[tor-relays] Relay Guide - IPv6 Connectivity Testing

Matthew Finkel matthew.finkel at gmail.com
Mon Jun 25 16:06:02 UTC 2018

Over the last few days I've started thinking more about IPv6 and,
inevitably, I started thinking about how we can improve support within
the Tor network.

Within the last few months, there were a few instances of relay
operators seeking answers for why their relay did not have the running
flag in the consensus. After some investigation, in some cases this was
because the relay had an IPv6 ORPort configured but a majority of the
IPv6-enabled directory authorities did not believe it was running.

Unfortunately, despite IPv6 connectivity being a necessity now, ISP
rollout is slow and on-going in some geographical areas and network
peering arrangements are sometimes sub-standard or not stable.

The Relay Guide[0] has a section describing how an operator can enable
an IPv6 ORPort, and there's a supplementary page[1] specifically
describing additional information about it.

Considering there are potential critical failures when the IPv6 ORPort
is configured, should the relay guide suggest the operator confirm they
have IPv6 connectivity to all of the IPv6-enabled directory
authorities[2] before enabling it ("Please ping6/telnet/nc to these
hosts before enabling this.")?

It would also be nice if the relay, itself, performed self-checks of
this connectivity and printed a warning log if some failure-threshold is
reached (and possibly disabling the IPv6 ORPort). But, in reality, this
is a hack around a broken internet - and I hesitate advocating for
something like this in tor. Maybe there is a compromise we can find
between the relay operator manually testing connectivity periodically
and tor automatically doing-smart-things.


- Matt

[0] https://trac.torproject.org/projects/tor/wiki/TorRelayGuide#IPv6
[1] https://trac.torproject.org/projects/tor/wiki/doc/IPv6RelayHowto
[2] https://gitweb.torproject.org/tor.git/tree/src/or/auth_dirs.inc

More information about the tor-relays mailing list