What is a link-local address?? WAS: Re: JUNOS forwards IPv6 link-local packets

Bjoern A. Zeeb bzeeb-lists at lists.zabbadoz.net
Mon May 7 16:36:28 UTC 2012


On 7. May 2012, at 12:56 , William Herrin wrote:

> I vote for the Cisco approach. It has occasionally quirky results but
> it's also flexible enough to handle situations the protocol designers
> didn't conceive of.

Isn't it a simple scope violation in IPv6 and thus a bug and with that end of story?
I mean the check isn't even overly expensive in this case... and I can't see how much meaningful
other than unicast traffic passing a gateway you could do this way anyway.  The worst
someone sends a small packet and you get a huge reply to a local node that didn't ask
for it keeping your switches and two random machines busy or generating a bit of nd noise,
or ...

19:12:31.257674 02:00:00:00:08:0b > 02:00:00:00:07:0a, ethertype IPv6 (0x86dd), length 70: (hlim 64, next-header ICMPv6 (58) payload length: 16) fe80::ff:fe00:80b > 2001:db8::1: [icmp6 sum ok] ICMP6, echo request, seq 12
19:12:31.257817 02:00:00:00:07:0a > 02:00:00:00:08:0b, ethertype IPv6 (0x86dd), length 118: (hlim 64, next-header ICMPv6 (58) payload length: 64) fe80::ff:fe00:70a > fe80::ff:fe00:80b: [icmp6 sum ok] ICMP6, destination unreachable, beyond scope 2001:db8::1, source address fe80::ff:fe00:80b

I actually tried to see if I could cross the atlantic with such a packet,
only to find that I didn't have an exist gateway showing this bug. Oh well,
I am safe.


/bz

-- 
Bjoern A. Zeeb                                 You have to have visions!
   It does not matter how good you are. It matters what good you do!





More information about the NANOG mailing list