On 2014-10-04 12:49, Gert Doering wrote: > Hi, > > On Thu, Oct 02, 2014 at 10:31:25PM -0400, Jeroen Massar wrote: >>> <http://www.azdes.gov>)... 2002::cf6c:8846 >> >> That is an invalid 6to4 address as it would have a 6to4 gateway of 0.0.0.0. > > Uh, what? > > Who are you and what happens to the Jeroen I know who understands IPv6, > and knows that 6to4 addresses do (unlike Teredo) not call a reference > to the gateway in there...
I think Gert needs some Saturday morning coffee.... ;) Just in case: $ ipv6calc -i 2002::cf6c:8846 No input type specified, try autodetection...found type: ipv6addr No output type specified, try autodetection...found type: ipv6addr Address type: unicast, 6to4, global-unicast, productive Address type is 6to4 and included IPv4 address is: 0.0.0.0 IPv4 registry for 6to4 address: reserved(RFC1122#3.2.1.3) Address type has SLA: 0000 Error getting registry string for IPv6 address: reserved(RFC3056#2) Interface identifier: 0000:0000:cf6c:8846 Interface identifier is probably manual set or based on a local EUI-64 identifier If a packet from say 2001:db8::1 would go to 2002::cf6c:8846 it will be forwarded to a router with 6to4-tunneling-ability, which will create a IPv4 packet with destination 0.0.0.0 (due to 2002:aabb:ccdd:...) containing a protocol 41 payload that is the IPv6 packet we are forwarding. The 0.0.0.0 host will then deliver over native IPv6 the packet to 2002::cf6c:8846. As 0.0.0.0 is invalid though, the packet will not end up anywhere and stuff miserably fails. Note that if all is correctly implemented the 6to4-relay will send an icmp6-unreachable as it will have a 2002::/24 route to loopback (just like it should have routes for 2002:<rfc1918 etc>). > and that the biggest part of the actual > *problem* with 6to4 is exactly the anycast nature of it's current > deployment...? Of course that is a big problem. But the 0.0.0.0 in there will never work either ;) With or without an anycast node. >> One would think with all the "IPv6 consultants" in the US, that .gov >> agencies would be able to get that part right... >> >> Though, better point them out that 6to4 is a bad idea in general anyway. > > I certainly agree with that sentiment, though. 6to4 should never ever > (NEVER!) show up in public DNS for servers, as "just stick to IPv4" is > guaranteed to give better service. Indeed. Greets, Jeroen
