors. Google are using a similar technique to test IPv6 capabilities =
and networks.
I'll add something with the pmtud stuff in the next week or so, and I'll =
also push the code to github.
You'll probably want to make you own changes based on what you're =
interested in, also.
--
Nathan Ward=
