MarkPace.Balzan at melitaplc
May 4, 2012, 6:22 AM
Apologies if this started separate thread.... must unsubscribe from the digest and get live traffic
From: Mark Pace Balzan
Sent: 04 May 2012 15:19
To: ipv6-ops [at] lists
Subject: Re: teredo traffic on 6to4 relay ?
Marco- thanks, its possibly bit torrent, but as Jeroen points out both src and dst are 2001:0 (teredo)
Jeroen - yes RPF is of course critical, but im also interested in why this is happening at all...
> But, as we do not know if he has a default route or anything else on
> it it is hard to tell why his box is even forwarding these packets.
v6 default on the relay points out to the v6 internet and purpose in life of this box is just 6to4 :)
Performing a packet trace on packets (v4 and v6) incoming into the relay box, shows that said teredo packets (ie 2001:0 in both src and dst) have v4 source address belonging to v4 unicast users on my network and v4 destination being 126.96.36.199 which is the 6to4 anycast ip.
Therefore IPv4 routing is working fine and v4 packets are being delivered to their correct destination, I suspect that the client originating the packet is somehow sending teredo encapsulated traffic to 188.8.131.52 - a bug on the client stack perhaps ? note i dont have access to the client platform
Additionally, the 6to4 relay seems to be decpasulating the packet and forwarding it on its way to the v6 internet even if its totally teredo inside and not 6to4 !