[IPv6crawler-wg] Prefixes, allocation and type of address
Olivier MJ Crepin-Leblond
ocl at gih.com
Sun Apr 18 14:27:27 BST 2010
Hello Sameh,
Hello Gentlemen - this is Cc'ed to you if you have suggestions on this
subject.
I have done some of my own research on IPv6 prefixes as well as asked
several people who know.
Before I start, let me provide you with a helpful table about the IPv6
subnet matrix:
Subnet Matrix Table
2001:0DB8:0400:000e:0000:0000:0000:402b
||| |||| |||| |||| |||| |||| ||||
||| |||| |||| |||| |||| |||| |||128
||| |||| |||| |||| |||| |||| ||124
||| |||| |||| |||| |||| |||| |120
||| |||| |||| |||| |||| |||| 116
||| |||| |||| |||| |||| |||112
||| |||| |||| |||| |||| ||108
||| |||| |||| |||| |||| |104
||| |||| |||| |||| |||| 100
||| |||| |||| |||| |||96
||| |||| |||| |||| ||92
||| |||| |||| |||| |88
||| |||| |||| |||| 84
||| |||| |||| |||80
||| |||| |||| ||76
||| |||| |||| |72
||| |||| |||| 68
||| |||| |||64
||| |||| ||60
||| |||| |56
||| |||| 52
||| |||48
||| ||44
||| |40
||| 36
||32
|28
24
I have found this table very helpful with differentiation of /32, /48,
/64, and intermediate /40 etc.
Please find my suggestions for detection, as well as a config file which
have built and suggest using.
- IPv6 to IPv4 Web proxies
No special prefix for this. Detection is therefore hard.
If we check the Web site itself and detect that it is a proxy, we might
be able to characterise it was an IPv6 to IPv4 Web proxy.
We can use the nmap-service-probes match.
In order to only look at known Web proxies, do a:
[ocl at crawler nmap]$ grep http-proxy /usr/share/nmap/nmap-service-probes
So when testing a Web server, we could check if its IPv6 address was a
Web proxy.
Any other idea? Moustafa? Alan?
ADDRESS PREFIXES
I suggest we store all the address prefixes in a text file so that we
can add new address prefixes and definitions as time goes on.
It is impossible to list all of the tunnels in use out there, but one
ongoing part of the project's accuracy will be that people/ISPs will be
able to send details of their own tunnel details so that we can have a
clearer picture.
I suggest the following format, as a CSV:
Unique Identifier (UID), Tag, Name, Location, Prefix
where the Unique identifier is a Hex prefixed by the letter U. Also: the
prefix includes the subnet prefix in full.
The Unique identifier ranges from:
U1-U0FFF: 6-to-4 tunnel prefixes (4095 total possibilities)
U1000-U1FFF: 6-in-4 tunnel prefixes (4095 possibilities)
U2000-U2FFF: 6rd tunnel prefixes (4095 possibilities)
U3000-U3FFF: Teredo tunnel prefixes (4095 possibilities)
U4000-U4FFF: reserved for further expansion
U5000-U6FFF: sixxs.net global tunnel prefixes (4095 possibilities)
U6000-U6FFF: reserved for future expansion
U7000-U7FFF: he.net global tunnel prefixes (4095 possibilities)
U8000-U9FFF: reserved for future expansion
UA000-UBFFF: Localised / smaller scale tunnelling services
UC000-UFFFF: reserved for future expansion
For example:
U1A3, tunnel.nile.edu.eg, Nile University, Egypt, 2001:1234:ABCD::/48
Here, I've taken that Nile University operates its own 6-to-4 tunnel for
all its addresses under its IPv6 prefix.
Nile University might have been allocated 2001:1234::/32 but only uses
its ABCD subnet to serve tunnels to its students.
It is important to note this, because as you'll see, some organisations
both supply native IPv6 to clients as well as IPv6 tunnels, and they
subnet accordingly.
*LIST*
- 6-to-4 addresses
These are all prefixed as: 2002::/16 (ie. all addresses starting with
2002: )
Entry:
U1, 6to4, 6-to-4 address, Worldwide, 2002::/16
- 6-in-4 addresses
Nothing special for that. I'm going to have to keep on checking for this.
- 6rd
Nothing special either. Only their own ISP can tell. I'll try to see if
it is possible to do a search for worldwide ISPs which run 6rd, and then
trace their address allocation at the local Regional Internet Registry,
in case they have annotated their allocation with a note about 6rd.
I think that FREE.FR uses 6rd for its clients, and ComCast.net is likely
to offer this soon to its clients.
- Teredo addresses
These are all prefixed as: 2001:0000::/32
There are quite a few Teredo servers around, but I have found it
impossible to trace which one serves what prefix.
Entry:
U3000, General, Teredo Tunnel, Worldwide, 2001:0000::/32
- addresses from Tunnel Brokers
There are two main tunnel brokers in the world:
* Sixxs.net
For a full list of the prefixes, go to: http://www.sixxs.net/pops/prefixes/
There is also a link on that page to download the CSV version of the
information - which is very handy to download and use locally.
I've downloaded the CSV list into an Excel Document, filtered down only
the tunnels, and re-formatted it, exporting it as a text file which
contains our list.
This is reproduced here: (please do not cut/paste from here because <CR>
might be caused by line wrapping.
UID, Tag, ISP Short - ISP Name - ISP Website, Location, Prefix
U5000, brudi01, ctbc - Companhia de Telecomunicações do Brasil Central -
http://www.ctbc.com.br , br, 2001:1291:200::/48
U5020, ittrn01, itgate - ITgate - http://www.itgate.it/, it,
2001:1418:100::/48
U5040, fihel01, dna - DNA Oy - http://www.dnaoy.fi, fi, 2001:14b8:100::/48
U5060, simbx01, amis - Amis - http://www.amis.net/, si, 2001:15c0:65ff::/48
U5080, chzrh02, init7 - Init Seven AG - http://www.init7.net/, ch,
2001:1620:f00::/48
U50A0, dkcph01, phonera - Phonera - http://www.phonera.se, dk,
2001:16d8:dd00::/48
U50C0, noosl01, phonera - Phonera - http://www.phonera.se, no,
2001:16d8:ee00::/48
U50E0, sesto01, phonera - Phonera - http://www.phonera.se, se,
2001:16d8:ff00::/48
U5100, usdal01, highwinds - Highwinds Network Group Inc -
http://www.highwinds.com, us, 2001:1938:80::/48
U5120, usphx01, highwinds - Highwinds Network Group Inc -
http://www.highwinds.com, us, 2001:1938:81::/48
U5140, uslax01, highwinds - Highwinds Network Group Inc -
http://www.highwinds.com, us, 2001:1938:82::/48
U5160, nlhaa01, leaseweb - Leaseweb B.V. - http://www.leaseweb.com, nl,
2001:1af8:fe00::/48
U5180, chzrh01, ipman - IP-Man - http://www.ip-man.net/, ch,
2001:41e0:ff00::/48
U51A0, nzwlg01, acsdata - Advanced Computer Solutions (ACSData) -
http://www.acsdata.co.nz, nz, 2001:4428:200::/48
U51C0, usbos01, occaid - OCCAID Inc. - http://www.occaid.org, us,
2001:4830:1100::/48
U51E0, usewr01, occaid - OCCAID Inc. - http://www.occaid.org, us,
2001:4830:1200::/48
U5200, usqas01, occaid - OCCAID Inc. - http://www.occaid.org, us,
2001:4830:1600::/48
U5220, uschi02, yourorg - Your.Org Inc. - http://www.your.org, us,
2001:4978:f::/48
U5240, decgn01, netcologne - NetCologne Gesellschaft fur
Telekommunikation mbH - http://www.netcologne.de, de, 2001:4dd0:ff00::/48
U5260, nlams05, surfnet - SURFnet - http://www.ipv6.surfnet.nl, nl,
2001:610:600::/48
U5280, plwaw01, icm - ICM - http://www.icm.edu.pl/, pl, 2001:6a0:200::/48
U52A0, bebru02, belnet - BELNET - The Belgian Research and Education
Network - http://www.belnet.be, be, 2001:6a8:200::/48
U52C0, deham02, easynet - Easynet - http://www.easynet.net, de,
2001:6f8:1c00::/48
U52E0, bebru01, easynet - Easynet - http://www.easynet.net, be,
2001:6f8:202::/48
U5300, deham01, easynet - Easynet - http://www.easynet.net, de,
2001:6f8:900::/48
U5320, iedub01, heanet - HEAnet - http://www.heanet.ie, ie,
2001:770:100::/48
U5340, nlede01, bit - BIT BV - http://www.bit.nl, nl, 2001:7b8:2ff::/48
U5360, lulux01, ptlu - Entreprise des Postes et Telecommunications -
http://www.pt.lu/portal/Entreprise, lu, 2001:7e8:2200::/48
U5380, plpoz01, poznan - Poznan Supercomputing and Networking Center -
http://www.man.poznan.pl, pl, 2001:808:100::/48
U53A0, plpoz01, poznan - Poznan Supercomputing and Networking Center -
http://www.man.poznan.pl, pl, 2001:808:e100::/48
U53C0, nlams01, concepts - Concepts ICT BV - http://www.concepts-ict.nl,
nl, 2001:838:300::/48
U53E0, nlams04, scarlet - Scarlet Internet B.V. -
http://www.scarlet-internet.nl, nl, 2001:960:2::/48
U5400, demuc02, mnet - M-net Telekommunikations GmbH -
http://www.m-net.de, de, 2001:a60:f000::/48
U5420, eetll01, linxtelecom - Linxtelecom Estonia -
http://www.linxtelecom.ee, ee, 2001:ad0:900::/48
U5440, ptlis01, nfsi - NFSi Telecom Lda. - http://www.nfsi.pt, pt,
2001:b18:2000::/48
U5460, dedus01, speedpartner - SpeedPartner GmbH -
http://www.speedpartner.de, de, 2a01:198:200::/48
U5480, frmrs01, jaguar - Jaguar Network SARL -
http://www.jaguar-network.com, fr, 2a01:240:fe00::/48
U54A0, gblon02, goscomb - Goscomb Technologies - http://www.goscomb.net,
gb, 2a01:348:6::/48
U54C0, iegwy01, airwire - Airwire - http://www.airwire.ie, ie,
2a02:278:1200::/48
U54E0, dkcph02, fullrate - Fullrate A/S - http://www.fullrate.dk, dk,
2a02:980:1000::/48
* he.net - Hurricane Electric
I asked them and they replied that they do not publish a list of their
prefixes.
So I've manually traced all of their local tunnel servers, and found
users on each, and found their prefixes. Yes, it was a lot of work.
This is not a full list, and I guess that it will grow, but for the time
being, this will do. I think it will catch 80% of all HE tunnel customers.
I've attached it as a text file which contains our list and this is
reproduced as follows:
UID, Tag, ISP Short - ISP Name - ISP Website, Country, #Prefix
U7000, tserv2.fmt. , HE.net Fremont California, US, 2001:470:1f01::/48
U7020, tserv2.fmt. , HE.net Fremont California, US, 2001:470:1f03::/48
U7040, tserv3.fmt2. , HE.net Fremont California, US, 2001:470:1f04::/48
U7060, tserv4.nyc4. , HE.net New York City, US, 2001:470:1f06::/48
U7080, tserv5.lon1. , HE.net London UK, UK, 2001:470:1f08::/48
U70A0, tserv6.fra1. , HE.net Frankfurt Germany, DE, 2001:470:1f0a::/48
U70C0, tserv7.ash1. , HE.net Ashburn Virginia, US, 2001:470:1f0d::/48
U70E0, tserv8.dal1. , HE.net Dallas Texas, US, 2001:470:1f0e::/48
U7100, tserv9.chi1. , HE.net Chicago Illinois, US, 2001:470:1f10::/48
U7120, tserv10.par1. , HE.net Paris France, FR, 2001:470:1f12::/48
U7140, tserv11.ams1. , HE.net Amsterdam Netherlands, NL,
2001:470:1f14::/48
U7160, tserv12.mia1. , HE.net Miami Florida, US, 2001:470:4::/48
U7180, tserv13.ash1. , HE.net Ashburn Virginia, US, 2001:470:7::/48
U71A0, tserv14.sea1. , HE.net Seattle Washington, US, 2001:470:a::/48
U71C0, tserv15.lax1. , HE.net Los Angeles California, US, 2001:470:c::/48
U71E0, tserv16.mia1. , HE.net Miami Florida, US, 2001:470:13::/48
U7200, tserv17.lon1. , HE.net London UK, UK, 2001:470:14::/48
U7220, tserv18.fra1. , HE.net Frankfurt Germany, DE, 2001:470:15::/48
U7240, tserv20.hkg1. , HE.net Hong Kong China, HK, 2001:470:18::/48
U7260, tserv21.tor1. , HE.net Toronto Canada, CA, 2001:470:1c::/48
U7280, tserv22.tyo1. , HE.net Tokyo Japan, JP, 2001:470:23::/48
U72A0, tserv23.zrh1. , HE.net Zurich Switzerland, CH, 2001:470:25::/48
U72C0, tserv24.sto1. , HE.net Stockholm Sweden, SE, 2001:470:27::/48
I also think that outside of these special cases, we might be able to
fill-in the gaps - and as you can see, I left some space for expansion
in the Unique identifiers.
For example, we can extrapolate that ultimately, if they follow the same
numbering scheme HE will supply tunnels on the following address ranges:
2001:470:1f01 - 2001:470:1fff
2001:470:4 - 2001:470:27
(remember that these are all in hexadecimal)
What do you think? Do you think we should fill the gaps, or we should
just stick to what we have above? If we stick to the text CSV file, we
will be able to update this easily.
- more tunnel brokers
I have done work to trace other tunnel broker address prefixes. It is
worth knowing that some actually use the 6-to-4 prefix address.
But here's a list of some who don't. This also took a lot of work, with
Google searches, and then tracing their network from thread to thread.
There are a lot of projects which are historical and have since closed
down. The following list is still alive.
* gogo6/Freenet6
I have tried to check for prefixes for these addresses. Gogo6 took over
HEXAGO tunneling about a year ago - so they have a lot of clients.
www.gogo6.com is on 2001:5c0:1000:10::2
Prefix might be 2001:5c0:
(I'm trying to look for sub-networks for this but no luck at the moment.
We might prefer a 2001:5c0::/48 instead of /32 if we're not sure, but
I'd rather get a false positive for tunnel than a false negative.
So I've kept /32 in the entry.
Entry:
UA000, gogo6, gogo6/Freenet6/Hexago Tunnelling, Worldwide, 2001:5c0::/32
* xs26.net - Netherlands
Prefix for tunnel allocations is 2a01:b0::/32
Entry:
UA010, xs26, XS26 IPv6 Tunnels - www.xs26.net, NL, 2a01:b0::/32
* AARNET http://broker.aarnet.net.au/
2001:0388:d000::/39
2001:0388:c000::/39
Entries:
UA020, AARNET, Australia Research and Educations Network -
broker.aarnet.net.au, AU, 2001:0388:d000::/39
UA021, AARNET2, Australia Research and Educations Network -
broker.aarnet.net.au , AU, 2001:0388:c000::/39
* ipv6now.com.au - IPv6Now, Australia
I know them so I asked them and they provided me with the following:
2406::a000::6:/112 TRY6 accounts
2406:a000:01xx::/ Studentnet
2406:a000:0600:ffff::/64 VIC6 tunnels
2406:a000:0601::/48 READY6
Entries:
UA030, IPv6nowTry6, IPv6 Now Try6 - ipv6now.com.au, AU, 2406::a000::6:/112
UA031, IPv6nowStudnt, IPv6 Now Studentnet - ipv6now.com.au, AU,
2406:a000:0100::/40
UA032, IPv6nowVIC6, IPv6 Now VIC6 - ipv6now.com.au, AU,
2406:a000:0600:ffff::/64
UA033, IPv6nowRDY6, IPv6 Now READY6 - ipv6now.com.au, AU,
2406:a000:0601::/48
* Internode Australia
2001:44b8:8020:/48
Entry:
UA040, Internode, Internode Australia - http://ipv6.internode.on.net/ ,
AU, 2001:44b8:8020:/48
* xs4all.net Tunnels - Netherlands
2001:888:10::/48
Entry:
UA050, xs4all, xs4all.net IPv6 Tunnels, NL, 2001:888:10::/48
* http://tbroker.mybsd.org.my/ , MyBSD Malaysia
2001:328:2002:/48
Entry:
UA060, MyBSD, MyBSD Malaysia - http://tbroker.mybsd.org.my/ , MY,
2001:328:2002:/48
* http://tb.ipv6.nectec.or.th/
2001:f00:1ffc::/48
2001:f00:ff00::/40
2001:f00:1ffd::/48
and probably more?
Entries:
UA070, NecTec1, NecTec Thailand IPv6 tunnel -
http://tb.ipv6.nectec.or.th/ , TH, 2001:f00:1ffc::/48
UA071, NetTec2, NecTec Thailand IPv6 tunnel -
http://tb.ipv6.nectec.or.th/ , TH, 2001:f00:ff00::/40
UA072, NecTec3, NecTec Thailand IPv6 tunnel -
http://tb.ipv6.nectec.or.th/ , TH, 2001:f00:1ffd::/48
* tunnelbroker.ipv6.estpak.ee , Estonia
2001:7d0::/48
UA080, EstPak, Estpack - tunnelbroker.ipv6.estpak.ee, EE, 2001:7d0::/48
* IIJ- Internet Initiative Japan
This organisation was one of the world's pioneers in IPv6 tunnelling and
used to offer this service on a large scale in Japan.
With the move of most, if not all of their customers, to native IPv6,
the service is seldom used. I have asked for further advice from them
since I know some of the people there personally.
In general, IPv6 tunnelling is actually used by end users to access IPv6
sites.
Most traffic to corporate sites using any kind of tunnelling for IPv6 is
actually covered by Hurricane Electric (HE) and SIXXS.
I therefore believe that the starting file containing all of the above
results and which I have attached to this message, covers most cases of
tunnelling.
We'll hopefully be able to add missing 6in4 and 6rd addresses soon. The
importance is to make this file one of the configuration files which we
can easily modify.
I hope this helps!
Many thanks,
Olivier
--
Olivier MJ Crépin-Leblond, PhD
http://www.gih.com/ocl.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://salsa.gih.co.uk/pipermail/ipv6crawler-wg/attachments/20100418/87da469b/attachment-0001.html>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: v6prefix.conf.txt
URL: <http://salsa.gih.co.uk/pipermail/ipv6crawler-wg/attachments/20100418/87da469b/attachment-0001.txt>
More information about the IPv6crawler-wg
mailing list