[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 6to4 anycast IP as source address / PTR record

Subject: Re: 6to4 anycast IP as source address / PTR record
From: Rémi Després <remi.despres@free.fr>
Date: Fri, 01 Feb 2008 09:39:00 +0100
Cc: Kevin Day <toasty@dragondata.com>, v6ops <v6ops@ops.ietf.org>
In-reply-to: <alpine.LRH.1.00.0801310839100.8392@netcore.fi>
References: <9F195FE7-E47F-4CC3-B93E-5FA4AAF1088A@dragondata.com> <alpine.LRH.1.00.0801310839100.8392@netcore.fi>
User-agent: Thunderbird 2.0.0.9 (Macintosh/20071031)

Pekka Savola wrote :

On Wed, 30 Jan 2008, Kevin Day wrote:
When a 6to4 relay encapsulates v6 traffic and sends it to a 6to4 hostover v4, should the source address be 192.88.99.1 or the relay's v4unicast address?

IMHO, pending a firm recommendation, the anycast address as source is
the most natural choice, and is the  best candidate for an answer to the
question. (An answer which IMHO is highly desirable.)
-This choice limits somewhat risks of address spoofing (if any unicast
source address is permitted, any host can pretend being a 6to4 relay).
- RFC1546 says about IPv4: " Hosts should accept datagrams with an
anycast source address, although some transport protocols (see below)
may refuse to accept them.". There is no conflict.
- RFC 1884 says, but only about IPv6 "An anycast address must not be
used as the source address of an IPv6 packet.".  There is no conflict
either.

The answer to Kevin could then IMO be made official, in a new version ofRFC 3068, with something like:

"6to4 relay routers (between IPv4 and IPv6 public clouds)  MUST use
192.88.99.1 as  IPv4 source addresses of IPv6 packets they encapsulate,
and check that IPv6 source addresses are not  6to4 (i.e. don't start
with 2002::/16).
6to4 routers (between IPv6 private clouds and IPv4-only public
networks)  SHOULD accept IPv6 encapsulated packets only if:
- IPv4 source addresses are not 192.88.99.1 if  IPv6 source addresses
are 6to4;
- IPv4 source addresses are 192.88.99.1 if IPv6 source addresses are
not 6to4".

.The reason this is coming up right now... Since we've startedrunning a 6to4 relay, we've had a few complaints show up at ourabuse@ box asking what this 192.88.99.1 host is on our network, whyits WHOIS doesn't make sense, and why it's sending them traffic.
Why doesn't WHOIS make sense? How should this be improved? Maybe itcould say "special anycast" instead of just "special", but it doesprovide a pointer..
NetRange:   192.88.99.0 - 192.88.99.255
CIDR:       192.88.99.0/24
NetName:    IANA-192
NetHandle:  NET-192-88-99-0-1
Parent:     NET-192-0-0-0-0
NetType:    IANA Special Use
Comment:    This block is reserved for special purposes.
Comment:    Please see RFC 3068 for additional information.
Comment:
RegDate:
Updated:    2002-09-16

Full support.
Maybe it could be even more reader friendly if "for additional
information" would become "for its use in 6to4".


Rémi

References:
- 6to4 anycast IP as source address / PTR record
  - From: Kevin Day <toasty@dragondata.com>
- Re: 6to4 anycast IP as source address / PTR record
  - From: Pekka Savola <pekkas@netcore.fi>

Prev by Date: Re: 6to4 anycast IP as source address / PTR record
Next by Date: Re: 6PE-Alt
Previous by thread: Re: 6to4 anycast IP as source address / PTR record
Next by thread: Re: 6to4 anycast IP as source address / PTR record
Index(es):
- Date
- Thread