[AusNOG] Constant IPv6 pinging by Akamai
Jeremy Visser
jeremy at visser.name
Mon Dec 29 09:26:31 EST 2014
Is anyone else being pinged continuously by Akamai hosts over IPv6?
At home on my Internode ADSL, my home DNS cache is the target, whereas at work one of my Cisco routers is the target.
At home, the target is my OpenWrt–based DNS cache and Asterisk box, and I cannot understand why it would have ever communicated with an Akamai host. It’s certainly not a router.
And the other host is a Cisco router which has a server DMZ behind it.
I’m being pinged from a variety of source IPs, but they all match the mask ffff:ffff:ffff:ffff::ffff:ffff, for example 2600:1409:a::b81b:b286 or 2610:18:1180:1::d89c:c736.
These IPs do not have reverse DNS, but the last four bytes appear to be an encoded IPv4 address, which does have an Akamai reverse DNS:
# b81b:b286 to IPv4:
$ printf '%d.%d.%d.%d\n' 0xb8 0x1b 0xb2 0x86
184.27.178.134
$ host 184.27.178.134
134.178.27.184.in-addr.arpa domain name pointer a184-27-178-134.deploy.static.akamaitechnologies.com.
Tracerouting to any of these IPs takes me through various Akamai PoPs around the world.
I’m seeing anywhere between 20 and 50 echo requests per second to a single IP. Each host sends around one request per second, however because there are dozens of hosts pinging me, and this all adds up to be quite a bit.
This is not actually causing any issues, and on principle I won’t start rate–limiting echo requests because that’s just as evil. But this doesn’t strike me as Akamai being a good netizen. If nothing else, it’s a bit rude.
I first noticed this over three months ago and the situation hasn’t changed at all since.
Does anyone know what the purpose of this would be? Some kind of telemetry by Akamai to verify network performance proactively?
More information about the AusNOG
mailing list