[tor-relays] is it possible to relay using ipv6?

teor teor2345 at gmail.com
Tue Nov 29 19:52:09 UTC 2016


> On 30 Nov. 2016, at 02:18, Zack Weinberg <zackw at cmu.edu> wrote:
> 
> On Sun, Nov 27, 2016 at 6:01 PM, teor <teor2345 at gmail.com> wrote:
>> 
>> If IPv6 penetration among Tor relay ISPs/ASs is as high as you say, why
>> do only:
>> 
>> 7.6% (541/7145) of relays have an IPv6 OR address
>> 17.3% (7972687/45960632) of relay bandwidth has an IPv6 OR address
>> 
>> With IPv6 relay bandwidth this low, we can't even have clients try IPv6
>> by default - there are too few relays to meet Tor's existing 60% path
>> threshold in get_frac_paths_needed_for_circs().
> 
> I want to add something to these figures: (modified code at end)
> 
> 7.5% (535/7171) of relays have an IPv6 OR address
> 16.8% (7800233/46493235) of relay bandwidth has an IPv6 OR address
> 
> 16.9% (343/2034) of guard relays have an IPv6 OR address
> 23.3% (7364620/31664680) of guard relay bandwidth has an IPv6 OR address
> 
> 9.8% (89/908) of exit relays have an IPv6 OR address
> 18.2% (1954308/10754720) of exit relay bandwidth has an IPv6 OR address

Thanks!

> This is better than I expected -- I thought IPv6-capable exit relays
> in particular would be few and far between.

IPv6 tends to experience less network filtering at both the client to
tor and Exit to site stages. It would be great for Tor users if Tor
used it more.

And if only 18.2% of exit relay bandwidth has an IPv6 address, and
clients try 3 exits before giving up, this means there's still a 45.4%
chance that an IPv6-only site accesses via DNS will fail.

(IPv6 addresses are fine - the client chooses an IPv6-capable relay.)

> Still, I worry that we
> might hit a ceiling on IPv6 adoption by exits, because exit-friendly
> connectivity tends to come from places where keeping up with the
> bleeding edge in network gear isn't the top priority, like libraries
> and universities.  Despite how many network researchers we have here,
> CMU (and therefore my exit node)

Exit nodes are chosen at random - they certainly aren't chosen by
proximity to the client.

> doesn't have IPv6; campus IT tells me
> that it's on their list but there are several higher-priority hardware
> upgrades that need to happen first, and the ETA has been "three to
> five years from now" for my entire time here.

That's unfortunate. It's also hard to get IPv6 when choosing between
datacenter providers - there are many criteria, such as price and
bandwidth (and location, and diversity) that matter, and it's hard to
find somewhere that satisfies all of them.

> zw
> 
> #! /usr/bin/python3
> import stem.descriptor.remote
> from stem import Flag
> 
> consensus = stem.descriptor.remote.DescriptorDownloader().get_consensus()
> total_count = total_bw = 0
> total_guard_count = total_guard_bw = 0
> total_exit_count = total_exit_bw = 0
> ipv6_count = ipv6_bw = 0
> ipv6_guard_count = ipv6_guard_bw = 0
> ipv6_exit_count = ipv6_exit_bw = 0
> 
> for relay in consensus:
>    is_guard = Flag.GUARD in relay.flags
>    is_exit  = Flag.EXIT in relay.flags
>    for address in relay.or_addresses:
>        if address[2]: # is_ipv6
>            has_ipv6 = True
>            break
>    else:
>        has_ipv6 = False
> 
>    if has_ipv6:
>        ipv6_count += 1
>        ipv6_bw += relay.bandwidth

Better do this here, too:

>       # Relays with both EXIT and GUARD are, IIUC, used only as exits.

(And yes, this is true, as long as Exits are scarce.)

>        if is_guard:
>            ipv6_guard_count += 1
>            ipv6_guard_bw += relay.bandwidth
>        if is_exit:
>            ipv6_exit_count += 1
>            ipv6_exit_bw += relay.bandwidth
> 
>    total_count += 1
>    total_bw += relay.bandwidth
>    if is_exit:
>        total_exit_count += 1
>        total_exit_bw += relay.bandwidth
>    # Relays with both EXIT and GUARD are, IIUC, used only as exits.
>    elif is_guard:
>        total_guard_count += 1
>        total_guard_bw += relay.bandwidth
> 
> print("%.1f%% (%d/%d) of relays have an IPv6 OR address" %
>      (ipv6_count*100.0/total_count, ipv6_count, total_count))
> print("%.1f%% (%d/%d) of relay bandwidth has an IPv6 OR address" %
>      (ipv6_bw*100.0/total_bw, ipv6_bw, total_bw))
> print()
> print("%.1f%% (%d/%d) of guard relays have an IPv6 OR address" %
>      (ipv6_guard_count*100.0/total_guard_count,
>       ipv6_guard_count, total_guard_count))
> print("%.1f%% (%d/%d) of guard relay bandwidth has an IPv6 OR address" %
>      (ipv6_guard_bw*100.0/total_guard_bw, ipv6_guard_bw, total_guard_bw))
> print()
> print("%.1f%% (%d/%d) of exit relays have an IPv6 OR address" %
>      (ipv6_exit_count*100.0/total_exit_count,
>       ipv6_exit_count, total_exit_count))
> print("%.1f%% (%d/%d) of exit relay bandwidth has an IPv6 OR address" %
>      (ipv6_exit_bw*100.0/total_exit_bw, ipv6_exit_bw, total_exit_bw))

T

-- 
Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
ricochet:ekmygaiu4rzgsk6n
xmpp: teor at torproject dot org
------------------------------------------------------------------------





More information about the tor-relays mailing list