Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: nsp: ipv6

IPv4-mapped as ICMPv6 source address ?!

 

 

nsp ipv6 RSS feed   Index | Next | Previous | View Threaded


Lutz.Pressler at SerNet

May 7, 2012, 7:58 AM

Post #1 of 3 (581 views)
Permalink
IPv4-mapped as ICMPv6 source address ?!

Hello,

doing traceroute6 www.ietf.org, I get
[...]
5 2001:1890:1fff:109:192:205:34:181 (2001:1890:1fff:109:192:205:34:181) 95.902 ms 95.644 ms 119.383 ms
6 n54ny21crs.ipv6.att.net (2001:1890:ff:ffff:12:122:80:226) 175.058 ms 173.507 ms 176.317 ms
7 cgcil22crs.ipv6.att.net (2001:1890:ff:ffff:12:122:1:2) 171.525 ms 171.620 ms 172.789 ms
8 cr1.cgcil.ip.att.net (::ffff:12.122.2.53) 174.256 ms 174.761 ms 173.078 ms
9 sffca21crs.ipv6.att.net (2001:1890:ff:ffff:12:122:4:121) 172.066 ms 172.525 ms 174.842 ms
10 cr81.sj2ca.ip.att.net (::ffff:12.122.1.118) 171.342 ms 173.409 ms 171.158 ms
11 sj2ca401me3.ipv6.att.net (2001:1890:ff:ffff:12:122:126:238) 237.509 ms 170.582 ms 170.598 ms
[...]
and indeed see incoming ICMPv6 packets with ::ffff:/96 source addresses.
I suppose, this is not as it should be. Does anyone know what kind
of routers create those and in which situation (maybe if there are only
link-local IPv6 addresses on the link)? Probably it's not SIIT.

Lutz


jared at puck

May 7, 2012, 9:06 AM

Post #2 of 3 (531 views)
Permalink
Re: IPv4-mapped as ICMPv6 source address ?! [In reply to]

These are mpls devices that transport ipv6 but do not have ipv6 on the interface in question. They will also be dropped by loose rpf by a juniper device.

Jared Mauch

On May 7, 2012, at 10:58 AM, Lutz Pre├čler <Lutz.Pressler [at] SerNet> wrote:

> Hello,
>
> doing traceroute6 www.ietf.org, I get
> [...]
> 5 2001:1890:1fff:109:192:205:34:181 (2001:1890:1fff:109:192:205:34:181) 95.902 ms 95.644 ms 119.383 ms
> 6 n54ny21crs.ipv6.att.net (2001:1890:ff:ffff:12:122:80:226) 175.058 ms 173.507 ms 176.317 ms
> 7 cgcil22crs.ipv6.att.net (2001:1890:ff:ffff:12:122:1:2) 171.525 ms 171.620 ms 172.789 ms
> 8 cr1.cgcil.ip.att.net (::ffff:12.122.2.53) 174.256 ms 174.761 ms 173.078 ms
> 9 sffca21crs.ipv6.att.net (2001:1890:ff:ffff:12:122:4:121) 172.066 ms 172.525 ms 174.842 ms
> 10 cr81.sj2ca.ip.att.net (::ffff:12.122.1.118) 171.342 ms 173.409 ms 171.158 ms
> 11 sj2ca401me3.ipv6.att.net (2001:1890:ff:ffff:12:122:126:238) 237.509 ms 170.582 ms 170.598 ms
> [...]
> and indeed see incoming ICMPv6 packets with ::ffff:/96 source addresses.
> I suppose, this is not as it should be. Does anyone know what kind
> of routers create those and in which situation (maybe if there are only
> link-local IPv6 addresses on the link)? Probably it's not SIIT.
>
> Lutz


bzeeb-lists at lists

May 7, 2012, 9:11 AM

Post #3 of 3 (534 views)
Permalink
Re: IPv4-mapped as ICMPv6 source address ?! [In reply to]

On 7. May 2012, at 14:58 , Lutz Pre▀ler wrote:

> Hello,
>
> doing traceroute6 www.ietf.org, I get
> [...]
> 5 2001:1890:1fff:109:192:205:34:181 (2001:1890:1fff:109:192:205:34:181) 95.902 ms 95.644 ms 119.383 ms
> 6 n54ny21crs.ipv6.att.net (2001:1890:ff:ffff:12:122:80:226) 175.058 ms 173.507 ms 176.317 ms
> 7 cgcil22crs.ipv6.att.net (2001:1890:ff:ffff:12:122:1:2) 171.525 ms 171.620 ms 172.789 ms
> 8 cr1.cgcil.ip.att.net (::ffff:12.122.2.53) 174.256 ms 174.761 ms 173.078 ms
> 9 sffca21crs.ipv6.att.net (2001:1890:ff:ffff:12:122:4:121) 172.066 ms 172.525 ms 174.842 ms
> 10 cr81.sj2ca.ip.att.net (::ffff:12.122.1.118) 171.342 ms 173.409 ms 171.158 ms
> 11 sj2ca401me3.ipv6.att.net (2001:1890:ff:ffff:12:122:126:238) 237.509 ms 170.582 ms 170.598 ms
> [...]
> and indeed see incoming ICMPv6 packets with ::ffff:/96 source addresses.
> I suppose, this is not as it should be. Does anyone know what kind
> of routers create those and in which situation (maybe if there are only
> link-local IPv6 addresses on the link)? Probably it's not SIIT.

MPLS nodes, I know Cisco did it, probably more these days. They are valid
packets even on the wire, however some OSes simply drop them on input based
on an old draft:
http://tools.ietf.org/html/draft-itojun-v6ops-v4mapped-harmful-02
I know at least FreeBSD still does.

Given you see them in your traceroute6, your OS seems to accept them.
Make sure that your firewall handles these kinds of addresses correctly
then.

/bz

--
Bjoern A. Zeeb You have to have visions!
It does not matter how good you are. It matters what good you do!

nsp ipv6 RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.