In 2018, in my article Phasing out IPv6 transition technologies, I brought information about the current development and use of Teredo and 6to4 technologies. In conclusion, I informed that Teredo prefix 2001::/32 is no longer promoted to foreign upstreams, but only within NIX.CZ and NIX.SK peering nodes, where global peers are active as well, so we did not limit the 6to4 technology due to certain traffic from abroad. In this blogpost, I will explain why we now want to turn off these two technologies.
6to4
RFC 7526 clearly speaks for the abolition of the 6to4 technology we are running, referring to network addressing using anycast as deprecated since 2015. At the same time, this technology shows a significant error rate, as highlighted by a 2010 article on labs.ripe.net. For these reasons, we have no longer analyzed this traffic, and instead focused more on Teredo server/relay; then we will proceed directly to shutdown. However, the data flow through 6to4 is basically comparable to that through Teredo.
Teredo
To refresh your memory of how Teredo works, I suggest you read this article and take a look at this chart. At CZ.NIC, we operate both the Teredo server at teredo.nic.cz and a Teredo relay.
To get a good idea of how both components work, we studied network traffic by taking ten-minute samples during one working day. Based on the obtained IP addresses and the GeoIP database, we identified the countries of inbound and outbound traffic and prepared charts of the TOP 10 countries of the world with the highest percentage in the entire data traffic according to the selected criteria.
What do the charts show? The first (orange) one shows who uses the Teredo server the most. These are client stations that use for their configuration the address teredo.nic.cz directly. The second (blue) chart shows those who use our Teredo relay to communicate with the IPv6 world. Finally, the third (green) chart shows the destinations where traffic actually terminates.
If we put individual charts in context, we may arrive at the following:
- The Teredo server is most used from the Czech Republic and Russia,
- The usage of Teredo relay instance in our country actually makes up less than one percent. This means that the target servers to which the traffic is tunneled are probably not in the Czech Republic and the surrounding area, because otherwise such traffic would have been taken over directly by our Teredo relay instance,
- on the contrary, traffic from our Teredo relay instance is mostly terminated in the Netherlands and the USA. The Czech Republic makes up approximately one percent.
Does it make sense to continue operating Teredo tunnels in order to improve comfort and response for users in the Czech Republic? We believe that it does not, because:
- it is a service that is gradually phased out by different entities. An interesting undertaking was the test by Microsoft, when in 2013 they tried to turn Teredo off for a few days,
- Teredo is a technology that can often be used to attack other entities,
- the CZ.NIC Association is part of the critical infrastructure of the state and as such it would not like to continue providing a tool that can be easily misused for attacks,
- Teredo generally has a high loss rate and the technology is quite complicated, see page 286 to 287 of the fourth edition of IPv6,
- the abolition of transition mechanisms could contribute to further spread of native support for the IPv6 protocol instead of circumvention using various transition mechanisms.
In the original article Phasing out IPv6 transition technologies, I also listed Google charts on the number of users accessing their services using the IPv6 protocol. In mid-2018, 6to4/Teredo transition technologies still had the share of 0.05%. After about three and a half years, it’s just 0.
We also want to switch off for a completely pragmatic reason. The hardware on which the service runs is nearing the end of its life cycle, and investing in new hardware (as well as working on migration and subsequent administration) just doesn’t seem reasonable to us.
Trial shutdown
Based on the above, we have decided to try and turn off both IPv6 transition technologies on October 25, 2021 for a period of 24 hours.
We’re shutting down!
If no major problem appears, we will definitely abolish both services on Monday, November 1, 2021. However, users in the Czech Republic will not lose a Teredo and 6to4 service node close by, as they are still run (as one of the last of the Mohicans) by Hurricane Electric, which is also peering at NIX.CZ. Of course, we will inform this company in advance before the final shutdown.