Usage of fd00::/8 on the Interwebz - something with filters and uRPF
Tim Chown
tjc at ecs.soton.ac.uk
Thu May 30 08:36:15 CEST 2013
On 30 May 2013, at 07:23, Jeroen Massar <jeroen at massar.ch> wrote:
> On 2013-05-29 23:19, Eric Vyncke (evyncke) wrote:
>> I do not mind too much getting packets with a ULA as source address;
>> not perfect but I can live with those packets
>
> Hmm, you say till the day you receive a 100G of spoofed packets... and
> that is what they are as nobody is able to claim they "own" those prefixes.
Would be interesting to see how much IPv6 traffic hits the DNS roots from link-local or ULA sources. Anyone have any info?
>> (BTW, my own
>> residential firewall at home drops all packets whose source is not in
>> 2000::/3 and it drops/logs a couple of ULA per week...).
>
> Just showing that quite a few networks are not doing uRPF.
I think last year's Arbor survey showed this at 55% implementation, but IPv6 was not included iirc.
>> But, being able to receive those packets with an invalid source, this
>> is what really matters: no BCP 38 implemented between you and the
>> ULA. BAD BAD...
>
> Fully agree, hence why I raised this on the list as a great example why
> people should check for BCP38 and also require that from their peers and
> transits (bit trickier for those folks typically, but theoretically also
> doable for variances of doable).
Indeed. Including doing so in the wide variety of transition/tunnelling methods out there.
Tim
More information about the ipv6-ops
mailing list