diff options
author | teor <teor@torproject.org> | 2020-01-29 13:18:56 +1000 |
---|---|---|
committer | teor <teor@torproject.org> | 2020-02-05 21:52:27 +1000 |
commit | 9966ad3f3f82c551ca26b52e4072447b31e5f413 (patch) | |
tree | ef86fb59f61ffcab9cad79b0dca7215c165d83db /proposals/311-relay-ipv6-reachability.txt | |
parent | 3c19e051a61829fac34a7485285017f1f6730a4b (diff) | |
download | torspec-9966ad3f3f82c551ca26b52e4072447b31e5f413.tar.gz torspec-9966ad3f3f82c551ca26b52e4072447b31e5f413.zip |
Prop 311: Support seamless upgrades
We want to support these two cases:
* upgrade to working IPv6,
* stay on IPv4-only, if a guessed IPv6 address isn't reachable.
Part of 24404.
Diffstat (limited to 'proposals/311-relay-ipv6-reachability.txt')
-rw-r--r-- | proposals/311-relay-ipv6-reachability.txt | 48 |
1 files changed, 31 insertions, 17 deletions
diff --git a/proposals/311-relay-ipv6-reachability.txt b/proposals/311-relay-ipv6-reachability.txt index a93f286..ba7a151 100644 --- a/proposals/311-relay-ipv6-reachability.txt +++ b/proposals/311-relay-ipv6-reachability.txt @@ -8,9 +8,9 @@ Ticket: #24404 0. Abstract We propose that Tor relays (and bridges) should check the reachability of - their IPv6 ORPort, before publishing their descriptor. To check IPv6 ORPort - reachability, relays and bridges need to be able to extend circuits via - other relays, and back to their own IPv6 ORPort. + their IPv6 ORPort, before deciding whether to publish their descriptor. To + check IPv6 ORPort reachability, relays and bridges need to be able to + extend circuits via other relays, and back to their own IPv6 ORPort. 1. Introduction @@ -214,15 +214,19 @@ Ticket: #24404 4. Check Relay and Bridge IPv6 ORPort Reachability - We propose that relays and bridges check their own IPv6 ORPort reachability. + We propose that relays (and bridges) check their own IPv6 ORPort + reachability. + + To check IPv6 ORPort reachability, relays (and bridges) extend circuits via + other relays (but not other bridges), and back to their own IPv6 ORPort. - To check IPv6 ORPort reachability, relays and bridges extend circuits via - other relays, and back to their own IPv6 ORPort. + If IPv6 reachability checks fail, relays (and bridges) should refuse to + publish their descriptors, if they believe IPv6 reachability checks are + reliable, and their IPv6 address was explicitly configured. (See + [Proposal 312: Relay Auto IPv6 Address] for the ways relays can guess their + IPv6 addresses.) - IPv6 reachability failures may result in a relay or bridge refusing to - publish its descriptor, if enough existing relays support IPv6 extends. - (Except for directory authorities: they perform reachability checks, and - warn if they fail. But they always publish their descriptors.) + Directory authorities always publish their descriptors. 4.1. Current Reachability Implementation @@ -300,20 +304,30 @@ Ticket: #24404 * relay IPv6 DirPorts. Therefore, they are also out of scope for this proposal. -4.3. Refuse to Publish Descriptor if IPv6 ORPort is Unreachable +4.3. Refusing to Publish Descriptor if IPv6 ORPort is Unreachable If an IPv6 ORPort reachability check fails, relays (and bridges) should log a warning. - In addition, if IPv6ORPort reachability checks are reliable, based on the - number of relays in the network that support IPv6 extends, relays should - refuse to publish their descriptor. + If IPv6 reachability checks fail, relays (and bridges) should refuse to + publish their descriptors, if they believe IPv6 reachability checks are + reliable, and their IPv6 address was explicitly configured. (See + [Proposal 312: Relay Auto IPv6 Address] for the ways relays can guess their + IPv6 addresses.) - Directory authorities should perform reachability checks, and warn if they - fail. But directory authorities should always publish their descriptors. + Directory authorities always publish their descriptors. 4.3.1. Refusing to Publish the Descriptor + If IPv6 reachability checks fail, relays (and bridges) should refuse to + publish their descriptors, if: + * enough existing relays support IPv6 extends, and + * the IPv6 address was explicitly configured by the operator + (rather than guessed using [Proposal 312: Relay Auto IPv6 Address]). + + Directory authorities may perform reachability checks, and warn if those + checks fail. But they always publish their descriptors. + We set a threshold of consensus relays for reliable IPv6 ORPort checks: * at least 30 relays, and * at least 1% of the total consensus weight, @@ -666,7 +680,7 @@ References: [Proposal 306: Client Auto IPv6 Connections]: One possible design for automatic client IPv4 and IPv6 connections is at https://gitweb.torproject.org/torspec.git/tree/proposals/306-ipv6-happy-eyeballs.txt (TODO: modify to include bridge changes with client changes) -[Proposal 312: Relay Auto IPv6 Address]: https://gitweb.torproject.org/torspec.git/tree/proposals/312-relay-auto-ipv6-addr.txt (TODO) +[Proposal 312: Relay Auto IPv6 Address]: https://gitweb.torproject.org/torspec.git/tree/proposals/312-relay-auto-ipv6-addr.txt [Proposal 313: Relay IPv6 Statistics]: https://gitweb.torproject.org/torspec.git/tree/proposals/313-relay-ipv6-stats.txt (TODO) |