Misc Q about IPv6 in enterprise

Jeroen Massar jeroen at unfix.org
Thu Nov 29 12:26:44 CET 2007


[wrapped lines as my screen is not 1000 chars wide yet]

Eric Vyncke wrote:
> Not sure whether this list is also for enterprise deployment (actually
> a University)... so feel free to redirect me to a better alias.
> 
> We see a couple of glitches in our deployment:
> 
> 1) some hosts still advertise a 6to4 prefix (2002::/16) through RA even
> when they are offered native IPv6 connectivity (so why the heck are they
> using 6to4 and why do they announce themselves as a router)

Depends on the configuration and the platform.

But there might be a reason for doing so actually:
 "improving" connectivity to other 6to4 hosts.

The big side-effect though of course being even more unexpected routing,
the fun and joys of 6to4.

> 2) some hosts still try to use DHCPv6 (hence several IPv6 mcast to the
> link local DHCP servers & relays) even when the RA specifies
'autoconfigure'

Which platform? And what kind of 'autoconfigure', RA's can state "use RA
only" and "try DHCPv6", but afaik there is no "Don't use DHCPv6" option.
I assume though that quite some OS's don't pass this option down to a
user-space DHCPv6 client.

> 3) the site receives a lot of UDP traffic (on ports like 24463 or 17557)
> from 2001::/32 (teredo) and 2002::/16 (6to4) with small packets...
> This means that the remote hosts are probably Windows machines

Why would that be a Windows box? Now if the address has certain formats
(especially for 6to4) you could assume this, but for instance miredo
also does Teredo and is quite deployed too.

> but I really
> wonder what the protocol is. This happens over wifi so difficult to chase
> the user and wireshark has no clue...

Azareus now supports BitTorrent DHT over IPv6, as such when two hosts in
a BitTorrent setup do DHT, they also try and use IPv6 where possible.
This might be what is causing this. As you mentioned a university
setting it is not unlikely that this is the case as we all know what the
fat pipes sponsored by the government are really being used for.


To figure out all these 'glitches' you really will have to either
provide all the information you have (and quite a lot more) or just look
on the boxes sending and/or receiving these packets to be able to figure
out where the problem is.

Greets,
 Jeroen

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 187 bytes
Desc: OpenPGP digital signature
Url : http://lists.cluenet.de/pipermail/ipv6-ops/attachments/20071129/9cfab89d/signature.bin


More information about the ipv6-ops mailing list