While I happen to agree with you 2002::/16 SHOULD NOT be filtered, and RFC 7526 is quite clear that 2002::/16 is still valid. However, it is perfectly permissible to filter it, if that is the policy a network operator wishes to enforce.
On Tue, May 14, 2019 at 10:30 AM JORDI PALET MARTINEZ < [email protected]> wrote: > 6to4 is still a valid protocol. IT SHOULD NOT be filtered. 6to4 uses the > same protocol as other tunnels such as 6in4 (protocol 41). > > > > https://www.ietf.org/rfc/rfc3056.txt > > > > It works fine for peer to peer applications. > > > > What the IETF deprecated is anycast for 6to4 relays: > > > > https://tools.ietf.org/html/rfc7526 > > > > I believe Hurricane Electric still hosts 6to4 relays. > > > Regards, > > Jordi > > > > > > > > El 14/5/19 17:25, "Amos Rosenboim" < > [email protected] en nombre de > [email protected]> escribió: > > > > Hello, > > > > > > As we are trying to tighten the security for IPv6 traffic in our network, > I was looking for a reference IPv6 ingress filter. > > I came up with Job Snijders suggestion (thank you Job) that can be > conveniently found at whois -h whois.ripe.net fltr-martian-v6 > > > > After applying the filter I noticed some traffic from 6to4 addresses > (2002::/16) to our native IPv6 prefixes (residential users in this case). > > The traffic is a mix of both UDP and TCP but all on high port numbers on > both destination and source. > > It seems to me like some P2P traffic, but I really can’t tell. > > > > This got me thinking, why should we filter these addresses at all ? > > I know 6to4 is mostly dead, but is it inherently bad ? > > > > And if so, why is the prefix (2002::/16) still being routed ? > > > > Thanks, > > > > Amos Rosenboim > > -- > > > > ********************************************** > IPv4 is over > Are you ready for the new Internet ? > http://www.theipv6company.com > The IPv6 Company > > This electronic message contains information which may be privileged or > confidential. The information is intended to be for the exclusive use of > the individual(s) named above and further non-explicilty authorized > disclosure, copying, distribution or use of the contents of this > information, even if partially, including attached files, is strictly > prohibited and will be considered a criminal offense. If you are not the > intended recipient be aware that any disclosure, copying, distribution or > use of the contents of this information, even if partially, including > attached files, is strictly prohibited, will be considered a criminal > offense, so you must reply to the original sender to inform about this > communication and delete it. > > -- =============================================== David Farmer Email:[email protected] Networking & Telecommunication Services Office of Information Technology University of Minnesota 2218 University Ave SE Phone: 612-626-0815 Minneapolis, MN 55414-3029 Cell: 612-812-9952 ===============================================
