Over the last few days I've started thinking more about IPv6 and, inevitably, I started thinking about how we can improve support within the Tor network.
Within the last few months, there were a few instances of relay operators seeking answers for why their relay did not have the running flag in the consensus. After some investigation, in some cases this was because the relay had an IPv6 ORPort configured but a majority of the IPv6-enabled directory authorities did not believe it was running.
Unfortunately, despite IPv6 connectivity being a necessity now, ISP rollout is slow and on-going in some geographical areas and network peering arrangements are sometimes sub-standard or not stable.
The Relay Guide[0] has a section describing how an operator can enable an IPv6 ORPort, and there's a supplementary page[1] specifically describing additional information about it.
Considering there are potential critical failures when the IPv6 ORPort is configured, should the relay guide suggest the operator confirm they have IPv6 connectivity to all of the IPv6-enabled directory authorities[2] before enabling it ("Please ping6/telnet/nc to these hosts before enabling this.")?
It would also be nice if the relay, itself, performed self-checks of this connectivity and printed a warning log if some failure-threshold is reached (and possibly disabling the IPv6 ORPort). But, in reality, this is a hack around a broken internet - and I hesitate advocating for something like this in tor. Maybe there is a compromise we can find between the relay operator manually testing connectivity periodically and tor automatically doing-smart-things.
Thoughts?
- Matt
[0] https://trac.torproject.org/projects/tor/wiki/TorRelayGuide#IPv6 [1] https://trac.torproject.org/projects/tor/wiki/doc/IPv6RelayHowto [2] https://gitweb.torproject.org/tor.git/tree/src/or/auth_dirs.inc