Presentation is loading. Please wait.

Presentation is loading. Please wait.

What Could Possibly Go Wrong? Jen Linkova,

Published byAdrian Butler Modified over 5 years ago

Similar presentations

Presentation on theme: "What Could Possibly Go Wrong? Jen Linkova,"— Presentation transcript:

1 What Could Possibly Go Wrong? Jen Linkova, furry@google.com
IPv6 Source Addresses What Could Possibly Go Wrong? Jen Linkova,

2 Logging all IPv6 packets from reserved/invalid sources entering Google network from Internet
Collecting the data for a few days Data Set: 2011: 1.1M packets 32.5K Unique IPs 2013: 15M packets 476K Unique IPs

3

4

5 1.9 6.3 2.5 0.4

6 ICMP Traffic Profile Users’ Traffic Echo Requests Infrastructure Time Exceeded Packet Too Big Destination Unreachable > 99% - ‘Address Unreachable’ * Neighbor Discovery Redirects

7 Link-Local Unicast fe80::/10

8 * “Based on MAC-48”: “U/L bit is set and “FF:FE octets present”.
Packets (% of all packets) Unique Address Vendors (OUI) Total MAC48 based (*) Known Unknown 2011 26198 (2%) 156 129 (82%) 24 2 2013 11676 (0.08%) 35 32 (91%) 18 1 * “Based on MAC-48”: “U/L bit is set and “FF:FE octets present”. Other addresses look like privacy extensions or based on locally administered MAC-48.

9 Traffic Profile Majority of traffic is TCP (~90%) Non-TCP traffic:
2011: mix of ICMP destination unreachable packet too big time exceeded ND redirects 2013: traffic from TWO routers only ND redirects to Google frontends IPs.

10 Neighbor Discovery Redirects
RFC Neighbor Discovery for IP version 6 (IPv6) Source Address: MUST be the link-local address assigned to the interface from which this message is sent.Destination Address: The Source Address of the packet that triggered the redirect - MUST identify a neighbor Data packet: Source: Google frontend IP Destination: customer’s IP 1 HUAWEI TECHNOLOGIES CO.,LTD and AVM GmbH INTERNET Googe Network THE ROUTER Edge Router Frontend ND Redirect: Source: the router link-local IP Destination: Google frontend IP 2

11 How Did They Get There? None of those packets are from devices directly connected to Google routers Packets with link-local source came from Internet - successfully routed RFC4007 “IPv6 Scoped Address Architecture” Section 9, “Forwarding”: If transmitting the packet on the chosen next-hop interface would cause the packet to leave the zone of the source address, i.e., cross a zone boundary of the scope of the source address, then the packet is discarded.

12 Unique Local Unicast Addresses
ULA fc00::/7

13 Packets (% of total packets analyzed) Prefixes Addresses IPs/prefix (avg) Total count Locally Assigned Invalid ULAs a.k.a ‘globally assigned’ (% of total packets) IEEE MAC48 based 2011 271056 (24%) 652 644 (99%) 8 (1%) 2063 (6.0 %) 88 (4.27%) ~3 2013 (48.0 %) 15545 15518 (99.8%) 27 (0.2%) 108920 (23%) 1452 (1.3%) ~7 IPv6 is hard: There is some confusion between fc00::/7, fc::/7 and fc0::/7!

14 ‘U’ Stands For ‘Unique’...Really?
What is the proper way to detect non-random GID? highest octet is ‘0’ or ‘1’ OR hex representation contains [a-f] or [0-9] only OR hex representation contains 3 or less different symbols (excl. ‘:’) two octets are ‘0’ Non-Random Prefixes Top List: fc00::/48 fd00::/48 fdfd:cafe:cafe::/48 Non-random ULA prefixes: 2011: 2.8% 2013: 0.7% Example of non-random: fd1f:ff23:f356::/48

15 Site Local Addresses fec0::/10 (Deprecated Since 2004)

16 Traffic profile is different from ULA
Addresses (% of all unique IPs) Prefixes Packets (% of total packets) Traffic Profile TCP ICMP Dest. Unreachable ICMP Time Exceeded UDP 2011 16 (0.05%) 8 10497 (1%) 64% 1% 35% < 0.1% 2013 205 (0.04%) 21 55963 (0.4%) 40% 20% Traffic profile is different from ULA

17 Anomalies

18 6Bone Addresses: 3ffe::/16 and 5f00::/8
~1% of all logged packets: 3ffe:831f::/32 Was used by Teredo on Windows machines 100% of traffic is ICMP Echo Requests 0.01% of all logged packets are from actual 6bone block 7 IP addresses detected 100% of traffic is TCP Source are different in 2011 and 2013

19 IPv4-Mapped ::FFFF:0:0/96 Used in the IPv6 basic API to denote IPv4 addresses Should NOT appear on the wire 2011/ ~0.1% of analyzed traffic 96 86 should appear as source at all normally. However: No particular pattern in encoded Ipv4 addresses - looks pretty much random. 13 1 1 1 1

20 Should NOT appear on the wire 2011/2013 - ~2% of analyzed traffic
IPv4-Compatible ::/96 Deprecated since 2006 Should NOT appear on the wire 2011/ ~2% of analyzed traffic Most of encoded IPs are private Mostly (97%): ICMP Destination Unreachable should appear as source at all normally. However: No particular pattern in encoded Ipv4 addresses - looks pretty much random.

21 ::/64 Subnet Very few packets from ::/1 :: (unspecified)
Mystery Traffic: Interface ID: 64 non-zero bits, NOT based on MAC48

22 What We DID NOT See Multicast Sources
Very little traffic from random blocks addresses like ‘a:a:a:a:a:a:a:a’ are popular

23 Summary Address selection is still broken Things are getting better
No explanation for some mystery packets Scoped Address Architecture is ignored ;( ..let alone BCP38…:-((

24 QUESTIONS?

Download ppt "What Could Possibly Go Wrong? Jen Linkova,"

Similar presentations

IPv6 Addressing Details LAC NIC VII October 26, 2004 Wilfried

IPv6 Addressing Details LAC NIC VII October 26, 2004 Wilfried
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 26 IPv6 Addressing.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 26 IPv6 Addressing.
Future Directions For IP Architectures Ipv6 Cs686 Sadik Gokhan Caglar.

Future Directions For IP Architectures Ipv6 Cs686 Sadik Gokhan Caglar.
IPv6 Introduction What is IPv6 Purpose of IPv6 (Why we need it)Purpose of IPv6 IPv6 Addressing Architecture IPv6 Header ICMP v6 Neighbor Discovery (ND)

IPv6 Introduction What is IPv6 Purpose of IPv6 (Why we need it)Purpose of IPv6 IPv6 Addressing Architecture IPv6 Header ICMP v6 Neighbor Discovery (ND)
Neighbor Discovery for IPv6 Mangesh Kaushikkar. Overview Introduction Terminology Protocol Overview Message Formats Conceptual Model of a Host.

Neighbor Discovery for IPv6 Mangesh Kaushikkar. Overview Introduction Terminology Protocol Overview Message Formats Conceptual Model of a Host.
TCP/IP Protocol Suite 1 Chapter 27 Upon completion you will be able to: Next Generation: IPv6 and ICMPv6 Understand the shortcomings of IPv4 Know the IPv6.

TCP/IP Protocol Suite 1 Chapter 27 Upon completion you will be able to: Next Generation: IPv6 and ICMPv6 Understand the shortcomings of IPv4 Know the IPv6.
1 IPv6. 2 Problem: 32-bit address space will be completely allocated by 2008. Solution: Design a new IP with a larger address space, called the IP version.

1 IPv6. 2 Problem: 32-bit address space will be completely allocated by Solution: Design a new IP with a larger address space, called the IP version.
© 2006 Cisco Systems, Inc. All rights reserved.IP6FD v2.0—2-1 IPv6 Operations Defining and Configuring Neighbor Discovery.

© 2006 Cisco Systems, Inc. All rights reserved.IP6FD v2.0—2-1 IPv6 Operations Defining and Configuring Neighbor Discovery.
Network Plus IPv6 Addressing Concepts. 5/6/2013 IPv6 Addresses Not compatible with IPv4 128-bit address – 8 16-bit fields specified as 4 hex digits (0.

Network Plus IPv6 Addressing Concepts. 5/6/2013 IPv6 Addresses Not compatible with IPv4 128-bit address – 8 16-bit fields specified as 4 hex digits (0.
IPV6. Features of IPv6 New header format Large address space More efficient routing IPsec header support required Simple automatic configuration New protocol.

IPV6. Features of IPv6 New header format Large address space More efficient routing IPsec header support required Simple automatic configuration New protocol.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 W. Schulte Chapter 5: Network Address Translation for IPv4  Connecting.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 W. Schulte Chapter 5: Network Address Translation for IPv4  Connecting.
Implementing IPv6 Module B 8: Implementing IPv6

Implementing IPv6 Module B 8: Implementing IPv6
IPv6 The Next Generation Presented by Anna La Mura Jens Waldecker.

IPv6 The Next Generation Presented by Anna La Mura Jens Waldecker.
1 Teredo - Tunneling IPv6 through NATs Date: 2003-10-31 Speaker: Quincy Wu National Chiao Tung University.

1 Teredo - Tunneling IPv6 through NATs Date: Speaker: Quincy Wu National Chiao Tung University.
IPv4 & IPv6 Coexistence & Migration Joe Zhao SW2 Great China R&D Center ZyXEL Communications, Inc.

IPv4 & IPv6 Coexistence & Migration Joe Zhao SW2 Great China R&D Center ZyXEL Communications, Inc.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.
Limited address space The most visible and urgent problem with using IPv4 on the modern Internet is the rapid depletion of public addresses. Due to the.

Limited address space The most visible and urgent problem with using IPv4 on the modern Internet is the rapid depletion of public addresses. Due to the.
1 Internet Protocol Version 6 (IPv6) What the caterpillar calls the end of the world, nature calls a butterfly. - Anonymous.

1 Internet Protocol Version 6 (IPv6) What the caterpillar calls the end of the world, nature calls a butterfly. - Anonymous.
Network Layer IPv6 Slides were original prepared by Dr. Tatsuya Suda.

Network Layer IPv6 Slides were original prepared by Dr. Tatsuya Suda.
IPv6 Network Security.

IPv6 Network Security.

Similar presentations

Ads by Google