Tracing IPv6 packet drops resulting from Extension Headers (e.g. to Google)

Fernando Gont fernando at gont.com.ar
Tue Jul 1 17:52:45 CEST 2014 

Folks,

I've been playing quite a bit with code and testing.

One tool that I've produced is "blackhole6", which essentially works as
follows:

1) It runs traceroute6 with no EHs (path6, actually), and records the
path to the destination (PATH)
2) It runs traceroute6 with EHs (path6, actually), and find the last
responding node (M)
3) Looks-up M in PATH. The dropping node is M+1.

Additionally, it finds relevant AS info for each of the systems above.

If you want to try it, just:
$ git clone https://github.com/fgont/ipv6toolkit.git
$ cd ipv6toolkit
# make install clean

And then run the tool as:

# blackhole6 IPV6_ADDRESS


If you run the tool against an AAAA corresponding to www.google.com, you
get:

fgont at satellite:~/code/ipv6toolkit/tools$ sudo blackhole6
2800:3f0:4002:801::1011

SI6 Networks IPv6 Toolkit v2.0
blackhole6: A tool to find IPv6 blackholes

Destination IPv6 address: 2800:3f0:4002:801::1011 (AS15169 - GOOGLE -
Google Inc.,US)
Last resp. node (no EHs): 2800:3f0:4002:801::1011 (AS15169 - GOOGLE -
Google Inc.,US) (12 hop(s))
Last resp. node (DO 8): 2001:1291:0:4b::b (AS16735 -COMPANHIA DE
TELECOMUNICACOES DO BRASIL CENTRAL,BR) (7 hop(s))
Dropping node: 2001:1291:0:63::2 (AS16735 - COMPANHIA DE
TELECOMUNICACOES DO BRASIL CENTRAL,BR)


I guess the question is why the dropping node seems to be M+2 rather
than M+1 (based on public information, I was expecting Google to be the
folks dropping the EH-enabled IPv6 packets rather
than the Brazilian company above)?.

If you do a normal traceroute (path6 tool of the toolkit), the route is:

fgont at satellite:~/code/ipv6toolkit/tools$ sudo path6 -d
2800:3f0:4002:801::1011
  1 (2001:1291:2e6:1::1)   0.4 ms   0.2 ms   0.3 ms
  2 (2001:1291:200:42e::1)  278.4 ms  236.3 ms  239.0 ms
  3 (2001:1291:2::b)  239.3 ms  240.5 ms  239.3 ms
  4 (2001:1291:2::a)  239.6 ms  240.5 ms  243.1 ms
  5 (2001:1291:0:2::b)  239.5 ms  240.8 ms  239.5 ms
  6 (2001:1291:0:d7::a)  246.6 ms  240.1 ms  240.9 ms
  7 (2001:1291:0:4b::b)  244.3 ms  240.1 ms  240.3 ms
  8 (2001:1291:0:63::2)  255.5 ms  254.0 ms  255.1 ms
  9 (2001:4860::1:0:4f24)  257.8 ms  257.6 ms  261.4 ms
 10 (2001:4860::1:0:e)  281.6 ms  280.5 ms  283.2 ms
 11 (2001:4860:0:1::d8)  282.9 ms  285.3 ms  285.9 ms
 12 (2800:3f0:4002:801::1011)  284.2 ms  282.5 ms  285.7 ms


And with a DOH of 8 bytes, it is:

fgont at satellite:~/code/ipv6toolkit/tools$ sudo path6 -d
2800:3f0:4002:801::1011 -u 8
  1 (2001:1291:2e6:1::1)   1.0 ms   0.4 ms   0.4 ms
  2 (2001:1291:200:42e::1)  319.0 ms  245.6 ms  248.8 ms
  3 (2001:1291:2::b)  249.0 ms  237.1 ms  239.9 ms
  4 (2001:1291:2::a)  320.7 ms  320.1 ms  316.7 ms
  5 (2001:1291:0:2::b)  243.9 ms  243.4 ms  243.6 ms
  6 (2001:1291:0:d7::a)  240.0 ms  246.3 ms  247.7 ms
  7 (2001:1291:0:4b::b)  249.8 ms  241.6 ms  238.8 ms
  8 ()   *  *  *
  9 ()   *  *  *
 10 ()   *  *  *
 11 ()   *  *  *


Clearly, M+1 (2001:1291:0:63::2) is still the Brazilian carrier, while
M+2 (2001:4860::1:0:4f24) is Google, the folks I was expecting to be
dropping the packets.

Obviously, I don't care about this specific case... but probably is one
on which we might have more insights than others.

Thoughts?

Thanks!

Best regards,
-- 
Fernando Gont
SI6 Networks
e-mail: fgont at si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492





-- 
Fernando Gont
e-mail: fernando at gont.com.ar || fgont at si6networks.com
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1

More information about the ipv6-ops mailing list