The mapped IPv4 address is probably coming out of a 6PE (or 6VPE) MPLS router where the HopLimit field is copied into the MPLS header and when the poor P router in charge of sending the ICMPv6 has no IPv6 address at all… This is per RFC and perhaps an explanation why uRPF is not activated?
No explanation about the :: address though… As a security person, I would love to have uRPF enabled where possible but I am afraid that even in IPv4 it is not deployed everywhere :-( -éric PS: indeed, ask your vendors for features, customers have much more power than you guess :-) From: Lorenzo Colitti <[email protected]<mailto:[email protected]>> Date: jeudi 28 août 2014 07:46 To: Jeroen Massar <[email protected]<mailto:[email protected]>> Cc: IPv6 Ops list <[email protected]<mailto:[email protected]>> Subject: Re: Something with filters On Wed, Aug 27, 2014 at 9:01 AM, Jeroen Massar <[email protected]<mailto:[email protected]>> wrote: 9 2001:5a0:a00::2e (2001:5a0:a00::2e) 79.018 ms 79.910 ms 79.960 ms 10 :: (::) 101.893 ms 102.004 ms 103.574 ms 11 rar3.chicago-il.us.xo.net<http://rar3.chicago-il.us.xo.net> (::ffff:65.106.1.155) 104.732 ms Yeah baby, we can use the unspecified address in ICMP replies! The mapped IPv4 address in there is pretty cool, too...
