Usage of fd00::/8 on the Interwebz - something with filters and uRPF

Eric Vyncke (evyncke) evyncke at cisco.com
Thu May 30 08:19:06 CEST 2013


I do not mind too much getting packets with a ULA as source address; not perfect but I can live with those packets (BTW, my own residential firewall at home drops all packets whose source is not in 2000::/3 and it drops/logs a couple of ULA per week...).

But, being able to receive those packets with an invalid source, this is what really matters: no BCP 38 implemented between you and the ULA. BAD BAD...


-éric

> -----Original Message-----
> From: ipv6-ops-bounces+evyncke=cisco.com at lists.cluenet.de [mailto:ipv6-ops-
> bounces+evyncke=cisco.com at lists.cluenet.de] On Behalf Of Jeroen Massar
> Sent: jeudi 30 mai 2013 00:42
> To: Brian E Carpenter
> Cc: ipv6-ops at lists.cluenet.de
> Subject: Re: Usage of fd00::/8 on the Interwebz - something with filters and
> uRPF
> 
> On 2013-05-29 13:56, Brian E Carpenter wrote:
> > Isn't it possible for a ULA to show up in a traceroute because it's
> > used on an internal interface by a transit network?
> 
> Possible: yes, bad idea: definitely
> 
> When uRPF is enabled or other source verification checks are being done, one
> will never have a valid path to that address and thus one cannot source
> packets, even ICMP, from that address.
> 
> > Your packets
> > may not even have crossed that interface of the router concerned.
> >
> > There's also a loop between hops 6 and 7, isn't there?
> 
> That looks more like multiple hops through the same box, which likely
> indicates other issues with that setup.
> 
> Greets,
>  Jeroen



More information about the ipv6-ops mailing list