What Could Possibly Go Wrong? Jen Linkova,

Slides:



Advertisements
Similar presentations
IPv6 Addressing Details LAC NIC VII October 26, 2004 Wilfried
Advertisements

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 26 IPv6 Addressing.
Future Directions For IP Architectures Ipv6 Cs686 Sadik Gokhan Caglar.
IPv6 Introduction What is IPv6 Purpose of IPv6 (Why we need it)Purpose of IPv6 IPv6 Addressing Architecture IPv6 Header ICMP v6 Neighbor Discovery (ND)
Neighbor Discovery for IPv6 Mangesh Kaushikkar. Overview Introduction Terminology Protocol Overview Message Formats Conceptual Model of a Host.
TCP/IP Protocol Suite 1 Chapter 27 Upon completion you will be able to: Next Generation: IPv6 and ICMPv6 Understand the shortcomings of IPv4 Know the IPv6.
1 IPv6. 2 Problem: 32-bit address space will be completely allocated by Solution: Design a new IP with a larger address space, called the IP version.
© 2006 Cisco Systems, Inc. All rights reserved.IP6FD v2.0—2-1 IPv6 Operations Defining and Configuring Neighbor Discovery.
Network Plus IPv6 Addressing Concepts. 5/6/2013 IPv6 Addresses Not compatible with IPv4 128-bit address – 8 16-bit fields specified as 4 hex digits (0.
IPV6. Features of IPv6 New header format Large address space More efficient routing IPsec header support required Simple automatic configuration New protocol.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 W. Schulte Chapter 5: Network Address Translation for IPv4  Connecting.
Implementing IPv6 Module B 8: Implementing IPv6
IPv6 The Next Generation Presented by Anna La Mura Jens Waldecker.
1 Teredo - Tunneling IPv6 through NATs Date: Speaker: Quincy Wu National Chiao Tung University.
IPv4 & IPv6 Coexistence & Migration Joe Zhao SW2 Great China R&D Center ZyXEL Communications, Inc.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.
Limited address space The most visible and urgent problem with using IPv4 on the modern Internet is the rapid depletion of public addresses. Due to the.
1 Internet Protocol Version 6 (IPv6) What the caterpillar calls the end of the world, nature calls a butterfly. - Anonymous.
Network Layer IPv6 Slides were original prepared by Dr. Tatsuya Suda.
IPv6 Network Security.
2: Comparing IPv4 and IPv6 Rick Graziani Cabrillo College
LOGO IPv6 Application Analysis Xi Chen
IP Version 6 (IPv6) Dr. Adil Yousif. Why IPv6?  Deficiency of IPv4  Address space exhaustion  New types of service  Integration  Multicast  Quality.
Prepared By: Eng.Ola M. Abd El-Latif
Transition Mechanisms for Ipv6 Hosts and Routers RFC2893 By Michael Pfeiffer.
IPv6 – part I. FUNDAMENTALS AND PROTOCOLS / ICND 1.
Support Protocols and Technologies. Topics Filling in the gaps we need to make for IP forwarding work in practice – Getting IP addresses (DHCP) – Mapping.
CCNA Introduction to Networking 5.0 Rick Graziani Cabrillo College
CSIS 4823 Data Communications Networking – IPv6
IP Version 6 COMT 222. © 2005 Hans Kruse & Shawn Ostermann, Ohio University 2 Why change IP Number of addresses Routing Table Size Client configuration.
1 Windows 7 and A+ By Jean Andrews
IP Networks and Routing
Chapter 22 Next Generation IP Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Addressing IP v4 W.Lilakiatsakun. Anatomy of IPv4 (1) Dotted Decimal Address Network Address Host Address.
The InetAddress Class Nipat J.. public class InetAddress  This class represents an Internet Protocol (IP) address.  An IP address is either a 32-bit.
07/24/200769th IETF Meeting - 6LoWPAN WG1 IPv6 Header Compression for Global Addresses Jonathan Hui David Culler draft-hui-6lowpan-hc1g-00 – “Stateless.
IPv6 Routing Milo Liu SW2 R&D ZyXEL Communications, Inc.
CCNP Network Route IPV-6 Part-I IPV6 Addressing: IPV-4 is 32-BIT, IPV-6 is 128-BIT IPV-6 are divided into 8 groups. Each is 4 Hex characters. Each group.
1 RFC Transmission of IPv6 Packets over IEEE Networks Speaker: Li-Wen Chen Date:
© 2006 Cisco Systems, Inc. All rights reserved. BSCI v3.0—8-1 Implementing IPv6 Implementing Dynamic IPv6 Addresses.
19.1 Chapter 19 Network Layer: Logical Addressing Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 11: Network Address Translation for IPv4 Routing And Switching.
W&L Page 1 CCNA CCNA Training 3.5 Describe IPv6 addresses Jose Luis Flores / Amel Walkinshaw Aug, 2015.
© Cengage Learning 2014 How IP Addresses Get Assigned A MAC address is embedded on a network adapter at a factory IP addresses are assigned manually or.
IPv6 Internet Protocol Version Information management 2 Groep T Leuven – Information department 2/24 Internet Protocol Version 6 (IPv6)
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public BSCI Module 8 Lesson 3 1 BSCI Module 8 Lesson 3 Implementing Dynamic IPv6 Addresses.
ICMPv6 Error Message Types Informational Message Types.
Networking and Health Information Exchange Unit 1b ISO Open Systems Interconnection (OSI) Component 9/Unit 1b1 Health IT Workforce Curriculum Version 1.0/Fall.
IPv6 (Internet Protocol V. 6)
Understanding IPv6 Slide: 1 Lesson 5 ICMPv6. Understanding IPv6 Slide: 2 Lesson Objectives Purpose of ICMPv6 and the structure of all ICMPv6 messages.
1 IPv6: Address Architecture Dr. Rocky K. C. Chang 29 January, 2002.
Understand IPv6 Part 2 LESSON 3.3_B Networking Fundamentals.
23. IP version 6 IPv6 features, packet format & differences w/ IPv4
By Jean Andrews Windows 7 and A+ By Jean Andrews
Instructor Materials Chapter 7: IP Addressing
IPv6/Hexadecimal Objectives:
IPv6 101 pre-GDB - IPv6 workshop 7th of June 2016 edoardo
IPv6 Addressing Overview IPv6 increases the number of address bits by a factor of 4, from 32 to 128, providing a very large number of addressable.
CIS 116 IPv6 Fundamentals 2 – Primer Rick Graziani Cabrillo College
Chapter 6 Exploring IPv6.
Chapter 26 IPv6 Addressing
Introduction to Networking
Byungchul Park ICMP & ICMPv DPNM Lab. Byungchul Park
Chapter 26 IPv6 Addressing
CIS 82 Routing Protocols and Concepts Chapter 11 NAT
Chapter 26 IPv6 Addressing
Chapter 11: Network Address Translation for IPv4
16EC Computer networks unit II Mr.M.Jagadesh
Lecture#3-IPV4 Addressing
Presentation transcript:

What Could Possibly Go Wrong? Jen Linkova, furry@google.com IPv6 Source Addresses What Could Possibly Go Wrong? Jen Linkova, furry@google.com

Logging all IPv6 packets from reserved/invalid sources entering Google network from Internet Collecting the data for a few days Data Set: 2011: 1.1M packets 32.5K Unique IPs 2013: 15M packets 476K Unique IPs

1.9 6.3 2.5 0.4

ICMP Traffic Profile Users’ Traffic Echo Requests Infrastructure Time Exceeded Packet Too Big Destination Unreachable > 99% - ‘Address Unreachable’ * Neighbor Discovery Redirects

Link-Local Unicast fe80::/10

* “Based on MAC-48”: “U/L bit is set and “FF:FE octets present”. Packets (% of all packets) Unique Address Vendors (OUI) Total MAC48 based (*) Known Unknown 2011 26198 (2%) 156 129 (82%) 24 2 2013 11676 (0.08%) 35 32 (91%) 18 1 * “Based on MAC-48”: “U/L bit is set and “FF:FE octets present”. Other addresses look like privacy extensions or based on locally administered MAC-48.

Traffic Profile Majority of traffic is TCP (~90%) Non-TCP traffic: 2011: mix of ICMP destination unreachable packet too big time exceeded ND redirects 2013: traffic from TWO routers only ND redirects to Google frontends IPs.

Neighbor Discovery Redirects RFC 4861 - Neighbor Discovery for IP version 6 (IPv6) Source Address: MUST be the link-local address assigned to the interface from which this message is sent.Destination Address: The Source Address of the packet that triggered the redirect - MUST identify a neighbor Data packet: Source: Google frontend IP Destination: customer’s IP 1 HUAWEI TECHNOLOGIES CO.,LTD and AVM GmbH INTERNET Googe Network THE ROUTER Edge Router Frontend ND Redirect: Source: the router link-local IP Destination: Google frontend IP 2

How Did They Get There? None of those packets are from devices directly connected to Google routers Packets with link-local source came from Internet - successfully routed RFC4007 “IPv6 Scoped Address Architecture” Section 9, “Forwarding”: If transmitting the packet on the chosen next-hop interface would cause the packet to leave the zone of the source address, i.e., cross a zone boundary of the scope of the source address, then the packet is discarded.

Unique Local Unicast Addresses ULA fc00::/7

Packets (% of total packets analyzed) Prefixes Addresses IPs/prefix (avg) Total count Locally Assigned Invalid ULAs a.k.a ‘globally assigned’ (% of total packets) IEEE MAC48 based 2011 271056 (24%) 652 644 (99%) 8 (1%) 2063 (6.0 %) 88 (4.27%) ~3 2013 7125395 (48.0 %) 15545 15518 (99.8%) 27 (0.2%) 108920 (23%) 1452 (1.3%) ~7 IPv6 is hard: There is some confusion between fc00::/7, fc::/7 and fc0::/7!

‘U’ Stands For ‘Unique’...Really? What is the proper way to detect non-random GID? highest octet is ‘0’ or ‘1’ OR hex representation contains [a-f] or [0-9] only OR hex representation contains 3 or less different symbols (excl. ‘:’) two octets are ‘0’ Non-Random Prefixes Top List: fc00::/48 fd00::/48 fdfd:cafe:cafe::/48 Non-random ULA prefixes: 2011: 2.8% 2013: 0.7% Example of non-random: fd1f:ff23:f356::/48

Site Local Addresses fec0::/10 (Deprecated Since 2004)

Traffic profile is different from ULA Addresses (% of all unique IPs) Prefixes Packets (% of total packets) Traffic Profile TCP ICMP Dest. Unreachable ICMP Time Exceeded UDP 2011 16 (0.05%) 8 10497 (1%) 64% 1% 35% < 0.1% 2013 205 (0.04%) 21 55963 (0.4%) 40% 20% Traffic profile is different from ULA

Anomalies

6Bone Addresses: 3ffe::/16 and 5f00::/8 ~1% of all logged packets: 3ffe:831f::/32 Was used by Teredo on Windows machines 100% of traffic is ICMP Echo Requests 0.01% of all logged packets are from actual 6bone block 7 IP addresses detected 100% of traffic is TCP Source are different in 2011 and 2013

IPv4-Mapped ::FFFF:0:0/96 Used in the IPv6 basic API to denote IPv4 addresses Should NOT appear on the wire 2011/2013 - ~0.1% of analyzed traffic 96 86 should appear as source at all normally. However: http://technet.microsoft.com/en-us/library/cc727992(v=ws.10).aspx No particular pattern in encoded Ipv4 addresses - looks pretty much random. 13 1 1 1 1

Should NOT appear on the wire 2011/2013 - ~2% of analyzed traffic IPv4-Compatible ::/96 Deprecated since 2006 Should NOT appear on the wire 2011/2013 - ~2% of analyzed traffic Most of encoded IPs are private Mostly (97%): ICMP Destination Unreachable should appear as source at all normally. However: http://technet.microsoft.com/en-us/library/cc727992(v=ws.10).aspx No particular pattern in encoded Ipv4 addresses - looks pretty much random.

::/64 Subnet Very few packets from ::/1 :: (unspecified) Mystery Traffic: Interface ID: 64 non-zero bits, NOT based on MAC48

What We DID NOT See Multicast Sources Very little traffic from random blocks addresses like ‘a:a:a:a:a:a:a:a’ are popular

Summary Address selection is still broken Things are getting better No explanation for some mystery packets Scoped Address Architecture is ignored ;( ..let alone BCP38…:-((

QUESTIONS?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.