Hi David, 6to4 is a stateless tunnel network. The tunnel entry node advertises 2002::/16 into the native IPv6 network and relays received IPv6 packets inside an IPv4 packet. The tunnel exit node's IPv4 address is encoded in the 6to4 IPv6 destination address. No IPv6 addresses are changed in the transmission of the packet, so unless someone is incorrectly advertising more-specifics for 2002::/16, 2002:af2c:785::af2c:785 is the host that connected to your customer and that host is connected to af.2c.07.85, i.e. 175.44.7.133. Going the other way (towards the native IPv6 network), 175.44.7.133 encapsulates the IPv6 packet into an IPv4 packet addressed to the standard anycast IPv4 address for a 6to4 exit node. This packet finds its way to the nearest 6to4 exit node on the IPv6 native network where it is decapsulated back to an plain IPv6 packet. Repeating af2c:785 in the address is just like saying 10.11.10.11. Don't expect it to mean anything. Regards, Bill Herrin On Wed, Sep 24, 2014 at 12:42 PM, David Hubbard <dhubbard@dino.hostasaurus.com> wrote:
Curious if anyone can tell me, or point me to a link, on how 2002::/16 is actually implemented for 6to4? Strictly for curiosity.
We had a customer ask about blocking spam from their wordpress blog that we host and the spammer was using 2002:af2c:785::af2c:785, which was the first time I'd seen wordpress spam coming from IPv6. Per RFC3964, I'm guessing the 175.44.120.5 is just a relay router, not surprisingly, on the China Net network and the spammer was native v6?
I see that net advertised from 6939 (HE) and 1103 (SURFnet Netherlands) from the perspective of my feeds, so that just got me more confused.
Thanks,
David
-- William Herrin ................ herrin@dirtside.com bill@herrin.us Owner, Dirtside Systems ......... Web: <http://www.dirtside.com/> Can I solve your unusual networking challenges?