ydal

At the U23 yes­ter­day, we inclu­ded a sim­ple prac­tice les­son on how net­works work. We have a ser­ver on our net­work cal­led fiep.labor.koeln.ccc.de. fiep only has a sin­gle address, 192.168.23.240/25 accor­ding to the local DNS ser­ver, as oppo­sed to the rest of the net­work, 172.23.23.0/24.

The rou­ter did not announce any route for 192.168.23.128/25, but fiep still had addres­ses in other net­works (172.23.23.23 as well as an address in 2001:6f8:100c:1::/48), but they weren’t announ­ced anywhere.

The task, as given, was “to con­nect to http://fiep/hacking4pizza/”. In essence, this redu­ced the task at hand to eit­her just giving your­self an IP in the 192.168.23.128/25 net­work or just set­ting a route for said net­work, and then opening up your brow­ser. Along with other work­a­rounds, of course, that do require know­ledge not easily available.

We had an inte­res­ting case, though: one sin­gle Mac user could con­nect to the host wit­hout pro­blem, just typ­ing in http://fiep/ and everything’s good.

Con­fu­sion was amongst us. We couldn’t quite explain how the Mac mana­ged to just access the site. We assu­med it was IPv6, blo­cked it, and voilà, it didn’t work anymore.

Vague theo­ries were ram­ped up. Mine was the sca­riest, and also rather possible:

1. The cli­ent looks up the host­name, as usual.
2. It gets the IP, sees that it has no route to go there.
3. Next, an ARP request is pus­hed out for the IP.
4. The switch comes yap­ping along and says “got it!”, along with the MAC address.
5. The cli­ent then gene­ra­tes an IPv6 address from the MAC address.
6. Voila, con­nec­tivity.

There’s just two points where this would have went wrong:

1. Usually, the default route cat­ches any stragglers.
2. Why gene­rate a v6 address when it gets a con­nec­tion to the v4 address? Of course, it doesn’t know whe­ther the rou­ter will actually for­ward anything at all.

In the end, though, it was some­thing way more sim­ple: we still had an exter­nal DNS ser­ver which pro­pa­ga­ted the public IPv6 address, and the cli­ent was using an exter­nal DNS server.

But try­ing to find out what actually hap­pened did prove quite entertaining.

At the U23 yesterday, we included a simple practice lesson on how networks work. We have a server on our network called fiep.labor.koeln.ccc.de. fiep only has a single address, 192.168.23.240/25 according to the local DNS server, as opposed to the rest of the network, 172.23.23.0/24. The router did not announce any route for 192.168.23.128/25, but ...