teredo traffic on 6to4 relay ?
Jeroen Massar
jeroen at unfix.org
Fri May 4 16:11:01 CEST 2012
On 2012-05-04 15:19 , Mark Pace Balzan wrote:
>
> Marco- thanks, its possibly bit torrent, but as Jeroen points out
> both src and dst are 2001:0 (teredo)
>
> Jeroen - yes RPF is of course critical, but im also interested in why
> this is happening at all...
Obviously you are not applying proper RPF for your traffic otherwise...
>
>> But, as we do not know if he has a default route or anything else
>> on it it is hard to tell why his box is even forwarding these
>> packets.
>
> v6 default on the relay points out to the v6 internet and purpose in
> life of this box is just 6to4 :)
>
> Performing a packet trace on packets (v4 and v6) incoming into the
> relay box, shows that said teredo packets (ie 2001:0 in both src and
> dst) have v4 source address belonging to v4 unicast users on my
> network and v4 destination being 192.88.99.1 which is the 6to4
> anycast ip.
6to4 tunnels are just proto-41 tunnels, with one difference, they should
only handle packets where a source address on the tunnel side is 6to4
(thus 2002::/16). Clearly you are accepting proto-41 traffic with any
kind of source address, otherwise this could not be happening.
Greets,
Jeroen
More information about the ipv6-ops
mailing list