On 30 Nov. 2016, at 02:18, Zack Weinberg zackw@cmu.edu wrote:
On Sun, Nov 27, 2016 at 6:01 PM, teor teor2345@gmail.com wrote:
If IPv6 penetration among Tor relay ISPs/ASs is as high as you say, why do only:
7.6% (541/7145) of relays have an IPv6 OR address 17.3% (7972687/45960632) of relay bandwidth has an IPv6 OR address
With IPv6 relay bandwidth this low, we can't even have clients try IPv6 by default - there are too few relays to meet Tor's existing 60% path threshold in get_frac_paths_needed_for_circs().
I want to add something to these figures: (modified code at end)
7.5% (535/7171) of relays have an IPv6 OR address 16.8% (7800233/46493235) of relay bandwidth has an IPv6 OR address
16.9% (343/2034) of guard relays have an IPv6 OR address 23.3% (7364620/31664680) of guard relay bandwidth has an IPv6 OR address
9.8% (89/908) of exit relays have an IPv6 OR address 18.2% (1954308/10754720) of exit relay bandwidth has an IPv6 OR address
Thanks!
This is better than I expected -- I thought IPv6-capable exit relays in particular would be few and far between.
IPv6 tends to experience less network filtering at both the client to tor and Exit to site stages. It would be great for Tor users if Tor used it more.
And if only 18.2% of exit relay bandwidth has an IPv6 address, and clients try 3 exits before giving up, this means there's still a 45.4% chance that an IPv6-only site accesses via DNS will fail.
(IPv6 addresses are fine - the client chooses an IPv6-capable relay.)
Still, I worry that we might hit a ceiling on IPv6 adoption by exits, because exit-friendly connectivity tends to come from places where keeping up with the bleeding edge in network gear isn't the top priority, like libraries and universities. Despite how many network researchers we have here, CMU (and therefore my exit node)
Exit nodes are chosen at random - they certainly aren't chosen by proximity to the client.
doesn't have IPv6; campus IT tells me that it's on their list but there are several higher-priority hardware upgrades that need to happen first, and the ETA has been "three to five years from now" for my entire time here.
That's unfortunate. It's also hard to get IPv6 when choosing between datacenter providers - there are many criteria, such as price and bandwidth (and location, and diversity) that matter, and it's hard to find somewhere that satisfies all of them.
zw
#! /usr/bin/python3 import stem.descriptor.remote from stem import Flag
consensus = stem.descriptor.remote.DescriptorDownloader().get_consensus() total_count = total_bw = 0 total_guard_count = total_guard_bw = 0 total_exit_count = total_exit_bw = 0 ipv6_count = ipv6_bw = 0 ipv6_guard_count = ipv6_guard_bw = 0 ipv6_exit_count = ipv6_exit_bw = 0
for relay in consensus: is_guard = Flag.GUARD in relay.flags is_exit = Flag.EXIT in relay.flags for address in relay.or_addresses: if address[2]: # is_ipv6 has_ipv6 = True break else: has_ipv6 = False
if has_ipv6: ipv6_count += 1 ipv6_bw += relay.bandwidth
Better do this here, too:
# Relays with both EXIT and GUARD are, IIUC, used only as exits.
(And yes, this is true, as long as Exits are scarce.)
if is_guard: ipv6_guard_count += 1 ipv6_guard_bw += relay.bandwidth if is_exit: ipv6_exit_count += 1 ipv6_exit_bw += relay.bandwidthtotal_count += 1 total_bw += relay.bandwidth if is_exit: total_exit_count += 1 total_exit_bw += relay.bandwidth # Relays with both EXIT and GUARD are, IIUC, used only as exits. elif is_guard: total_guard_count += 1 total_guard_bw += relay.bandwidth
print("%.1f%% (%d/%d) of relays have an IPv6 OR address" % (ipv6_count*100.0/total_count, ipv6_count, total_count)) print("%.1f%% (%d/%d) of relay bandwidth has an IPv6 OR address" % (ipv6_bw*100.0/total_bw, ipv6_bw, total_bw)) print() print("%.1f%% (%d/%d) of guard relays have an IPv6 OR address" % (ipv6_guard_count*100.0/total_guard_count, ipv6_guard_count, total_guard_count)) print("%.1f%% (%d/%d) of guard relay bandwidth has an IPv6 OR address" % (ipv6_guard_bw*100.0/total_guard_bw, ipv6_guard_bw, total_guard_bw)) print() print("%.1f%% (%d/%d) of exit relays have an IPv6 OR address" % (ipv6_exit_count*100.0/total_exit_count, ipv6_exit_count, total_exit_count)) print("%.1f%% (%d/%d) of exit relay bandwidth has an IPv6 OR address" % (ipv6_exit_bw*100.0/total_exit_bw, ipv6_exit_bw, total_exit_bw))
T