6PE mapped addresses used for ICMPv6 responses - knob to fix that?

[David Farmer]

On 6/1/13 01:46 , Tore Anderson wrote:
> * Jeroen Massar
>
>> That is, if you have 6PE (IPv4 LSP) in your network routers might send
>> an ICMPv6 message from the IPv6-Mapped-IPv4 address.
>>
>> And as :::ffff:0.0.0.0/96 should not be in anybody's BGP table, it will
>> fail uRPF.
>>
>> Is anybody aware of a knob that can force for instance the loopback
>> address to be used on these boxes?
>
> AIUI, the P routers in a network using 6PE might not have IPv6 addresses
> on them at all, not even on the loopback interface. If that's the case,
> there are three options that I can see:
>
> 1) enable core hiding, or
> 2) don't emit ICMPv6 errors at all, or
> 3) use an IPv4-mapped address as the source of the ICMPv6 errors.
>
> All of these constitute ways of breaking traceroute, although only #3
> has a slight chance of actually relaying some useful information back to
> the person performing the traceroute. So IMHO it's the best option.
>
> Tore

I don't think any vendor does this, but what about assigning a different 
local prefix to use for IPv4-mapped IPv6 addresses, instead of the 
well-known ::ffff:0.0.0.0/96.  You wouldn't be able to automatically 
know its a IPv4-mapped IPv6 addresses, but in this case I'm not sure 
that is really needed.  This would have the added benefit that reverse 
IPv6 DNS just works, even if the IPv4 address is RFC 1918 or otherwise 
not routed.  Also, in the case of 6PE I'm not sure you would even need 
to provide a working return path either.

An example would be 2001:DB8:1234:5678:0:ffff:0.0.0.0/96.

Anyone see a fundamental problem with something like this?


-- 
================================================
David Farmer               Email: farmer at umn.edu
Office of Information Technology
University of Minnesota
2218 University Ave SE     Phone: 1-612-626-0815
Minneapolis, MN 55414-3029  Cell: 1-612-812-9952
================================================