Automatic IPv6 due to broadcast

Brandon Penglase bpenglase-nanog at SpaceServices.net
Mon Apr 16 16:38:07 CDT 2012


I know you mentioned RedHat, but not if it was the router or other
servers. Were you playing with Microsoft's Direct Access and turn on
the dns entry (isatap.domain.com) internally?
At my current place of employment, we had a security student (at the
direction of our security analyst) turn up a DA test server. When they
enabled the DNS entry, just about every Windows 7 and 2008 server setup
a v6 tunnel back to this little tiny VM. This also included the DNS
entries in AD, so all of the sudden, servers have v6 addresses. 
Needless to say, everything was horribly slow, and some things even
flat out broke. Sadly this event left a really sour taste for IPv6 with
Networking department (whom I was occasionally bugging about v6).

If you weren't testing this, did you possibly setup something similar
where it would automatically generate a tunnel?

	Brandon Penglase

 On Mon, 16 Apr 2012 23:39:46 +0530
Anurag Bhatia <me at anuragbhatia.com> wrote:

> Hello everyone
> 
> 
> 
> Just got a awfully crazy issue. I heard from our support team about
> failure of whois during domain registration. Initially I thought of
> port 43 TCP block or something but found it was all ok. Later when
> ran whois manually on server via terminal it failed. Found problem
> that server was connecting to whois server - whois.verisign-grs.com.
> I was stunned! Server got IPv6 and not just that one - almost all.
> This was scary - partial IPv6 setup and it was breaking things.
> 
> In routing tables, routes were all going to a router which I recently
> setup for testing. That router and other servers are under same
> switch but by no means I ever configured that router as default
> gateway for IPv6. I found option of "broadcast" was enabled on router
> for local fe80... address and I guess router broadcasted IPv6 and
> somehow (??) all servers found that they have a IPv6 router on LAN
> and started using it - automated DHCP IPv6?
> 
> I wonder if anyone else also had similar issues? Also, if my guesses
> are correct then how can we disable Red Hat distro oriented servers
> from taking such automated configuration - simple DHCP in IPv6
> disable?
> 
> 
> 
> 
> Thanks
> 
> -- 
> 
> Anurag Bhatia
> anuragbhatia.com
> or simply - http://[2001:470:26:78f::5] if you are on IPv6 connected
> network!
> 
> Twitter: @anurag_bhatia <https://twitter.com/#!/anurag_bhatia>
> Linkedin: http://linkedin.anuragbhatia.com
> 



More information about the NANOG mailing list