On 6/1/13 01:46 , Tore Anderson wrote:
* Jeroen Massar
That is, if you have 6PE (IPv4 LSP) in your network routers might send
an ICMPv6 message from the IPv6-Mapped-IPv4 address.
And as :::ffff:0.0.0.0/96 should not be in anybody's BGP table, it will
fail uRPF.
Is anybody aware of a knob that can force for instance the loopback
address to be used on these boxes?
AIUI, the P routers in a network using 6PE might not have IPv6 addresses
on them at all, not even on the loopback interface. If that's the case,
there are three options that I can see:
1) enable core hiding, or
2) don't emit ICMPv6 errors at all, or
3) use an IPv4-mapped address as the source of the ICMPv6 errors.
All of these constitute ways of breaking traceroute, although only #3
has a slight chance of actually relaying some useful information back to
the person performing the traceroute. So IMHO it's the best option.
Tore
I don't think any vendor does this, but what about assigning a different
local prefix to use for IPv4-mapped IPv6 addresses, instead of the
well-known ::ffff:0.0.0.0/96. You wouldn't be able to automatically
know its a IPv4-mapped IPv6 addresses, but in this case I'm not sure
that is really needed. This would have the added benefit that reverse
IPv6 DNS just works, even if the IPv4 address is RFC 1918 or otherwise
not routed. Also, in the case of 6PE I'm not sure you would even need
to provide a working return path either.
An example would be 2001:DB8:1234:5678:0:ffff:0.0.0.0/96.
Anyone see a fundamental problem with something like this?
--
================================================
David Farmer Email: [email protected]
Office of Information Technology
University of Minnesota
2218 University Ave SE Phone: 1-612-626-0815
Minneapolis, MN 55414-3029 Cell: 1-612-812-9952
================================================
