Something with filters
jared at puck.nether.net
Thu Aug 28 17:38:16 CEST 2014
I'm happy to add my voice to the bug. Please let me know what vendor and bug id.
I can't open a bug against a 3rd party misbehaving box when I don't know what it is though. I assume you can get this info since you have the endpoint data somewhere.
> On Aug 27, 2014, at 3:58 PM, Jeroen Massar <jeroen at massar.ch> wrote:
>> On 2014-08-27 19:52, Jared Mauch wrote:
>>> On Aug 27, 2014, at 12:01 PM, Jeroen Massar <jeroen at massar.ch> wrote:
>>> I was doing some traceroutes to determine some weird claim of a transit
>>> (not shown in the below trace) being "tier1" while another transit
>>> actually popped up in their network and then noticed this beauty:
>>> 9 2001:5a0:a00::2e (2001:5a0:a00::2e) 79.018 ms 79.910 ms 79.960 ms
>>> 10 :: (::) 101.893 ms 102.004 ms 103.574 ms
>>> 11 rar3.chicago-il.us.xo.net (::ffff:184.108.40.206) 104.732 ms
>>> Yeah baby, we can use the unspecified address in ICMP replies!
>>> Why oh why is that packet even allowed to come back to me, let alone
>>> travel all those hops...
>>> Oh, yeah, something with uRPF and other such awesome standards.
>> uRPF is an expensive feature in hardware that most people don’t
>> ask their vendors for. uRPF for IPv6 is even harder because of
>> things like hop #11 seen above.
>> We keep asking the vendors but apparently we are in the minority.
> I know that the majority of the list here wants it; but the vendors
> don't it seems... one has to wonder why...
> Especially a check for a zero'd address is really not that hard; it is
> just crazyness that that is not checked for.
> If possible, please file this problem with your relevant technical
> contacts and account managers, as it is just nonsense that that packet
> is allowed to travel over the Internet.
More information about the ipv6-ops