Something with filters

[Jared Mauch]

I'm happy to add my voice to the bug. Please let me know what vendor and bug id. 

I can't open a bug against a 3rd party misbehaving box when I don't know what it is though. I assume you can get this info since you have the endpoint data somewhere. 

Jared Mauch

> On Aug 27, 2014, at 3:58 PM, Jeroen Massar <jeroen at massar.ch> wrote:
> 
>> On 2014-08-27 19:52, Jared Mauch wrote:
>> 
>>> On Aug 27, 2014, at 12:01 PM, Jeroen Massar <jeroen at massar.ch> wrote:
>>> 
>>> I was doing some traceroutes to determine some weird claim of a transit
>>> (not shown in the below trace) being "tier1" while another transit
>>> actually popped up in their network and then noticed this beauty:
>>> 
>>> 9  2001:5a0:a00::2e (2001:5a0:a00::2e)  79.018 ms  79.910 ms  79.960 ms
>>> 10  :: (::)  101.893 ms  102.004 ms  103.574 ms
>>> 11  rar3.chicago-il.us.xo.net (::ffff:65.106.1.155)  104.732 ms
>>> 
>>> Yeah baby, we can use the unspecified address in ICMP replies!
>>> 
>>> Why oh why is that packet even allowed to come back to me, let alone
>>> travel all those hops...
>>> 
>>> Oh, yeah, something with uRPF and other such awesome standards.
>> 
>> uRPF is an expensive feature in hardware that most people don’t
>> ask their vendors for.  uRPF for IPv6 is even harder because of
>> things like hop #11 seen above.
>> 
>> We keep asking the vendors but apparently we are in the minority.
> 
> I know that the majority of the list here wants it; but the vendors
> don't it seems... one has to wonder why...
> 
> Especially a check for a zero'd address is really not that hard; it is
> just crazyness that that is not checked for.
> 
> If possible, please file this problem with your relevant technical
> contacts and account managers, as it is just nonsense that that packet
> is allowed to travel over the Internet.
> 
> Greets,
> Jeroen