IETF Logo Mail Archive

Re: [v6ops] A good example of why we need to careful about ULAs

Brian E Carpenter <brian.e.carpenter@gmail.com> Fri, 31 May 2013 01:52 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A9D3D21F9678 for <v6ops@ietfa.amsl.com>; Thu, 30 May 2013 18:52:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.489
X-Spam-Level:
X-Spam-Status: No, score=-102.489 tagged_above=-999 required=5 tests=[AWL=0.110, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nzX6BBgKbPK1 for <v6ops@ietfa.amsl.com>; Thu, 30 May 2013 18:52:08 -0700 (PDT)
Received: from mail-pd0-f182.google.com (mail-pd0-f182.google.com [209.85.192.182]) by ietfa.amsl.com (Postfix) with ESMTP id 9664621F967F for <v6ops@ietf.org>; Thu, 30 May 2013 18:52:08 -0700 (PDT)
Received: by mail-pd0-f182.google.com with SMTP id g10so1361958pdj.13 for <v6ops@ietf.org>; Thu, 30 May 2013 18:52:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:organization:user-agent:mime-version:to:cc :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=WspbAyXHWngrXFNlkPiVU/GhDzf+A7f9Crdx8A/Dtmw=; b=ZOzpxHa4Q3BJ7eJl0hIf8nn0UHs+qjaW3ZgOf/9j+/6lIFa/t0+U7qi587XOSX+88L 1xlWvT0fAD8sebcOHfDkxSEUoRAhClEZ4tfDuGqvxcw7mgwI/r64Rdcq5dfZ+FV+wH9a lQDhDkuLs9+tqfIxYxwOdA/83rVTPMKowABCoSZkH2J9zwyfdj6HRQBDmPOTs1UwImnt KOowae9QWjnC3jyyaKmSA935wBKllXXONILz8NDKJqQqHxM0wswkYPI3FkMKRbDEdjan SjlDXwVhaElVyvGKzch/J287QjjKjdCdMs9niLaxc7vdDJ8zp1irz7RgkBoaw/q1R84g n4YQ==
X-Received: by 10.68.204.196 with SMTP id la4mr10563010pbc.190.1369965127457; Thu, 30 May 2013 18:52:07 -0700 (PDT)
Received: from [192.168.1.2] (224.171.252.27.dyn.cust.vf.net.nz. [27.252.171.224]) by mx.google.com with ESMTPSA id ue8sm47236068pac.14.2013.05.30.18.52.04 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 30 May 2013 18:52:06 -0700 (PDT)
Message-ID: <51A8024D.7080200@gmail.com>
Date: Fri, 31 May 2013 13:52:13 +1200
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: Jeroen Massar <jeroen@massar.ch>
References: <CAKD1Yr29kf1Me=6JR66Gq0dFYgQx2wq=pjW8WZyHByPA0POsMQ@mail.gmail.com> <1369901467.70362.YahooMailNeo@web142506.mail.bf1.yahoo.com> <51A7C86B.3020808@gmail.com> <51A7CDA9.4090304@massar.ch>
In-Reply-To: <51A7CDA9.4090304@massar.ch>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Cc: "v6ops@ietf.org WG" <v6ops@ietf.org>, "draft-ietf-v6ops-ula-usage-recommendations@tools.ietf.org" <draft-ietf-v6ops-ula-usage-recommendations@tools.ietf.org>
Subject: Re: [v6ops] A good example of why we need to careful about ULAs
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 31 May 2013 01:52:13 -0000

On 31/05/2013 10:07, Jeroen Massar wrote:
> On 2013-05-30 14:45, Brian E Carpenter wrote:
> [..]
>>> In the early news, not really a new problem.
>>>
>>> RFC1918 and 100.64/10 leak too, 
>> In traceroutes, link-locals sometimes leak too.
> 
> I have never come across that; except maybe when tracerouting to a
> link-local, and then, that would only be one hop anyway.
> 
> If you know how to replicate it, I am very interested in a packet dump
> or what is involved to cause it.

I understand it happens when the router in question has a next-hop
that is link-local and it has been set to use that address as the
default source address for ICMP replies, *and* there is no source address
filter along the path that blocks it.

This is not new; there's a thread starting at:
http://www.ietf.org/mail-archive/web/v6ops/current/msg11277.html

>> All these are confusing and make the traceroute hard to interpret,
>> but they don't actually *matter*. What matters is if they leak in
>> actual traffic such as attempted TCP connections. Does that happen?
> 
> One should only see a link-local when:
>  - the source packet is link-local
>  - the destination host only has a link-local and replies (TTL or so)
> 
> But that should never cross more than one (1) hop as link-locals should
> not be forwarded.

True, although in the specific case of traceroute you get a bit of useful
information from the illegal forwarding (whether it's link-local or ULA).

    Brian
> 
> Greets,
>  Jeroen
> 
> .
>

v2.23.0 | Report a Bug | By Email