Issues encountered with assigning all ones IPv6 /64 address? (Was Re: Issues encountered with assigning .0 and .255 as usable addresses?)

2012-10-23 Thread Andy Smith 
Hello,

On Mon, Oct 22, 2012 at 10:07:50PM +, Paul Zugnoni wrote:
 Curious whether it's commonplace to find systems that
 automatically regard .0 and .255 IP addresses (ipv4) as src/dst in
 packets as traffic that should be considered invalid.

On a separate note, one of my customers discovered over the weekend
that if they bring up an all ones IPv6 address in their /64
(2001:db8:1:1::::) then they can't exchange traffic
with stuff hosted at hetzner.de such as archives.postgresql.org or
1-media-cdn.foolz.us. Seems filtered somewhere inside Hetzner.

I found the same if I brought up an all ones address in any other
/64 in the same /48 as well. Using ...:::fffe worked
fine.

I haven't had time to investigate further or tell them yet, though.

Is that sort of thing common?

Cheers,
Andy

-- 
http://bitfolk.com/ -- No-nonsense VPS hosting

Re: Issues encountered with assigning all ones IPv6 /64 address? (Was Re: Issues encountered with assigning .0 and .255 as usable addresses?)

2012-10-23 Thread Rob Laidlaw 
RFC 2526 reserves the last 128 host addresses in each subnet for anycast use.

On Tue, Oct 23, 2012 at 7:15 AM, Andy Smith a...@strugglers.net wrote:
 Hello,

 On Mon, Oct 22, 2012 at 10:07:50PM +, Paul Zugnoni wrote:
 Curious whether it's commonplace to find systems that
 automatically regard .0 and .255 IP addresses (ipv4) as src/dst in
 packets as traffic that should be considered invalid.

 On a separate note, one of my customers discovered over the weekend
 that if they bring up an all ones IPv6 address in their /64
 (2001:db8:1:1::::) then they can't exchange traffic
 with stuff hosted at hetzner.de such as archives.postgresql.org or
 1-media-cdn.foolz.us. Seems filtered somewhere inside Hetzner.

 I found the same if I brought up an all ones address in any other
 /64 in the same /48 as well. Using ...:::fffe worked
 fine.

 I haven't had time to investigate further or tell them yet, though.

 Is that sort of thing common?

 Cheers,
 Andy

 --
 http://bitfolk.com/ -- No-nonsense VPS hosting

Re: Issues encountered with assigning all ones IPv6 /64 address? (Was Re: Issues encountered with assigning .0 and .255 as usable addresses?)

2012-10-23 Thread Sander Steffann 
Hi,

 RFC 2526 reserves the last 128 host addresses in each subnet for anycast use.

But that would mean that the ...:fffe address also shouldn't work. Considering 
RFC 2526 then filtering those addresses when used as source address makes sense.

- Sander

PS: I'm in contact with a network engineer from Hetzner now to see what is 
really happening

Re: Issues encountered with assigning all ones IPv6 /64 address? (Was Re: Issues encountered with assigning .0 and .255 as usable addresses?)

2012-10-23 Thread Andy Smith 
Hi Rob,

On Tue, Oct 23, 2012 at 08:16:48AM -0500, Rob Laidlaw wrote:
 RFC 2526 reserves the last 128 host addresses in each subnet for anycast use.

D'oh, I didn't even think to check for reserved addresses. Thanks.

Cheers,
Andy

-- 
http://bitfolk.com/ -- No-nonsense VPS hosting

Re: Issues encountered with assigning all ones IPv6 /64 address? (Was Re: Issues encountered with assigning .0 and .255 as usable addresses?)

2012-10-23 Thread Mike Jones 
On 23 October 2012 14:16, Rob Laidlaw laid...@consecro.com wrote:
 RFC 2526 reserves the last 128 host addresses in each subnet for anycast use.

IPv4 addresses ending in .0 and .255 can't be used either because the
top and bottom addresses of a subnet are unusable.

Why would hetzner be making such assumptions about what is and is not
a valid address on a remote network? if you have a route to it then it
is a valid address that you should be able to exchange packets with,
any assumptions beyond that are almost certainly going to be wrong
somewhere.

Even if they did happen to correctly guess what sized subnets a remote
network is using and what type of access media that remote network is
using, I am pretty sure it would be wrong to assume that these
addresses can't be accessed remotely considering the only address that
is currently defined :)

I really hope this is down to some kind of bug and not something
someone did deliberately.

- Mike

Re: Issues encountered with assigning all ones IPv6 /64 address? (Was Re: Issues encountered with assigning .0 and .255 as usable addresses?)

2012-10-23 Thread Marc Storck 

IPv4 addresses ending in .0 and .255 can't be used either because the
top and bottom addresses of a subnet are unusable.

Only true if speaking of /24, but with the appearance of CIDR 19 years
ago, this is not true anymoreŠ The .255 and .0 in the center of a /23
are perfectly usable see an earlier post
http://markmail.org/message/n2ctx6tw6kdcj2mr

Regards,

Marc Storck


smime.p7s
Description: S/MIME cryptographic signature

Re: Issues encountered with assigning all ones IPv6 /64 address? (Was Re: Issues encountered with assigning .0 and .255 as usable addresses?)

2012-10-23 Thread Joel Maslak 
On Tue, Oct 23, 2012 at 9:18 AM, Mike Jones m...@mikejones.in wrote:
 IPv4 addresses ending in .0 and .255 can't be used either because the
 top and bottom addresses of a subnet are unusable.

 Why would hetzner be making such assumptions about what is and is not
 a valid address on a remote network? if you have a route to it then it
 is a valid address that you should be able to exchange packets with,
 any assumptions beyond that are almost certainly going to be wrong
 somewhere.

As to why: I suspect they don't know either.  I wouldn't be surprised
if it was someone's misguided attempt years ago to stop smurf
amplification attacks, long since forgotten.  I'm not saying it's a
good idea (it's not), just why I suspect someone would do this.