6to4 in Internet aaaa records

Jeroen Massar jeroen at massar.ch
Sat Oct 4 13:02:26 CEST 2014 

On 2014-10-04 12:49, Gert Doering wrote:
> Hi,
> 
> On Thu, Oct 02, 2014 at 10:31:25PM -0400, Jeroen Massar wrote:
>>> <http://www.azdes.gov>)... 2002::cf6c:8846
>>
>> That is an invalid 6to4 address as it would have a 6to4 gateway of 0.0.0.0.
> 
> Uh, what?
> 
> Who are you and what happens to the Jeroen I know who understands IPv6,
> and knows that 6to4 addresses do (unlike Teredo) not call a reference
> to the gateway in there...

I think Gert needs some Saturday morning coffee.... ;)

Just in case:

$ ipv6calc -i 2002::cf6c:8846
No input type specified, try autodetection...found type: ipv6addr
No output type specified, try autodetection...found type: ipv6addr
Address type: unicast, 6to4, global-unicast, productive
Address type is 6to4 and included IPv4 address is: 0.0.0.0
IPv4 registry for 6to4 address: reserved(RFC1122#3.2.1.3)
Address type has SLA: 0000
Error getting registry string for IPv6 address: reserved(RFC3056#2)
Interface identifier: 0000:0000:cf6c:8846
Interface identifier is probably manual set or based on a local EUI-64
identifier


If a packet from say 2001:db8::1 would go to 2002::cf6c:8846 it will be
forwarded to a router with 6to4-tunneling-ability, which will create a
IPv4 packet with destination 0.0.0.0 (due to 2002:aabb:ccdd:...)
containing a protocol 41 payload that is the IPv6 packet we are forwarding.

The 0.0.0.0 host will then deliver over native IPv6 the packet to
2002::cf6c:8846.

As 0.0.0.0 is invalid though, the packet will not end up anywhere and
stuff miserably fails.

Note that if all is correctly implemented the 6to4-relay will send an
icmp6-unreachable as it will have a 2002::/24 route to loopback (just
like it should have routes for 2002:<rfc1918 etc>).

>  and that the biggest part of the actual
> *problem* with 6to4 is exactly the anycast nature of it's current
> deployment...?

Of course that is a big problem.

But the 0.0.0.0 in there will never work either ;)

With or without an anycast node.

>> One would think with all the "IPv6 consultants" in the US, that .gov
>> agencies would be able to get that part right...
>>
>> Though, better point them out that 6to4 is a bad idea in general anyway.
> 
> I certainly agree with that sentiment, though.  6to4 should never ever
> (NEVER!) show up in public DNS for servers, as "just stick to IPv4" is 
> guaranteed to give better service.

Indeed.

Greets,
 Jeroen

More information about the ipv6-ops mailing list