What is a link-local address?? WAS: Re: JUNOS forwards IPv6 link-local packets
Bjoern A. Zeeb
bzeeb-lists at lists.zabbadoz.net
Mon May 7 16:36:28 UTC 2012
On 7. May 2012, at 12:56 , William Herrin wrote:
> I vote for the Cisco approach. It has occasionally quirky results but
> it's also flexible enough to handle situations the protocol designers
> didn't conceive of.
Isn't it a simple scope violation in IPv6 and thus a bug and with that end of story?
I mean the check isn't even overly expensive in this case... and I can't see how much meaningful
other than unicast traffic passing a gateway you could do this way anyway. The worst
someone sends a small packet and you get a huge reply to a local node that didn't ask
for it keeping your switches and two random machines busy or generating a bit of nd noise,
or ...
19:12:31.257674 02:00:00:00:08:0b > 02:00:00:00:07:0a, ethertype IPv6 (0x86dd), length 70: (hlim 64, next-header ICMPv6 (58) payload length: 16) fe80::ff:fe00:80b > 2001:db8::1: [icmp6 sum ok] ICMP6, echo request, seq 12
19:12:31.257817 02:00:00:00:07:0a > 02:00:00:00:08:0b, ethertype IPv6 (0x86dd), length 118: (hlim 64, next-header ICMPv6 (58) payload length: 64) fe80::ff:fe00:70a > fe80::ff:fe00:80b: [icmp6 sum ok] ICMP6, destination unreachable, beyond scope 2001:db8::1, source address fe80::ff:fe00:80b
I actually tried to see if I could cross the atlantic with such a packet,
only to find that I didn't have an exist gateway showing this bug. Oh well,
I am safe.
/bz
--
Bjoern A. Zeeb You have to have visions!
It does not matter how good you are. It matters what good you do!
More information about the NANOG
mailing list