Something with filters
I was doing some traceroutes to determine some weird claim of a transit (not shown in the below trace) being tier1 while another transit actually popped up in their network and then noticed this beauty: 9 2001:5a0:a00::2e (2001:5a0:a00::2e) 79.018 ms 79.910 ms 79.960 ms 10 :: (::) 101.893 ms 102.004 ms 103.574 ms 11 rar3.chicago-il.us.xo.net (:::65.106.1.155) 104.732 ms Yeah baby, we can use the unspecified address in ICMP replies! Why oh why is that packet even allowed to come back to me, let alone travel all those hops... Oh, yeah, something with uRPF and other such awesome standards. Greets, Jeroen
Re: Something with filters
On 2014-08-27 19:52, Jared Mauch wrote: On Aug 27, 2014, at 12:01 PM, Jeroen Massar jer...@massar.ch wrote: I was doing some traceroutes to determine some weird claim of a transit (not shown in the below trace) being tier1 while another transit actually popped up in their network and then noticed this beauty: 9 2001:5a0:a00::2e (2001:5a0:a00::2e) 79.018 ms 79.910 ms 79.960 ms 10 :: (::) 101.893 ms 102.004 ms 103.574 ms 11 rar3.chicago-il.us.xo.net (:::65.106.1.155) 104.732 ms Yeah baby, we can use the unspecified address in ICMP replies! Why oh why is that packet even allowed to come back to me, let alone travel all those hops... Oh, yeah, something with uRPF and other such awesome standards. uRPF is an expensive feature in hardware that most people don’t ask their vendors for. uRPF for IPv6 is even harder because of things like hop #11 seen above. We keep asking the vendors but apparently we are in the minority. I know that the majority of the list here wants it; but the vendors don't it seems... one has to wonder why... Especially a check for a zero'd address is really not that hard; it is just crazyness that that is not checked for. If possible, please file this problem with your relevant technical contacts and account managers, as it is just nonsense that that packet is allowed to travel over the Internet. Greets, Jeroen
Re: Something with filters
Hi, Especially a check for a zero'd address is really not that hard; it is just crazyness that that is not checked for. If possible, please file this problem with your relevant technical contacts and account managers, as it is just nonsense that that packet is allowed to travel over the Internet. Reminds me of someone showing me a packet with link-local source address and global destination address traveling several hops... :) Cheers, Sander
Re: Something with filters
On Wed, Aug 27, 2014 at 9:01 AM, Jeroen Massar jer...@massar.ch wrote: 9 2001:5a0:a00::2e (2001:5a0:a00::2e) 79.018 ms 79.910 ms 79.960 ms 10 :: (::) 101.893 ms 102.004 ms 103.574 ms 11 rar3.chicago-il.us.xo.net (:::65.106.1.155) 104.732 ms Yeah baby, we can use the unspecified address in ICMP replies! The mapped IPv4 address in there is pretty cool, too...
Re: Something with filters
Jen had presented some similar stats a year ago. https://ripe67.ripe.net/presentations/288-Jen_RIPE67.pdf -- Tassos Jeroen Massar wrote on 27/8/2014 19:01: I was doing some traceroutes to determine some weird claim of a transit (not shown in the below trace) being tier1 while another transit actually popped up in their network and then noticed this beauty: 9 2001:5a0:a00::2e (2001:5a0:a00::2e) 79.018 ms 79.910 ms 79.960 ms 10 :: (::) 101.893 ms 102.004 ms 103.574 ms 11 rar3.chicago-il.us.xo.net (:::65.106.1.155) 104.732 ms Yeah baby, we can use the unspecified address in ICMP replies! Why oh why is that packet even allowed to come back to me, let alone travel all those hops... Oh, yeah, something with uRPF and other such awesome standards. Greets, Jeroen
