Why do we still need IPv4 when we are migrating to IPv6...

Phil Mayers p.mayers at imperial.ac.uk
Fri Feb 13 15:12:31 CET 2015

On 13/02/15 13:27, Mikael Abrahamsson wrote:

> Packet reaches HGW2, which has no flow state, and is dropped. ICMP error
> message might be created.
> In case of ICMP error message, U1 should ignore this.

That's an application-layer issue. It all depends on how they're talking 
to the socket API. They might not even see the ICMP error if they're 
just doing dumb send() calls.

> U2 sends a packet from U2IP,U2PORT to U1IP,U1PORT.
> HGW2 creates flow state.
> Packet hits HGW1 which already has a flow state, and packet successfully
> reaches U1.
> U1 now can start sending packets to U2 as well and they've worked around
> both of them having HGWs with stateful firewalls disallowing new
> connections to them.
> Right?


> The crucial step here seems to be the fact that initial packets might be
> dropped and error messages be generated, but these should be ignored by
> the application. Is this commonplace? Is it a problem at all?

As above, depends on how they're using the socket API. As a rule for UDP 
connections, you actually have to put *more* work in to see ICMP errors. 
It's certainly possible to ignore them.

More information about the ipv6-ops mailing list