Something with filters
Jeroen Massar
jeroen at massar.ch
Wed Aug 27 21:58:41 CEST 2014
On 2014-08-27 19:52, Jared Mauch wrote:
>
>> On Aug 27, 2014, at 12:01 PM, Jeroen Massar <jeroen at massar.ch> wrote:
>>
>> I was doing some traceroutes to determine some weird claim of a transit
>> (not shown in the below trace) being "tier1" while another transit
>> actually popped up in their network and then noticed this beauty:
>>
>> 9 2001:5a0:a00::2e (2001:5a0:a00::2e) 79.018 ms 79.910 ms 79.960 ms
>> 10 :: (::) 101.893 ms 102.004 ms 103.574 ms
>> 11 rar3.chicago-il.us.xo.net (::ffff:65.106.1.155) 104.732 ms
>>
>> Yeah baby, we can use the unspecified address in ICMP replies!
>>
>> Why oh why is that packet even allowed to come back to me, let alone
>> travel all those hops...
>>
>> Oh, yeah, something with uRPF and other such awesome standards.
>
> uRPF is an expensive feature in hardware that most people don’t
> ask their vendors for. uRPF for IPv6 is even harder because of
> things like hop #11 seen above.
>
> We keep asking the vendors but apparently we are in the minority.
I know that the majority of the list here wants it; but the vendors
don't it seems... one has to wonder why...
Especially a check for a zero'd address is really not that hard; it is
just crazyness that that is not checked for.
If possible, please file this problem with your relevant technical
contacts and account managers, as it is just nonsense that that packet
is allowed to travel over the Internet.
Greets,
Jeroen
More information about the ipv6-ops
mailing list