[Solved] Re: Invisible IPv6 addresses
On Wed, 18 Dec 2019 10:27:51 +0300
Reco <recoverym4n@enotuniq.net> wrote:
> Hi.
>
> On Tue, Dec 17, 2019 at 04:54:17PM -0500, Celejar wrote:
> > But the IPv6 address e:f:g:h:i:j:k:l is not actually configured
> > anywhere on the router (as shown by 'ip a' and other tools)!
>
> Either there's some IPv6 - IPv4 conversion involved, or Verison just
> terminates inbound IPv6 connections on their end.
I did some investigating with tcpdump on the router, and IIUC, there is
indeed some sort of IPv6 - IPv4 conversion going on:
On the router:
~# tcpdump -i any icmp
On the remote box:
~$ ping e:f:g:h:i:j:k:l
PING e:f:g:h:i:j:k:l(e:f:g:h:i:j:k:l) 56 data bytes
64 bytes from e:f:g:h:i:j:k:l: icmp_seq=1 ttl=51 time=89.0 ms
But the tcpdump instance on the router sees the pings like this
IP ue.tmodns.net > pool-a-b-c-d.region.fios.verizon.net: ICMP echo request, id 44719, seq 1, length 64
IP pool-a-b-c-d.region.fios.verizon.net > ue.tmodns.net: ICMP echo reply, id 44719, seq 1, length 64
or (with -n):
IP 172.58.187.252 > a.b.c.d: ICMP echo request, id 47985, seq 1, length 64
IP a.b.c.d > 172.58.187.252: ICMP echo reply, id 47985, seq 1, length 64
ue.tmodns.net / 172.58.187.252 is owned by T-Mobile, my wireless
provider (via an MVNO), and apparently it's transparently translating
between IPv6 - IPv4.
I looked around a bit, and IIUC, this is a NAT64 server [1], which
T-Mobile uses as part of it's 464XLAT (RFC 6877) architecture [2], a
system it developed to facilitate interoperability between its pure
IPv6 network and legacy IPv4 installations [3] (like my Verizon residential
service).
Thanks much for the help.
[1] https://en.wikipedia.org/wiki/NAT64
[2] https://en.wikipedia.org/wiki/IPv6_transition_mechanism#464XLAT
https://tools.ietf.org/html/rfc6877
[3] https://www.internetsociety.org/resources/deploy360/2014/case-study-t-mobile-us-goes-ipv6-only-using-464xlat/
https://www.reddit.com/r/tmobile/comments/5le5s7/tmobile_openvpn_connect_ipv6_nat64/dbv33j3/
Celejar
Reply to: