On Mon, Jun 18, 2018 at 5:31 PM Mark Andrews <ma...@isc.org> wrote: > If you are using 2002::/16 you know are relying on third parties.
I highlly doubt most people using 6to4 know they are using it, let alone the arbitrary nature of its routing. Not that it is much > different to any other address where you are relying on third parties. > > If one is going to filter 2002::/16 from BGP then install your own gateway > to preserve > the functionality. > > > On 19 Jun 2018, at 10:23 am, Ca By <cb.li...@gmail.com> wrote: > > > > > > > > On Mon, Jun 18, 2018 at 4:37 PM Mark Andrews <ma...@isc.org> wrote: > > If a ASN is announcing 2002::/16 then they are are happy to get the > traffic. It > > they don’t want it all they have to do is withdraw the prefix. It is > not up to > > the rest of us to second guess their decision to keep providing support. > > > > That sounds like an interesting attack scenario where a malicious actor > can insert themselves in a path, via bgp, announcing 6to4 space > > > > > > If you filter 2002::/16 then you are performing a denial-of-service > attack on > > the few sites that are still using it DELIBERATELY. > > > > None of the problems required removing it from BGP. There were end > sites that > > had firewalls that blocked 6to4 responses and the odd site that ran a > gateway > > and failed to properly manage it. The rest could have been dealt with by > > configuring more gateways. If every dual stacked ASN had run their own > gateways > > there wouldn’t have been a scaling issue. i.e. take the 2002::/16 > traffic and > > dump it onto IPv4 as soon as possible and take the encapsulated traffic > for the > > rest of IPv6 and de-encapsulate it as soon as possible. > > > > Mark > > > On 19 Jun 2018, at 8:56 am, McBride, Mack <c-mack.mcbr...@charter.com> > wrote: > > > > > > This should have been filtered before. > > > Lots of people improperly implemented this so it caused issues. > > > > > > Mack > > > > > > -----Original Message----- > > > From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of John > Kristoff > > > Sent: Monday, June 18, 2018 3:48 PM > > > To: Job Snijders <j...@ntt.net> > > > Cc: NANOG [nanog@nanog.org] <nanog@nanog.org> > > > Subject: Re: Time to add 2002::/16 to bogon filters? > > > > > > On Mon, 18 Jun 2018 21:08:05 +0000 > > > Job Snijders <j...@ntt.net> wrote: > > > > > >> TL;DR: Perhaps it is time to add 2002::/16 to our EBGP bogon filters? > > > > > > Hi Job, > > > > > > I've been asking people about this recently. I don't particularly > like having misdirected traffic or badly configured hosts sending junk to > those who happen to be announcing addresses from this prefix. I'm planning > on adding this to a bogon filter here. > > > > > > John > > > E-MAIL CONFIDENTIALITY NOTICE: > > > The contents of this e-mail message and any attachments are intended > solely for the addressee(s) and may contain confidential and/or legally > privileged information. If you are not the intended recipient of this > message or if this message has been addressed to you in error, please > immediately alert the sender by reply e-mail and then delete this message > and any attachments. If you are not the intended recipient, you are notified > that any use, dissemination, distribution, cop > <https://maps.google.com/?q=ed+that+any+use,+dissemination,+distribution,+cop&entry=gmail&source=g>ying, > or storage of this message or any attachment is strictly prohibited. > > > > > > > -- > > Mark Andrews, ISC > > 1 Seymour St., Dundas Valley, NSW 2117, Australia > > PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org > > > > -- > Mark Andrews, ISC > 1 Seymour St., Dundas Valley, NSW 2117, Australia > PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org > >