IPv4-mapped as ICMPv6 source address ?!
Bjoern A. Zeeb
bzeeb-lists at lists.zabbadoz.net
Mon May 7 18:11:19 CEST 2012
On 7. May 2012, at 14:58 , Lutz Preßler wrote:
> Hello,
>
> doing traceroute6 www.ietf.org, I get
> [...]
> 5 2001:1890:1fff:109:192:205:34:181 (2001:1890:1fff:109:192:205:34:181) 95.902 ms 95.644 ms 119.383 ms
> 6 n54ny21crs.ipv6.att.net (2001:1890:ff:ffff:12:122:80:226) 175.058 ms 173.507 ms 176.317 ms
> 7 cgcil22crs.ipv6.att.net (2001:1890:ff:ffff:12:122:1:2) 171.525 ms 171.620 ms 172.789 ms
> 8 cr1.cgcil.ip.att.net (::ffff:12.122.2.53) 174.256 ms 174.761 ms 173.078 ms
> 9 sffca21crs.ipv6.att.net (2001:1890:ff:ffff:12:122:4:121) 172.066 ms 172.525 ms 174.842 ms
> 10 cr81.sj2ca.ip.att.net (::ffff:12.122.1.118) 171.342 ms 173.409 ms 171.158 ms
> 11 sj2ca401me3.ipv6.att.net (2001:1890:ff:ffff:12:122:126:238) 237.509 ms 170.582 ms 170.598 ms
> [...]
> and indeed see incoming ICMPv6 packets with ::ffff:/96 source addresses.
> I suppose, this is not as it should be. Does anyone know what kind
> of routers create those and in which situation (maybe if there are only
> link-local IPv6 addresses on the link)? Probably it's not SIIT.
MPLS nodes, I know Cisco did it, probably more these days. They are valid
packets even on the wire, however some OSes simply drop them on input based
on an old draft:
http://tools.ietf.org/html/draft-itojun-v6ops-v4mapped-harmful-02
I know at least FreeBSD still does.
Given you see them in your traceroute6, your OS seems to accept them.
Make sure that your firewall handles these kinds of addresses correctly
then.
/bz
--
Bjoern A. Zeeb You have to have visions!
It does not matter how good you are. It matters what good you do!
More information about the ipv6-ops
mailing list