Re: ipv6 transit over tunneled connection

[bmanning () vacation karoshi com]

 er... if I may - this whining about the evils of tunnels
 rings a bit hollow, esp for those who think that a VPN is 
 the right thing to do.

--bill


On Sat, May 15, 2010 at 08:44:53AM +1000, Karl Auer wrote:
> On Fri, 2010-05-14 at 14:57 -0400, Christopher Morrow wrote:
> > Tunnels promote poor paths
>
> "promote"? Tunnel topology does not (necessarily) match the underlying
> topology, especially if you choose (or are forced to accept) a distant
> broker. But "promote"?
>
> > , they bring along LOTS of issues wrt PMTUD,
>
> PMTUD that doesn't work on v6 probably doesn't work on v4. I agree that
> a bad PMTU can wreak more havoc on v6 than v4, but most of the issues
> are workaroundable.
>  
> > asymmetry of paths, improper/inefficient paths (see example paths from
> > several ripe preso's by jereon/others), longer latency.
>
> All relating to the above. I suspect you really mean paths in the
> underlying topology, which is a "by definition" issue. None of these are
> necessary features of tunnels.
>
> Given the relatively low number of tunnel terminating services, and the
> fairly low level of choice available to people who want tunnels, these
> are bigger problems than they need to be. More demand will see these
> problems (as with so many transitional issues) lessen substantially.
>
> >  If the tunnel
> > exits your border you can't control what happens and you can't affect
> > that tunnels performance characteristics.
>
> Whereas with IPv4 you have complete control over everything that happens
> once packets exit your border? This is no different with IPv6 than with
> IPv4, except that you have fewer choices at present, so must make more
> drastic compromises.
>
> >  it's 2010, get native v6.
>
> Easily said :-(
>
> If you can't get native IPv6, then using a tunnel lets you get started;
> it lets you begin educating, testing and even delivering IPv6-based
> services. If, on the other hand, you wait until everything is perfect,
> you will be waaaay behind the eight-ball.
>
> Oh - and tunnels are usually way cheaper than native connectivity, so
> it's easier to get the idea of going v6 past the bean-counters.
>
> So: Yep, native IPv6 if you can get it. Otherwise, take tunnels. But
> whichever you do, do it now.
>
> Regards, K.
>
> -- 
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Karl Auer (kauer () biplane com au)                   +61-2-64957160 (h)
> http://www.biplane.com.au/~kauer/                  +61-428-957160 (mob)
>
> GPG fingerprint: B386 7819 B227 2961 8301 C5A9 2EBC 754B CD97 0156
> Old fingerprint: 07F3 1DF9 9D45 8BCD 7DD5 00CE 4A44 6A03 F43A 7DEF