Re: NATLL6 [was Re: Forwarding Packets With Link Local Destination Addresses]

Brian E Carpenter <> Fri, 08 January 2021 20:43 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id AF8383A12AE for <>; Fri, 8 Jan 2021 12:43:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.36
X-Spam-Status: No, score=-2.36 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, NICE_REPLY_A=-0.262, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id U07NS2PfQI1e for <>; Fri, 8 Jan 2021 12:43:41 -0800 (PST)
Received: from ( [IPv6:2607:f8b0:4864:20::62f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 405333A12AC for <>; Fri, 8 Jan 2021 12:43:41 -0800 (PST)
Received: by with SMTP id s15so6267014plr.9 for <>; Fri, 08 Jan 2021 12:43:41 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-language:content-transfer-encoding; bh=ji9fxlWk5f/GOpDHlC39I/XNZ/3Gkxx/jCVxcwWzhK0=; b=MvcxofSnSV/D8ED9wCFSC63QkgE+yqaCs58jIxm9xYveo7mBFI7333FSimslcrkMQt uQsHXBhJ7N3K+F9Q4gzO4FSkBcCXUDmpdqGiErH5hDAMBwzvrlt0j6BSKIvr6IB8rDHq 9vTr71WJJJZeoenkO5dRAK/Znvc5ioihxbzfRVwBfdIeh/FoTbRWBNgPi2odrgZiq5JU BN7q/kVoAW/k9UJMHyseP9cFY5ahLNdWGg8dKsKwknJAAGUFGW+excR/bXO08ZIt66+J lAs5ZyJgJzWLK8OoHwxYPU3cM6h4HDWxgoBlVcWTFXCjEo9GyGiuyEL4Pm6lwA0PrMGJ zujA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=ji9fxlWk5f/GOpDHlC39I/XNZ/3Gkxx/jCVxcwWzhK0=; b=txscnPNTysuG65v3FJUh7id5jwgrqeKc8Vp9k+QH2TAciZ0NvYzWahAJVexQu2e7oQ L7tCdqAlnJNBeQxop0fHLfzVePnWol/Vx4+fCclApkG0KW5fAIhtlhPrebZmjFmb9m9i pn4cVIiJMCYulbLMGxd3ZzkUtQu1vj8aAsx/IR75nqC/QcI/Zn149cR6fLTrVZUUqFUg 8Mn6XiH9pX7a04s7HvFQQNtIe/kKBgsiPqMK4toJHrm/Fk593qfzN3L3AJRvUvCKufWP YPWKKo9E4x4ejkfjEJOuYtoJEr1z8oJ1wCRi4H3Y9YkvRxphc2SF3vTPbiOgNVuLWtuU 2OUg==
X-Gm-Message-State: AOAM532pPJS8Zre26AH5QxLleU3eM3YD9tuu0FXXl4ZtT1/s+yHLe9lz KQnEcSKfQFmUCBNK++8J8qd44D88b64A9Q==
X-Google-Smtp-Source: ABdhPJxMlzOC5w41zcVbUNsblHv54b3VJP9LnjXCBcDn5Eawnr3onfEfU6hfis4I2KQd6+Kk+5X4WQ==
X-Received: by 2002:a17:90a:4042:: with SMTP id k2mr5699744pjg.160.1610138620369; Fri, 08 Jan 2021 12:43:40 -0800 (PST)
Received: from [] ([]) by with ESMTPSA id y1sm9978382pff.17.2021. (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 08 Jan 2021 12:43:39 -0800 (PST)
Subject: Re: NATLL6 [was Re: Forwarding Packets With Link Local Destination Addresses]
To: Fernando Gont <>, Alejandro Acosta <>,
References: <> <> <> <>
From: Brian E Carpenter <>
Message-ID: <>
Date: Sat, 9 Jan 2021 09:43:36 +1300
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable
Archived-At: <>
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 08 Jan 2021 20:43:43 -0000

On 09-Jan-21 08:51, Fernando Gont wrote:
> On 8/1/21 16:37, Brian E Carpenter wrote:
> [...]
>>>> I interpret this statement to include packets that contain routing headers. For example, it forbids an SRv6 packet whose final segment has a locator that begins with FE80.
>>>    In LACNIC we ran a project called Natmeter [1] for about 2 years, we obtained a lot of interesting data during this period [2].
>>>    The case is the following, we detected some end-user devices with only Link Local addresses (exactly, no GUA nor ULA) that were successfully natted and using the web.
>>>    Is it ok?, do you consider it as a forwarding of a packet? was it a crazy result? (we saw few samples of this)
>> NAT66 is not defined and not recommended, so there really isn't an answer to your questions. I can't think of a reason why such a hack wouldn't work, though. As long as the LL address is translated, it will not escape from the LAN.
> I would expect that something else (other than IPv6 NAT) is going on. IN 
> that sense, it would be interesting to know more details about the 
> methodology they employ to measure the use of NATs.

Well, the host has not disabled IPv6, but neither has it processed an RA
to generate a routeable address. So the UE configuration is apparently a
bit strange: WAN-side IPv6 is up, but no LAN-side RAs, and a NAT66 hack
enabled. gives some details. It includes
a client-side script.

(Unfortunately seems to be broken.)