[188969] in North American Network Operators' Group
Re: IPv6 prefix from T-Mobile USA used but not announced in BGP
daemon@ATHENA.MIT.EDU (Baptiste Jonglez)
Wed Apr 27 18:31:53 2016
X-Original-To: nanog@nanog.org
Date: Thu, 28 Apr 2016 00:31:44 +0200
From: Baptiste Jonglez <baptiste@bitsofnetworks.org>
To: Ca By <cb.list6@gmail.com>
In-Reply-To: <CAD6AjGQgTAUak3HWmMo222garMAZR+XWZSax2xaYg5gCZkWquw@mail.gmail.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
--7qSK/uQB79J36Y4o
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Wed, Apr 27, 2016 at 02:38:41PM -0700, Ca By wrote:
> What behavior do you expect when an ipv6only node connects to an ipv4only
> node , which is the tmobile case? How is that address of the address
> report?
As far as I know, IPv4-only DHT nodes do not directly communicate with
IPv6-only DHT nodes, I don't see how this would be possible in general.
The code of the DHT client is here:
https://github.com/savoirfairelinux/opendht
> On Wednesday, April 27, 2016, Baptiste Jonglez <baptiste@bitsofnetworks.o=
rg>
> wrote:
>=20
> > On Wed, Apr 27, 2016 at 01:16:28PM -0700, Aaron Hopkins wrote:
> > > On Wed, 27 Apr 2016, Baptiste Jonglez wrote:
> > >
> > > >While doing statistics on the participants of a public DHT, I was
> > > >surprised to see some IP addresses that are not present in the DFZ:
> > >
> > > I believe those are used by T-mobile's 464XLAT (RFC 6877) implementat=
ion.
> > >
> > > Recent Android on T-mobile is IPv6-only and has no ability to connect=
to
> > > raw IPv4 addresses. T-mobile's DNS servers are only asked by these
> > devices
> > > to translate hostnames to IPv6 addresses. If they can't find an IPv6
> > > address, they will look up the IPv4 address for a hostname, and pack =
it
> > into
> > > the bottom 32 bits of an IPv6 address that routes to a IPv6-to-IPv4 N=
AT
> > > device.
> >
> > Thanks, I had forgotten that DNS64 is possible without using the
> > well-known prefix. The encoded IPv4 addresses seem to belong to other
> > peers of the DHT.
> >
> > So, if this is basically DNS64/NAT64, these IP addresses should not be
> > seen as source or destination address outside of T-Mobile's network, and
> > are not attached to the interface of any device.
> >
> > I can see two possible explanations:
> >
> > 1/ packets with src or dest IP in 2607:7700::/32 somehow escaped
> > T-Mobile's network, without being translated back to IPv4. They cau=
sed
> > other DHT nodes to believe they have incoming peers in 2607:7700::/3=
2.
> >
> > 2/ there is an interesting bug in the DHT software when run behind 464X=
LAT
> > (btw, the DHT is dual-stack and supports IPv6 just fine)
> >
> > I still wonder how this can happen, because the DHT does not use DNS at
> > all...
> >
> > Baptiste
> >
--7qSK/uQB79J36Y4o
Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJXIT3MAAoJEL4B7CKgTi5GBikQAIy25xEzlsHKG0l3TNZFBPiD
ucQ9e3gcZWt5azEG0ubBUzKZcSq7qcwKTAj1LFtE7qZC26fRok26pMVh8yGg45rN
Jz/DfCj7wLbYzo5tt7RXuMnDpLXP/9/p4uCfoqbeVSv6/1gUYyAu9aOEKOOrGKO9
VM49TS1JJc4is3EB6DRDxZVxtBk5L9ysC1JkNbXlGGH24QusZcnLQUah4wz8F+mV
qjVwQVTeXHxrmAiGdQnB3+EJXf5n77NQGAgpcEUhkHVtl2sG2O+NVmDJ0qKA6k3R
kPKZothPDiLEI7ZpNk3xyle38pBxVRYbHZ5G8Snt38hHH6sFiD/Ir1PZ3p02H9Mh
UMLhUxygVp8ffTWpvGgJ0hU2QFfMYdrEJrC0DyyfjxKf8gDOuCskoLex3T1Vr0LD
F9EwQohkpjf4D1anRAaqFPKAbg/76VSbywJpjf3NMfPdhaEE4dS5ZiOeUY8ROvy4
aC8waA7fdHzucY/VCbMlOng9euBp7GSv4mil9QpE0U9Y5IVHqwERdlowqqHIjVeG
d5ij7skdab8sp0rHbilltBIi+Yu3k2F3BiPG00pYXDt5UMzOSQCbPppaE0k3/11t
qiwzCJ1ETspwwUqsAsKykJYSTdTB/e2M/+s966n0l5Qscm57AXkAc3gIbDPw+joB
Nt/YRqJc9EvwNC8nm2Ga
=vG+L
-----END PGP SIGNATURE-----
--7qSK/uQB79J36Y4o--
