[v6ops] A good example of why we need to careful about ULAs
Lorenzo Colitti <lorenzo@google.com> Thu, 30 May 2013 06:41 UTC
Return-Path: <lorenzo@google.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CD7FF21F8629 for <v6ops@ietfa.amsl.com>; Wed, 29 May 2013 23:41:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[AWL=0.075, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u5YEFs8dd7bC for <v6ops@ietfa.amsl.com>; Wed, 29 May 2013 23:41:23 -0700 (PDT)
Received: from mail-ob0-x22e.google.com (mail-ob0-x22e.google.com [IPv6:2607:f8b0:4003:c01::22e]) by ietfa.amsl.com (Postfix) with ESMTP id 1DFC721F8521 for <v6ops@ietf.org>; Wed, 29 May 2013 23:41:23 -0700 (PDT)
Received: by mail-ob0-f174.google.com with SMTP id wd20so5834734obb.19 for <v6ops@ietf.org>; Wed, 29 May 2013 23:41:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:from:date:message-id:subject:to:cc:content-type; bh=G9x6HlhCyHQpeR6VfixhaEKGcXps0KxObZ9BFhGKtlc=; b=e5nfHwESSabTWMNxc2f9EitNQa11mwjGJFCeikN0CiZI8s4q/DU2tT8fsw0K7Syr5V C8Ukc1pWtamYmGkv9Mg0xtE9NBNU+8RY2hpSsMGmigoj5pUuS3D5PwWoZIB3yWJOWcig DZrysxfd6AeFnJ/iZwXoB+dZk5sU4MLFzHWiq0YDgBe5QImI6VGzGx7C07/tqVAWqzFM jqZKo8H9i8d7pVbLrmoId5elPH4+vOHAUM2+L+MsvBcYEj7TUobsTFi1c79kheN/3MW0 W8NJ3QLs96uCLQ3IafMsppQVCeV7oSqsqcaMOpeWfzyQRpnpFa71NQAayiGLpQMRUgml 70qw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:from:date:message-id:subject:to:cc:content-type :x-gm-message-state; bh=G9x6HlhCyHQpeR6VfixhaEKGcXps0KxObZ9BFhGKtlc=; b=A8wa/0gmhokjybm/mWioKo2OhklfH8xH/wULCMGMX2sQWN3RWpXTE2Sa250Npwo5NE AURUUQJWAIlyr73W5f5AZnXCu8YwrcHQ+f9/F3G/4UGljdrTIJpu4jDQykeripChQuEj YGkDtxVndv9G/xL3np+/TqpNBXvsVZzd2skRdhR96YAZ5UTgy2bESNoAuYuDHcSd5mMG QqSzwZ9EiSLCFQoRACcxT+NJ9RErshT5Xq7sgYkQbG3ox0b6o77B4gIztxNeWnFJ6u6Q u1tSo/6VkgU/P8bXhpquOLK0J2c6pH7Zi+acPcePzYtiWslAksJEg2ZnF+brNOZ7i7yd TRwQ==
X-Received: by 10.182.108.132 with SMTP id hk4mr3640448obb.14.1369896082581; Wed, 29 May 2013 23:41:22 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.182.146.47 with HTTP; Wed, 29 May 2013 23:41:02 -0700 (PDT)
From: Lorenzo Colitti <lorenzo@google.com>
Date: Thu, 30 May 2013 15:41:02 +0900
Message-ID: <CAKD1Yr29kf1Me=6JR66Gq0dFYgQx2wq=pjW8WZyHByPA0POsMQ@mail.gmail.com>
To: "v6ops@ietf.org WG" <v6ops@ietf.org>
Content-Type: multipart/alternative; boundary="089e0149d22061d2c804dde9c9b7"
X-Gm-Message-State: ALoCoQkJ3U3VtMBMgPcmDbuA/Gk9UUN8KgnbxR9iDcFIt2i5muoTg0lmklGc4cto/cplxsc1nZ0dkNCKE6NEfl1W+Z8MisMeUlRwnidVPu4lGi9R4nD7uv280lyJI34P78tjinIm+5vSWuPrtr0XHJKwtu1WRZ3uvDXjKlQ6dXK9tBd9gPf+vXH49Y5EM5exAvvfS+06twS4
Cc: "draft-ietf-v6ops-ula-usage-recommendations@tools.ietf.org" <draft-ietf-v6ops-ula-usage-recommendations@tools.ietf.org>
Subject: [v6ops] A good example of why we need to careful about ULAs
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 May 2013 06:41:23 -0000
News at 11: 1. ULAs leak. 2. People assign ULAs by hand. Yes, both of these a violation of IETF guidance. I don't think that matters much, though - while we can always claim that the implementer/operator is "holding it wrong", we should be careful that what we design/standardize is hard to misconfigure and possibly robust in the face of misconfiguration. Subtle nuances like "these addresses are global scope, but not globally routable" tend to get lost very easily. Of course, in the case of ULAs, there's not much that can be done about the design at this point, but we should make an effort to make it clear that the potential for misconfiguration exists and provide clear guidance on how not to misconfigure them. Personally, I think that providing said guidance is much more useful and important than enumerating scenarios that aren't widely, if at all, implemented, and I hope that the authors of draft-ietf-v6ops-ula-usage-recommendations will agree. Cheers, Lorenzo ---------- Forwarded message ---------- From: Jeroen Massar <jeroen@massar.ch> Date: Thu, May 30, 2013 at 4:59 AM Subject: Usage of fd00::/8 on the Interwebz - something with filters and uRPF To: ipv6-ops@lists.cluenet.de ... 4 2001:7f8:1::a500:3303:1 (2001:7f8:1::a500:3303:1) 20.755 ms 20.763 ms 20.784 ms 5 fd00:3303::1 (fd00:3303::1) 22.010 ms 21.984 ms 21.986 ms 6 2a02:120c:1051:d010::1 (2a02:120c:1051:d010::1) 17.806 ms 17.889 ms 17.842 ms 7 2a02:120c:1051:d010::1 (2a02:120c:1051:d010::1) 18.720 ms 18.593 ms 18.617 ms ... Hmmmm fd00::/8, that really should never ever be visible on the Internet, being Unique *LOCAL* Addresses. And it does not look like they applied the randomness bit for picking a prefix either. You would also almost think that a /28 is more than enough address space to put a few router loopbacks in. It is apparently time for people to start checking their filters again because it seems that these packets leak into other ASNs too... More generally, do recheck your network for BCP38 compliance, please do apply it and require your peers to do the same! Greets, Jeroen
- [v6ops] A good example of why we need to careful … Lorenzo Colitti
- Re: [v6ops] A good example of why we need to care… Mark Smith
- Re: [v6ops] A good example of why we need to care… Lorenzo Colitti
- Re: [v6ops] A good example of why we need to care… Owen DeLong
- Re: [v6ops] A good example of why we need to care… Mark Smith
- Re: [v6ops] A good example of why we need to care… Brian E Carpenter
- Re: [v6ops] A good example of why we need to care… Jeroen Massar
- Re: [v6ops] A good example of why we need to care… joel jaeggli
- Re: [v6ops] A good example of why we need to care… Mark Andrews
- Re: [v6ops] A good example of why we need to care… Brian E Carpenter
- Re: [v6ops] A good example of why we need to care… Liubing (Leo)
- Re: [v6ops] A good example of why we need to care… Ted Lemon
- Re: [v6ops] A good example of why we need to care… Owen DeLong
- Re: [v6ops] A good example of why we need to care… Owen DeLong
- Re: [v6ops] A good example of why we need to care… Owen DeLong
- Re: [v6ops] A good example of why we need to care… Ted Lemon
- Re: [v6ops] A good example of why we need to care… Owen DeLong
- Re: [v6ops] A good example of why we need to care… Lorenzo Colitti
- Re: [v6ops] A good example of why we need to care… Brian E Carpenter
- Re: [v6ops] A good example of why we need to care… Jeroen Massar
- Re: [v6ops] A good example of why we need to care… Owen DeLong
- Re: [v6ops] A good example of why we need to care… Jeroen Massar
- Re: [v6ops] A good example of why we need to care… Owen DeLong
- Re: [v6ops] A good example of why we need to care… Ted Lemon
- Re: [v6ops] A good example of why we need to care… Ted Lemon
- Re: [v6ops] A good example of why we need to care… Ole Troan
- Re: [v6ops] A good example of why we need to care… Gert Doering
- Re: [v6ops] A good example of why we need to care… Sander Steffann
- Re: [v6ops] A good example of why we need to care… Owen DeLong
- Re: [v6ops] A good example of why we need to care… Arturo Servin
- Re: [v6ops] A good example of why we need to care… Ted Lemon
- Re: [v6ops] A good example of why we need to care… Alexandru Petrescu
- Re: [v6ops] A good example of why we need to care… Ted Lemon
- Re: [v6ops] A good example of why we need to care… Jeroen Massar
- Re: [v6ops] A good example of why we need to care… Brian E Carpenter
- Re: [v6ops] A good example of why we need to care… Owen DeLong
- Re: [v6ops] A good example of why we need to care… Fred Baker (fred)
- Re: [v6ops] A good example of why we need to care… Gunter Van de Velde (gvandeve)
- Re: [v6ops] A good example of why we need to care… Brian Haberman
- Re: [v6ops] A good example of why we need to care… Gunter Van de Velde (gvandeve)
- Re: [v6ops] A good example of why we need to care… Gunter Van de Velde (gvandeve)
- Re: [v6ops] A good example of why we need to care… Lorenzo Colitti
- Re: [v6ops] A good example of why we need to care… Wuyts Carl
- Re: [v6ops] A good example of why we need to care… Owen DeLong
- Re: [v6ops] A good example of why we need to care… Owen DeLong
- Re: [v6ops] A good example of why we need to care… Gert Doering
- Re: [v6ops] A good example of why we need to care… Wuyts Carl