Automatic IPv6 due to broadcast

Carlos Martinez-Cagnazzo carlosm3011 at gmail.com
Tue Apr 17 03:37:29 CDT 2012


I don't understand why a problem with a tunnel 'leaves a bad taste with
IPv6'. Since when a badly configured DNS zone left people with a 'bad
taste for DNS', or a badly configured switch left people with 'a bad
taste for spanning tree' or 'a bad taste for vlan trunking' ?

It seems to me that what are perceived as operational mistakes and/or
plain lack of knowledge for some technologies is perceived as a fault of
the protocol itself in the case of IPv6.

People need to get their acts together.

~Carlos

On 4/16/12 11:38 PM, Brandon Penglase wrote:
> I know you mentioned RedHat, but not if it was the router or other
> servers. Were you playing with Microsoft's Direct Access and turn on
> the dns entry (isatap.domain.com) internally?
> At my current place of employment, we had a security student (at the
> direction of our security analyst) turn up a DA test server. When they
> enabled the DNS entry, just about every Windows 7 and 2008 server setup
> a v6 tunnel back to this little tiny VM. This also included the DNS
> entries in AD, so all of the sudden, servers have v6 addresses. 
> Needless to say, everything was horribly slow, and some things even
> flat out broke. Sadly this event left a really sour taste for IPv6 with
> Networking department (whom I was occasionally bugging about v6).
>
> If you weren't testing this, did you possibly setup something similar
> where it would automatically generate a tunnel?
>
> 	Brandon Penglase
>
>  On Mon, 16 Apr 2012 23:39:46 +0530
> Anurag Bhatia <me at anuragbhatia.com> wrote:
>
>> Hello everyone
>>
>>
>>
>> Just got a awfully crazy issue. I heard from our support team about
>> failure of whois during domain registration. Initially I thought of
>> port 43 TCP block or something but found it was all ok. Later when
>> ran whois manually on server via terminal it failed. Found problem
>> that server was connecting to whois server - whois.verisign-grs.com.
>> I was stunned! Server got IPv6 and not just that one - almost all.
>> This was scary - partial IPv6 setup and it was breaking things.
>>
>> In routing tables, routes were all going to a router which I recently
>> setup for testing. That router and other servers are under same
>> switch but by no means I ever configured that router as default
>> gateway for IPv6. I found option of "broadcast" was enabled on router
>> for local fe80... address and I guess router broadcasted IPv6 and
>> somehow (??) all servers found that they have a IPv6 router on LAN
>> and started using it - automated DHCP IPv6?
>>
>> I wonder if anyone else also had similar issues? Also, if my guesses
>> are correct then how can we disable Red Hat distro oriented servers
>> from taking such automated configuration - simple DHCP in IPv6
>> disable?
>>
>>
>>
>>
>> Thanks
>>
>> -- 
>>
>> Anurag Bhatia
>> anuragbhatia.com
>> or simply - http://[2001:470:26:78f::5] if you are on IPv6 connected
>> network!
>>
>> Twitter: @anurag_bhatia <https://twitter.com/#!/anurag_bhatia>
>> Linkedin: http://linkedin.anuragbhatia.com
>>



More information about the NANOG mailing list