spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: IPv4/IPv6 address handling in the SPF specification

2005-07-02 15:16:05
from [Julian Mehnle] [Permanent Link] 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Wayne Schlitt wrote:

Ok, something else I've been pondering about IPv6...

In the above text, we *only* talk about IPv4-mapped IPv6 addresses and
not IPv4-compatible IPv6 addresses.

Is this correct?


Yes.


It is my understanding that IPv4-compatible IPv6 addresses are just
special IPv6 addresses that have their lower order bits match certain
assigned IPv4 addresses.  So, not every IPv4 address is allowed to use
IPv4-compatible addresses.


IPv4-compatible IPv6 addresses denote original IPv6 traffic.  IPv4-compa- 
tible IPv6 addresses are used for IPv6-enabled systems that live in 
environments that are unable to route IPv6 addresses.  RFC 2893 calls this 
use-case "automatic tunneling", i.e. IPv6 packets are wrapped in IPv4 
packets and routed using the IPv4 address, and the receiving system then 
logically receives those IPv6 packets on a _virtual_ IPv6 interface that 
uses an IPv4-compatible IPv6 address derived from the _real_ interface's 
IPv4 address.

Conversely, IPv4-mapped IPv6 addresses denote original IPv4 traffic.  The 
purpose of IPv4-mapped IPv6 addresses is to enable systems to receive and 
send IPv4 packets on IPv6 sockets, i.e. the system's IPv6 stack translates 
the incoming IPv4 addresses to mapped IPv6 addresses, and vice versa for 
outgoing IPv4 addresses.

We don't need to care about the IPv4-compatible IPv6 addresses because if 
an incoming TCP/IP (SMTP) connection is received on a (virtual) IPv6 
interface with an IPv4-compatible address, it can be deduced that the 
sending system actually initiated a TCP/IPv6 connection, so the 
originating address must be an IPv6 address, not an IPv4 address.

Conversely, since IPv4-mapped IPv6 addresses are used for original IPv4 
traffic, the originating address must be an IPv4 address, and needs to be 
"treated like one" because any SPF policies and DNS entries will not have 
been expressed using the ::ffff:n.n.n.n format for IPv4 addresses, but 
using the n.n.n.n format.  (::ffff:n.n.n.n is not a "routable" address, 
only n.n.n.n is, because traffic to such addresses will always be routed 
using IPv4, and be it in an IPv6 tunnel.)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFCxxIlwL7PKlBZWjsRAtQEAKCQu/S5wuPQdXpfHubG1YmQkDTOyQCfRV/s
cKvRjjm069DodjWD9LPqWFY=
=6utb
-----END PGP SIGNATURE-----
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: IPv4/IPv6 address handling in the SPF specification, wayne
Next by Date:  non-SPF domains with MX SPF domains, Hector Santos
Previous by Thread:  Re: IPv4/IPv6 address handling in the SPF specification, wayne
Next by Thread:  non-SPF domains with MX SPF domains, Hector Santos
Indexes:  [Date] [Thread] [Top] [All Lists]