Something with filters
Jared Mauch
jared at puck.nether.net
Thu Aug 28 17:38:16 CEST 2014
I'm happy to add my voice to the bug. Please let me know what vendor and bug id.
I can't open a bug against a 3rd party misbehaving box when I don't know what it is though. I assume you can get this info since you have the endpoint data somewhere.
Jared Mauch
> On Aug 27, 2014, at 3:58 PM, Jeroen Massar <jeroen at massar.ch> wrote:
>
>> On 2014-08-27 19:52, Jared Mauch wrote:
>>
>>> On Aug 27, 2014, at 12:01 PM, Jeroen Massar <jeroen at massar.ch> wrote:
>>>
>>> I was doing some traceroutes to determine some weird claim of a transit
>>> (not shown in the below trace) being "tier1" while another transit
>>> actually popped up in their network and then noticed this beauty:
>>>
>>> 9 2001:5a0:a00::2e (2001:5a0:a00::2e) 79.018 ms 79.910 ms 79.960 ms
>>> 10 :: (::) 101.893 ms 102.004 ms 103.574 ms
>>> 11 rar3.chicago-il.us.xo.net (::ffff:65.106.1.155) 104.732 ms
>>>
>>> Yeah baby, we can use the unspecified address in ICMP replies!
>>>
>>> Why oh why is that packet even allowed to come back to me, let alone
>>> travel all those hops...
>>>
>>> Oh, yeah, something with uRPF and other such awesome standards.
>>
>> uRPF is an expensive feature in hardware that most people don’t
>> ask their vendors for. uRPF for IPv6 is even harder because of
>> things like hop #11 seen above.
>>
>> We keep asking the vendors but apparently we are in the minority.
>
> I know that the majority of the list here wants it; but the vendors
> don't it seems... one has to wonder why...
>
> Especially a check for a zero'd address is really not that hard; it is
> just crazyness that that is not checked for.
>
> If possible, please file this problem with your relevant technical
> contacts and account managers, as it is just nonsense that that packet
> is allowed to travel over the Internet.
>
> Greets,
> Jeroen
More information about the ipv6-ops
mailing list