IETF Logo Mail Archive

Re: [v6ops] IPv6 link-local traffic questions

Gert Doering <gert@space.net> Wed, 25 March 2020 21:05 UTC

Return-Path: <gert@space.net>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 829C33A0C61 for <ipv6@ietfa.amsl.com>; Wed, 25 Mar 2020 14:05:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XgMGmmXW-DgM for <ipv6@ietfa.amsl.com>; Wed, 25 Mar 2020 14:05:13 -0700 (PDT)
Received: from mobil.space.net (mobil.space.net [195.30.115.67]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9187D3A0DE6 for <6man@ietf.org>; Wed, 25 Mar 2020 14:05:11 -0700 (PDT)
X-Original-To: 6man@ietf.org
Received: from mobil.space.net (localhost [IPv6:::1]) by mobil.space.net (Postfix) with ESMTP id 28CC0436D3 for <6man@ietf.org>; Wed, 25 Mar 2020 22:05:09 +0100 (CET)
X-SpaceNet-Relay: true
X-SpaceNet-Relay: true
X-SpaceNet-Relay: true
X-SpaceNet-Relay: true
X-SpaceNet-Relay: true
X-SpaceNet-Relay: true
Received: from moebius4.space.net (moebius4.space.net [IPv6:2001:608:2:2::251]) by mobil.space.net (Postfix) with ESMTP id C023A410AC; Wed, 25 Mar 2020 22:05:08 +0100 (CET)
Received: by moebius4.space.net (Postfix, from userid 1007) id BBBC1100185; Wed, 25 Mar 2020 22:05:08 +0100 (CET)
Date: Wed, 25 Mar 2020 22:05:08 +0100
From: Gert Doering <gert@space.net>
To: Brian E Carpenter <brian.e.carpenter@gmail.com>
Cc: Gert Doering <gert@space.net>, Owen DeLong <owen@delong.com>, Erik Kline <ek.ietf@gmail.com>, V6 Ops List <v6ops@ietf.org>, 6man <6man@ietf.org>
Subject: Re: [v6ops] IPv6 link-local traffic questions
Message-ID: <20200325210508.GP50230@Space.Net>
References: <1584173474.2857.102.camel@biplane.com.au> <CABNhwV3VCPmcaGNyf=9dX4vcrsSreRGgkRDh0zQD+VLqG-g63Q@mail.gmail.com> <CABNhwV0D71380ZPWTLHu-LM=sz1OK6aB0du=g7uW-gxLdfGvsg@mail.gmail.com> <CA+wi2hMPk6init=1Q1+S0SzTCzOqSDbMNpsD4rUBB0VEo1BkfA@mail.gmail.com> <CABNhwV3Z=YPvU3=X4WOxF1+JRBMovucOdVDa67g1Tv4Yo7+G+A@mail.gmail.com> <CAMGpriVoOufyFhn8tzYvO5S3jJ5=eJz324=3jPJQmK1MiyPQ2g@mail.gmail.com> <5D374DA6-15B2-47AD-97B4-2BCC120859D1@delong.com> <b34e19a1-0ae4-b419-b7df-2c4a893ac9a3@gmail.com> <20200325064855.GD50230@Space.Net> <55e4ba5d-f7cc-4fc2-dc20-3ac0fd36d46c@gmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="2SKbs2OUdOmCpwVQ"
Content-Disposition: inline
In-Reply-To: <55e4ba5d-f7cc-4fc2-dc20-3ac0fd36d46c@gmail.com>
X-NCC-RegID: de.space
User-Agent: Mutt/1.12.2 (2019-09-21)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/llTqsjuAsCYzj_VsrmCt2NaXHCY>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Mar 2020 21:05:52 -0000

Hi,

On Thu, Mar 26, 2020 at 09:21:40AM +1300, Brian E Carpenter wrote:
> On 25-Mar-20 19:48, Gert Doering wrote:
> > On Wed, Mar 25, 2020 at 03:03:45PM +1300, Brian E Carpenter wrote:
> >> Only if the router violates the spec:
> >> "  Routers must not forward any packets with Link-Local source or
> >>    destination addresses to other links." [RFC4291]
> >> Do we have any evidence of routers that are broken in this way?
> > 
> > Yes.  Last time we checked, Juniper routers just forward(ed) packets based
> > on destination address, period.
> 
> I'm curious. Since link-local addresses are, er, link-local, how would
> such a router choose the outgoing interface?

Well, there was an "or" in the paragraph above that I neglected.

Junipers (used to) forward to non-link-local destinations without checking
source address.  So they (used to) violate the "Routes must not forward any
packets with Link-Local source [...] to other links" part.

We noticed when we installed "deny ipv6 fe80::/8 $our_ripe_space::/32"
filters at our edge routers, and saw quite a few hits there, coming
in via transit networks not being numbered from this /32.

As I said, this was a few years ago, we had no Juniper routers ourselves
back then, and no contacts to get this properly addressed.  It might
be fixed by now, or not.  Fairly easy to test, though.

Gert Doering
        -- NetMaster
-- 
have you enabled IPv6 on something today...?

SpaceNet AG                      Vorstand: Sebastian v. Bomhard, Michael Emmer
Joseph-Dollinger-Bogen 14        Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen                 HRB: 136055 (AG Muenchen)
Tel: +49 (0)89/32356-444         USt-IdNr.: DE813185279

v2.23.0 | Report a Bug | By Email