[tor-commits] [torspec/master] Add the start of an "ipv6 issues" document to proposals/ideas

nickm at torproject.org nickm at torproject.org
Wed Mar 2 06:51:56 UTC 2011 

commit dbc1039e3e19b577548f9fadf205ebd0d5d71f52
Author: Nick Mathewson <nickm at torproject.org>
Date:   Wed Mar 2 01:51:49 2011 -0500

    Add the start of an "ipv6 issues" document to proposals/ideas
    
    One of the sponsors wanted this for March, I believe.
---
 proposals/ideas/xxx-ipv6-plan.txt |   90 +++++++++++++++++++++++++++++++++++++
 1 files changed, 90 insertions(+), 0 deletions(-)

diff --git a/proposals/ideas/xxx-ipv6-plan.txt b/proposals/ideas/xxx-ipv6-plan.txt
new file mode 100644
index 0000000..e9ffb10
--- /dev/null
+++ b/proposals/ideas/xxx-ipv6-plan.txt
@@ -0,0 +1,90 @@
+Filename: xxx-ipv6-plan.txt
+Title: How to implement IPv6 in Tor
+Author: Nick Mathewson
+Created: 1 March 2011
+Status: Draft
+
+Overview:
+
+   This document outlines what we'll have to do to make Tor fully
+   support IPv6.  It refers to other proposals, current and as-yes
+   unwritten.  It suggests a few incremental steps, each of which on
+   its own should make Tor more useful in the brave new IPv6 future of
+   tomorrow.
+
+Motivation:
+
+   Turns out, 4 billion addresses wasn't enough.
+
+What needs to change:
+
+   Tor uses the Internet in many ways.  There four main ways that
+   will need to change for IPv6 support, from most urgent to least
+   urgent.
+
+     1. Tor must allow connections from IPv6-only clients. (Currently,
+        routers do not listen on IPv6 addresses, and can't advertise
+        that they support IPv6 addresses, so clients can't learn that
+        they do.)
+
+     2. Tor must transport IPv6 traffic and IPv6-related DNS traffic.
+        (Currently, Tor only allows BEGIN cells to ask for connections
+        to IPv4 targets or to hostnames, and only allows RESOLVE cells
+        to request A and PTR records.)
+
+     3. Tor must allow nodes to connect to one another over IPv6.
+
+   Allowing IPv6-only clients is the most important, since unless we
+   do, these unable to connect to Tor at all.  Next most
+   important is to allow IPv6 XXXX
+
+Designs that we will need to do:
+
+   For IPv6-only clients, we'll need to specify that routers can have
+   multiple addresses and ORPorts, and allow secondary addresses/ports
+   that.  There is an old proposal (118) to try to allow multiple
+   ORPorts per router.  It's been accepted; it needs to be checked for
+   correctness, updated to track other changes in more recent Tor
+   versions, and updated to work with the new microdescriptor designs.
+
+   Additionally, we'll need to audit the designs for all our codebase
+   for places that might assume that IPs are a scarce resource.  For
+   example, clients assume that any two routers occupying an IPv4 /16
+   network are "too close" topologically to be used in the same
+   circuit, and the bridgedb https distributor assumes that hopping
+   from one /24 to another takes a little effort for most clients.
+   The directory authorities assume that blacklisting an IP is an okay
+   response to a bad router at that address.  These and other places
+   will needed instead more appropriate notions of "closeness" and
+   "similarity".
+
+   We'll need a way to advertise IPv6 bridges, and to use them.
+
+   For transporting IPv6-only traffic, we have another accepted design
+   proposal (117).  It has some open questions concerning proper
+   behavior with respect to DNS lookups, and also needs to be checked
+   and updated to track current Tor designs.
+
+   We do not have a current accepted design proposal for allowing
+   nodes to connect to each other via IPv6.  Allowing opportunistic
+   IPv6 traffic between nodes that can communicate with both IPv4 and
+   IPv6 will be relatively simple, as will be bridges that have only
+   an IPv6 address: both of these fall out relatively simply from
+   designing a process for advertising and connecting to IPv6
+   addresses.  The harder problem is in supporting IPv6-only
+   Tor routers.  For these, we'll need to consider network topology
+   issues: having nodes that can't connect to all the other nodes
+   will weaken one of our basic assumptions for path generation, so
+   we'll need to make sure to do the analysis enough to tell that this
+   is safe.
+
+Ready, fire, aim: An alternative methodology
+
+   At least one volunteer is currently working on IPv6 issues in Tor.
+   If his efforts go well, it might be that our first design drafts
+   for some of these open topics arrive concurrently (or even in the
+   form of!) with alpha code to implement them.  If so, we need to
+   follow a variant of the design process, extracting design from code
+   to evaluate it (rather than designing then coding).  Probably,
+   based on design review, some changes to code would be necessary.
+

More information about the tor-commits mailing list