Something with filters
Jared Mauch
jared at puck.nether.net
Wed Aug 27 19:52:13 CEST 2014
> On Aug 27, 2014, at 12:01 PM, Jeroen Massar <jeroen at massar.ch> wrote:
>
> I was doing some traceroutes to determine some weird claim of a transit
> (not shown in the below trace) being "tier1" while another transit
> actually popped up in their network and then noticed this beauty:
>
> 9 2001:5a0:a00::2e (2001:5a0:a00::2e) 79.018 ms 79.910 ms 79.960 ms
> 10 :: (::) 101.893 ms 102.004 ms 103.574 ms
> 11 rar3.chicago-il.us.xo.net (::ffff:65.106.1.155) 104.732 ms
>
> Yeah baby, we can use the unspecified address in ICMP replies!
>
> Why oh why is that packet even allowed to come back to me, let alone
> travel all those hops...
>
> Oh, yeah, something with uRPF and other such awesome standards.
uRPF is an expensive feature in hardware that most people don’t ask their vendors for. uRPF for IPv6 is even harder because of things like hop #11 seen above.
We keep asking the vendors but apparently we are in the minority.
- Jared
More information about the ipv6-ops
mailing list