On 18 Jan 2016, at 11:07, Roman Mamedov rm@romanrm.net wrote:
On Mon, 18 Jan 2016 10:16:40 +1100 Tim Wilson-Brown - teor teor2345@gmail.com wrote:
I think if a client is just using it for bootstrap, any extra latency shouldn't be an issue. But IPv6 clients may also pick it as a guard, so that should be taken into account.
Should we be running relays over IPv6 tunnels?
Hurricane Electric has tunnel servers all over the world, so it's easy to pick one which will only add negligible latency: https://tunnelbroker.net/status.php
Performance is not a concern either, these are not overloaded and should be quite fast.
On the other hand HE.net may or may not want to have a word with you if you run a relay through them with hundreds of megabits of IPv6 traffic; but that's not something we can expect in the nearest future. [and such powerful relays are most likely in proper DCs with easily obtainable native IPv6 anyways]
We're still working to get Tor clients bootstrapping over IPv6, so there isn't going to be much IPv6 relay traffic at the moment.
There's a possible privacy issue that all the HE.net tunnel traffic can technically be captured by HE.net;
however all of these provide IPv6 addresses under the same AS (6939) and the same prefix of 2001:470::/32, so perhaps the same-AS avoidance code will ensure that a HE.net IPv6 is only used once in a circuit? Does it correctly handle cases when a router's IPv4 and IPv6 addresses are from different ASes?
Tor doesn't use ASs for same-network avoidance, it only uses network masks.
In the current Tor codebase, onion_populate_cpath()/addrs_in_same_network_family() avoids adding relays in the same IPv4 /16 to the same circuit. IPv6 addresses are not considered, because this check uses the relay's primary ORPort IPv4 address.
Tim
Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP 968F094B
teor at blah dot im OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F