Time to add 2002::/16 to bogon filters?

valdis.kletnieks at vt.edu valdis.kletnieks at vt.edu
Mon Jul 9 16:10:17 UTC 2018

On Mon, 09 Jul 2018 15:21:31 +0200, "Fabien VINCENT (NaNOG)" said:

> I think it's still used a bit ? I see today announcements over the 
> following OriginAS over more than 2000 peers.
> as1103    SURFnet bv
> as1835    Forskningsnettet - Danish network for Research and Education
> as2847    Kauno technologijos universitetas
> as6939    HURRICANE
> as16150   Availo Networks AB
> as25192   CZ.NIC, z.s.p.o.
> as28908   A3 Sverige AB

Announced and used are two different things.. :)

> > sudo tcpdump -ni any 'net 2002::/16'
> tcpdump: verbose output suppressed, use -v or -vv for full protocol  decode
> listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
> 15:10:59.588097 IP6 2002:6bab:c6c6:0:e561:b9f7:b221:a73.51413 >  2001:470:1f12:dead::beef.51413: UDP, length 94
> 15:10:59.588233 IP6 2001:470:1f12:dead::beef.51413 >  2002:6bab:c6c6:0:e561:b9f7:b221:a73.51413: UDP, length 365

I'm pretty sure that 2002: address is (a) *your* end of the tunnel  and (b)
only visible inside your network and *inside* the HE tunnel to the other end.
In other words, it shouldn't be seen out on the public net if it's transiting
an HE tunnel. I bet if you changed that '-i any' to '-i wlan' (for whatever
your router calls the outbound-facing interface) you won't see traffic on 2002:

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 486 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20180709/60999ef4/attachment.sig>

More information about the NANOG mailing list