-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Wayne Schlitt wrote:
Ok, something else I've been pondering about IPv6...
In the above text, we *only* talk about IPv4-mapped IPv6 addresses and
not IPv4-compatible IPv6 addresses.
Is this correct?
Yes.
It is my understanding that IPv4-compatible IPv6 addresses are just
special IPv6 addresses that have their lower order bits match certain
assigned IPv4 addresses. So, not every IPv4 address is allowed to use
IPv4-compatible addresses.
IPv4-compatible IPv6 addresses denote original IPv6 traffic. IPv4-compa-
tible IPv6 addresses are used for IPv6-enabled systems that live in
environments that are unable to route IPv6 addresses. RFC 2893 calls this
use-case "automatic tunneling", i.e. IPv6 packets are wrapped in IPv4
packets and routed using the IPv4 address, and the receiving system then
logically receives those IPv6 packets on a _virtual_ IPv6 interface that
uses an IPv4-compatible IPv6 address derived from the _real_ interface's
IPv4 address.
Conversely, IPv4-mapped IPv6 addresses denote original IPv4 traffic. The
purpose of IPv4-mapped IPv6 addresses is to enable systems to receive and
send IPv4 packets on IPv6 sockets, i.e. the system's IPv6 stack translates
the incoming IPv4 addresses to mapped IPv6 addresses, and vice versa for
outgoing IPv4 addresses.
We don't need to care about the IPv4-compatible IPv6 addresses because if
an incoming TCP/IP (SMTP) connection is received on a (virtual) IPv6
interface with an IPv4-compatible address, it can be deduced that the
sending system actually initiated a TCP/IPv6 connection, so the
originating address must be an IPv6 address, not an IPv4 address.
Conversely, since IPv4-mapped IPv6 addresses are used for original IPv4
traffic, the originating address must be an IPv4 address, and needs to be
"treated like one" because any SPF policies and DNS entries will not have
been expressed using the ::ffff:n.n.n.n format for IPv4 addresses, but
using the n.n.n.n format. (::ffff:n.n.n.n is not a "routable" address,
only n.n.n.n is, because traffic to such addresses will always be routed
using IPv4, and be it in an IPv6 tunnel.)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFCxxIlwL7PKlBZWjsRAtQEAKCQu/S5wuPQdXpfHubG1YmQkDTOyQCfRV/s
cKvRjjm069DodjWD9LPqWFY=
=6utb
-----END PGP SIGNATURE-----