6PE mapped addresses used for ICMPv6 responses - knob to fix that?
Tore Anderson
tore at fud.no
Sat Jun 1 08:46:58 CEST 2013
* Jeroen Massar
> That is, if you have 6PE (IPv4 LSP) in your network routers might send
> an ICMPv6 message from the IPv6-Mapped-IPv4 address.
>
> And as :::ffff:0.0.0.0/96 should not be in anybody's BGP table, it will
> fail uRPF.
>
> Is anybody aware of a knob that can force for instance the loopback
> address to be used on these boxes?
AIUI, the P routers in a network using 6PE might not have IPv6 addresses
on them at all, not even on the loopback interface. If that's the case,
there are three options that I can see:
1) enable core hiding, or
2) don't emit ICMPv6 errors at all, or
3) use an IPv4-mapped address as the source of the ICMPv6 errors.
All of these constitute ways of breaking traceroute, although only #3
has a slight chance of actually relaying some useful information back to
the person performing the traceroute. So IMHO it's the best option.
Tore
More information about the ipv6-ops
mailing list