Hi,
On 19 Apr 2019, at 07:41, Charly Ghislain charlyghislain@gmail.com wrote:
I feel there is an issue in case the operator advertises an unreachable ip6 address in the config. This seems like a configuration error that should be spotted by a self-reachability mechanism that is yet to come, like for ipv4. I can imagine however that directories could be able to flag the relay as reachable over ipv4 and not over ipv6, and that the relay would still be usable over ip4. I thought it was the case actually.
We asked the directory authority operators what they wanted Tor to do when relays are reachable over IPv4 but not IPv6. They told us that the relays should not be in the consensus, because then operators would notice, and fix them. (As Jake Visser did.)
We also talked with relay operators, and there were a range of different opinions.
If we want to have enough IPv6 relays to support lots of IPv6 clients, we need every relay that can do IPv6, to have working IPv6.
On 19 Apr 2019, at 08:46, s7r s7r@sky-ip.org wrote:
One use I can think for this is in a world where an IPv6 only client gets to use such a relay as Guard, by connecting it to its advertised IPv6 address (regardless that will be actually converted to IPv4 before it hits the relay, this will be transparent to the client and will actually work).
I think having more ways to do IPv6 is useful as we transition to IPv6.
When most relays support IPv6, we can start deprecating some of the less useful ways of doing IPv6. But we're not there yet.
On 19 Apr 2019, at 08:54, Jake Visser jake@emeraldonion.org wrote:
Thanks Charly – yes.. in this case a flag or error in logging that IPv6 was not reachable would have saved me many hours of debugging (for us, this was an obscure IPv6 issue, where all other IPs on the same range work; it was broken as a function of a very restrictive ND policy on the firewall).
So regardless of Full v6 support, or v6 only support [both are needed], at the very least some good logging to say if its failing would be great 😉
After a few hours, your relays should have warned you that they were not in the consensus. Maybe you missed the warning, because you were looking at debug logs?
A relay can't tell you that its own IPv6 address is unreachable, because it never checks its IPv6 address for reachability.
We have a ticket to implement IPv6 reachability checks, but it's more complex than you might expect, because relays don't extend to other relays over IPv6 yet.
https://trac.torproject.org/projects/tor/ticket/24403
We're working on getting funding for IPv6 improvements in 2020, and this feature will be first. (There's no point in making clients do IPv6 better, if we don't have enough IPv6 relays.)
T