Time to add 2002::/16 to bogon filters?

Mon Jul 9 22:55:56 UTC 2018

2002::/16 is still valid - not a bogon as long as there is an IPv4 Internet. Add the IPv4 bogons, though (2002:7f00:0000::/48 through 2002:7f.ff:ff.ff::/48, & others)

On July 9, 2018 3:06:00 PM PDT, "Fabien VINCENT (NaNOG)" <list-nanog at beufa.net> wrote:
>Le 2018-07-09 18:10, valdis.kletnieks at vt.edu a écrit :
>
>> On Mon, 09 Jul 2018 15:21:31 +0200, "Fabien VINCENT (NaNOG)" said:
>> 
>>> I think it's still used a bit ? I see today announcements over the
>>> following OriginAS over more than 2000 peers.
>>> 
>>> as1103    SURFnet bv
>>> as1835    Forskningsnettet - Danish network for Research and
>Education
>>> as2847    Kauno technologijos universitetas
>>> as6939    HURRICANE
>>> as16150   Availo Networks AB
>>> as25192   CZ.NIC, z.s.p.o.
>>> as28908   A3 Sverige AB
>> 
>> Announced and used are two different things.. :)
>> 
>> sudo tcpdump -ni any 'net 2002::/16' tcpdump: verbose output 
>> suppressed, use -v or -vv for full protocol  decode
>> listening on any, link-type LINUX_SLL (Linux cooked), capture size 
>> 262144 bytes
>> 15:10:59.588097 IP6 2002:6bab:c6c6:0:e561:b9f7:b221:a73.51413 >  
>> 2001:470:1f12:dead::beef.51413: UDP, length 94
>> 15:10:59.588233 IP6 2001:470:1f12:dead::beef.51413 >  
>> 2002:6bab:c6c6:0:e561:b9f7:b221:a73.51413: UDP, length 365
>
>I'm pretty sure that 2002: address is (a) *your* end of the tunnel  and
>
>(b)
>only visible inside your network and *inside* the HE tunnel to the
>other 
>end.
>In other words, it shouldn't be seen out on the public net if it's 
>transiting
>an HE tunnel. I bet if you changed that '-i any' to '-i wlan' (for 
>whatever
>your router calls the outbound-facing interface) you won't see traffic 
>on 2002:
>
>
>You're right, it does need to be public to work ;) So my question is
>why 
>it is still and it was announced on DFZ ?
>
>Regards,
>
>-- 
>FABIEN VINCENT
>_ at beufanet_

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.