Issues encountered with assigning all ones IPv6 /64 address? (Was Re: Issues encountered with assigning .0 and .255 as usable addresses?)
Hello, On Mon, Oct 22, 2012 at 10:07:50PM +, Paul Zugnoni wrote: Curious whether it's commonplace to find systems that automatically regard .0 and .255 IP addresses (ipv4) as src/dst in packets as traffic that should be considered invalid. On a separate note, one of my customers discovered over the weekend that if they bring up an all ones IPv6 address in their /64 (2001:db8:1:1::::) then they can't exchange traffic with stuff hosted at hetzner.de such as archives.postgresql.org or 1-media-cdn.foolz.us. Seems filtered somewhere inside Hetzner. I found the same if I brought up an all ones address in any other /64 in the same /48 as well. Using ...:::fffe worked fine. I haven't had time to investigate further or tell them yet, though. Is that sort of thing common? Cheers, Andy -- http://bitfolk.com/ -- No-nonsense VPS hosting
Re: Issues encountered with assigning all ones IPv6 /64 address? (Was Re: Issues encountered with assigning .0 and .255 as usable addresses?)
RFC 2526 reserves the last 128 host addresses in each subnet for anycast use. On Tue, Oct 23, 2012 at 7:15 AM, Andy Smith a...@strugglers.net wrote: Hello, On Mon, Oct 22, 2012 at 10:07:50PM +, Paul Zugnoni wrote: Curious whether it's commonplace to find systems that automatically regard .0 and .255 IP addresses (ipv4) as src/dst in packets as traffic that should be considered invalid. On a separate note, one of my customers discovered over the weekend that if they bring up an all ones IPv6 address in their /64 (2001:db8:1:1::::) then they can't exchange traffic with stuff hosted at hetzner.de such as archives.postgresql.org or 1-media-cdn.foolz.us. Seems filtered somewhere inside Hetzner. I found the same if I brought up an all ones address in any other /64 in the same /48 as well. Using ...:::fffe worked fine. I haven't had time to investigate further or tell them yet, though. Is that sort of thing common? Cheers, Andy -- http://bitfolk.com/ -- No-nonsense VPS hosting
Re: Issues encountered with assigning all ones IPv6 /64 address? (Was Re: Issues encountered with assigning .0 and .255 as usable addresses?)
Hi, RFC 2526 reserves the last 128 host addresses in each subnet for anycast use. But that would mean that the ...:fffe address also shouldn't work. Considering RFC 2526 then filtering those addresses when used as source address makes sense. - Sander PS: I'm in contact with a network engineer from Hetzner now to see what is really happening
Re: Issues encountered with assigning all ones IPv6 /64 address? (Was Re: Issues encountered with assigning .0 and .255 as usable addresses?)
Hi Rob, On Tue, Oct 23, 2012 at 08:16:48AM -0500, Rob Laidlaw wrote: RFC 2526 reserves the last 128 host addresses in each subnet for anycast use. D'oh, I didn't even think to check for reserved addresses. Thanks. Cheers, Andy -- http://bitfolk.com/ -- No-nonsense VPS hosting
Re: Issues encountered with assigning all ones IPv6 /64 address? (Was Re: Issues encountered with assigning .0 and .255 as usable addresses?)
On 23 October 2012 14:16, Rob Laidlaw laid...@consecro.com wrote: RFC 2526 reserves the last 128 host addresses in each subnet for anycast use. IPv4 addresses ending in .0 and .255 can't be used either because the top and bottom addresses of a subnet are unusable. Why would hetzner be making such assumptions about what is and is not a valid address on a remote network? if you have a route to it then it is a valid address that you should be able to exchange packets with, any assumptions beyond that are almost certainly going to be wrong somewhere. Even if they did happen to correctly guess what sized subnets a remote network is using and what type of access media that remote network is using, I am pretty sure it would be wrong to assume that these addresses can't be accessed remotely considering the only address that is currently defined :) I really hope this is down to some kind of bug and not something someone did deliberately. - Mike
Re: Issues encountered with assigning all ones IPv6 /64 address? (Was Re: Issues encountered with assigning .0 and .255 as usable addresses?)
IPv4 addresses ending in .0 and .255 can't be used either because the top and bottom addresses of a subnet are unusable. Only true if speaking of /24, but with the appearance of CIDR 19 years ago, this is not true anymore The .255 and .0 in the center of a /23 are perfectly usable see an earlier post http://markmail.org/message/n2ctx6tw6kdcj2mr Regards, Marc Storck smime.p7s Description: S/MIME cryptographic signature
Re: Issues encountered with assigning all ones IPv6 /64 address? (Was Re: Issues encountered with assigning .0 and .255 as usable addresses?)
On Tue, Oct 23, 2012 at 9:18 AM, Mike Jones m...@mikejones.in wrote: IPv4 addresses ending in .0 and .255 can't be used either because the top and bottom addresses of a subnet are unusable. Why would hetzner be making such assumptions about what is and is not a valid address on a remote network? if you have a route to it then it is a valid address that you should be able to exchange packets with, any assumptions beyond that are almost certainly going to be wrong somewhere. As to why: I suspect they don't know either. I wouldn't be surprised if it was someone's misguided attempt years ago to stop smurf amplification attacks, long since forgotten. I'm not saying it's a good idea (it's not), just why I suspect someone would do this.