teredo traffic on 6to4 relay ?

[Mark Pace Balzan]

Marco- thanks, its possibly bit torrent, but as Jeroen points out both src and dst are 2001:0 (teredo)

Jeroen - yes RPF is of course critical, but im also interested in why this is happening at all...


> But, as we do not know if he has a default route or anything else on it
> it is hard to tell why his box is even forwarding these packets.

v6 default on the relay points out to the v6 internet and purpose in life of this box is just 6to4 :)

Performing a packet trace on packets (v4 and v6) incoming into the relay box, shows that said teredo packets (ie 2001:0 in both src and dst) have v4 source address belonging to v4 unicast users on my network and v4 destination being 192.88.99.1 which is the 6to4 anycast ip.

Therefore IPv4 routing is working fine and v4 packets are being delivered to their correct destination, I suspect that the client originating the packet is somehow sending teredo encapsulated traffic to 192.88.99.1 - a bug on the client stack perhaps ?  note i dont have access to the client platform

Additionally, the 6to4 relay seems to be decpasulating the packet and forwarding it on its way to the v6 internet even if its totally teredo inside and not 6to4  !



Cheers

Mark