draft-vandevelde-v6ops-harmful-tunnels-01.txt 1 are they the future of the internet? non-managed...
TRANSCRIPT
draft-vandevelde-v6ops-harmful-tunnels-01.txt 1
Are they the future of the Internet?
Non-Managed Tunnels Considered Harmful
Gunter Van de Velde, Ole Troan, Tim Chown
The Controverse-o-Meter
Highly controversial
Medium controversial (whatever that means)
Not controversial
Objectives The noble goal of the IPv6 Internet
What do people say?
What are managed tunnels?
Non-managed tunnel properties
Conclusion
Why do Non-managed tunnels exist?
What is a Managed tunnel?
The user has a contact “to bark at” when connectivity is not working as expected
The tunneling is facilitated by a contactable administration Realm for the tunnel head and tail-end
Security, performance and integrity of the tunnel is managed
The user experience for using either IPv4 or IPv6 is invisible, so that the network environment feels and smells like true native connectivity
Tunnel Experiences The end-user view
My ISP does not provide IPv6, so 6to4/Teredo is my easy way to get IPv6… and I am very happy with the IPv6 quality
Oh… I didn’t know I was using IPv6…. The enterprise view
6to4 has capability for sub-optimal routing, however, 6to4 does not have always sub-optimal routing (ie. When sending
packets between two 6to4 sites) The service provider
Some ISP deliver on purpose a 6to4 relay to increase the quality of IPv6 for their customers, but it costs $ and resources to maintain… and the service is not just (always) restricted to the ISP’s customers
Content providers observe a measurable difference in RTT and reliability in some cases, and are hence reluctant to bring all services to mainstream IPv6 for all users “just yet”
The noble goal of the IPv6 Internet
Provide a platform for content and services to be developed with high quality and performance
A simple control plane for end-2-end connectivity The IPv6 Internet connectivity should be as
good (or better) as the perceived quality of the IPv4 Internet
All people and devices around the globe have the potential to be connected
Allow connectivity to grow without limits
Do non-managed tunnels follow these fundamentals?
The noble goal of the IPv6 Internet
Provide a platform for content and services to be developed with high quality and performance
A simple control plane for end-2-end connectivity The IPv6 Internet connectivity should be as
good (or better) as the perceived quality of the IPv4 Internet
All people and devices around the globe have the potential to be connected
Allow connectivity to grow without limits
Do non-managed tunnels follow these fundamentals?
Why do non-managed tunnels exist?
Early adopters Not trivial to move a system in lock-step
towards IPv6, and tunnels aid in this process
Provide de-coupling between infrastructure IPv6 readiness and application readiness
Anycast/well-known address usage Asymmetric connectivity models when relying on 3rd
party relay Impacts statefull security services (firewalls)
Anycast or other well known addresses may direct towards badly functioning relay-router 6to4 well-known relay addresses 192.88.99.0/24 Teredo MSFT default: teredo.ipv6.microsoft.com
Non-managed Tunnel Properties
IP Anycast/well known based service
Non-managed Tunnel Properties
Performance There is a logistic decoupling of performance between
(1) What the relay router can provide
(2) What the user is expecting The impact is that initial deployments have been working really
well, but if used for mainstream operation (for millions of customers, instead of the technologist), then performance expectation may not be stable (no motivation for the relay-router providers to upgrade capacity for non-customers)
IP Anycast/well known based service
User does typically not know who is owner of the relay listening to the well-known address
Non-managed Tunnel Properties
Realm of control Operational provisioning - good tunnel performance
and reliability is often outside the control of the person using the tunnel (3rd party involvement, unforeseen traffic paths)
Sub-optimal flows (increase in RTT and packet loss) If a low performance relay-router is overloaded due
to non-managed tunnels, then how can user provide feedback on the bad performance?
Who is responsible for troubleshooting if connectivity is degraded?
Non-managed Tunnel Properties
Security Do you trust the 3rd party ag/de-gregator Firewall, IDS and tunneling Lawful Intercept Tunnel security issues documented in “draft-ietf-v6ops-tunnel-security-
concerns-02” are amplified by un-managed tunnels due to a lack of trust Tunnels may bypass Security inspection IP Ingress and Egress Filtering Source Routing after the tunnel client Non-trust of enterprise NOC manager towards tunnel security and
openness DPI for tunneled packets NAT holes increase attack surface Tunnel address related risks
6to4 security considerations - rfc3964 – RFC from 2004
Conclusion
Early adopters have been working fine with non-managed tunnels
For mainstream usage: Blackholing Perverse traffic paths Lack of business incentive Difficult security model Hard to have a managed service relying on non-managed
infrastructure Consequence:
Reason that Content providers can’t offer universal IPv6 services Reason that white-listing complexity is being discussed
Next Steps
Adopt as WG item?
draft-vandevelde-v6ops-pref-ps-00 14
15
draft-vandevelde-v6ops-harmful-tunnels-01.txt
THANK YOU!