IPv6 Type 0 Routing Header issues
pekkas at netcore.fi
Tue Apr 24 07:16:27 CEST 2007
On Mon, 23 Apr 2007, Roger Jørgensen wrote:
> On man, april 23, 2007 19:14, Pekka Savola wrote:
>> Speaking of which, during the last couple of months some folks appear
>> to have been testing these. Specifically, our egress source spoofing
>> filters block some routing header packets between
>> 2001:AD0:301:1002::/64 (DT-IPV6-EE-TLN-VS1) and 2001:730:5::/48
>> (NEXTGEN-LAB). I wonder what those folks are trying to do, maybe test
>> ingress filters or map topology using 'roundabout' traceroute..
> 2001:730:5::/48 is the network I control, and the other one I have no idea
> about. Only thing in that netspace I'm somehow connected to is the
> eu.irc6.net server that are located in 2001:AD0::/32 netblock.
> When did you see this the first time?
Sorry, I misremembered. This is the first time I've seen
2001:730::/32 prefix. Very likely your hosts are just responding to
routing-header including packets by reversing the routing header.
According to our logs, we started seeing these drops on Feb 27th.
The first one was like:
Feb 27 12:56:14 helsinki0-rtr /kernel: FW: so-0/0/0.0 D 43 2001:250:abcd:0:IID1 2001:250:abcd:0:IID2 0 0
And no, the drops are not due to multiple tunnels. Packets include
the routing header, and there is no way such packets could get here
unless they were using routing headers.
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
More information about the ipv6-ops