On 18 Jan 2016, at 11:07, Roman Mamedov <rm@romanrm.net> wrote:

On Mon, 18 Jan 2016 10:16:40 +1100
Tim Wilson-Brown - teor <teor2345@gmail.com> wrote:

I think if a client is just using it for bootstrap, any extra latency shouldn't be an issue.
But IPv6 clients may also pick it as a guard, so that should be taken into account.

Should we be running relays over IPv6 tunnels?

Hurricane Electric has tunnel servers all over the world, so it's easy to pick
one which will only add negligible latency: https://tunnelbroker.net/status.php

Performance is not a concern either, these are not overloaded and should
be quite fast.

On the other hand HE.net may or may not want to have a word with you if you
run a relay through them with hundreds of megabits of IPv6 traffic; but that's
not something we can expect in the nearest  future. [and such powerful relays
are most likely in proper DCs with easily obtainable native IPv6 anyways]

We're still working to get Tor clients bootstrapping over IPv6, so there isn't going to be much IPv6 relay traffic at the moment.

There's a possible privacy issue that all the HE.net tunnel traffic can
technically be captured by HE.net;

however all of these provide IPv6 addresses under the same AS (6939) and the
same prefix of 2001:470::/32, so perhaps the same-AS avoidance code will
ensure that a HE.net IPv6 is only used once in a circuit? Does it correctly
handle cases when a router's IPv4 and IPv6 addresses are from different ASes?

Tor doesn't use ASs for same-network avoidance, it only uses network masks.

In the current Tor codebase, onion_populate_cpath()/addrs_in_same_network_family() avoids adding relays in the same IPv4 /16 to the same circuit. IPv6 addresses are not considered, because this check uses the relay's primary ORPort IPv4 address.

Tim

Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP 968F094B

teor at blah dot im
OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F