BGP announcements are irrelevant
Agreed. In my case there wouldn't even be any BGP announcements.
the relay absolutely knowing that on its 6to4 interface, source IPv6 address packets should be from 2002::/16.
None of what I wrote was concerned with such packets. You keep talking about something else than me. I don't know how to explain that I am talking about packets going in the
other direction. I have explained that a few different ways already, but I don't seem to be getting that point through.
The RFC/BCP I pointed out is about making certain that there is a proper routing policy in place to stop improperly sourced IPv6 address packets from being retransmitted by the relay.
By now you have convinced me that the document is not relevant to what I was asking about.
you talked about you sourcing from HE IPv6 address space and sending out along your specific 6to4 route and that being valid, you are contradicting yourself.
No. You are making some incorrect assumptions about what I am trying to say, and then say I am contradicting myself, once I say something different from what you assumed.
Packet in question is sent from an HE IPv6 address to a 6to4 address. There is nothing in the terms that forbids using an HE IPv6 address from communicating with 6to4 addresses. Now the question is how that packet gets routed to the destination. The router will check the
source address and find that it arrived from the LAN and has a
source address within the range assigned by HE to this network, thus the
source address is valid.
Next the router checks the
destination address of the packet against its routing table, and in this case match a route to 2002::/16, which causes the router to act as 6to4 relay and extract the IPv4 address from the
destination address and send the IPv6 packet to that IPv4 address.
The terms absolutely won't forbid you from configuring specific routes to remote destinations, that is silly, no one would expect that.
I was expecting this to be permitted by the terms. And I was considering this to be obvious enough that I shouldn't even have to read the terms to know if it is permitted. However I did ask, and you said there was supposed to be filters preventing it.
However if you are going to communicate with 6to4 hosts from your HE IPv6 address space, the interface that traffic should go out is your HE tunnel, not a 6to4 interface or static route to ::192.88.99.1 configured on the router (because that relay should be filtering IPv6 source addresses on its 6to4 interface, my entire point).
Sending such packets to 192.88.99.1 would be pointless. Sending such packets through the tunnel is what is most routers would do. However there is another option, which is for the router to send it directly to the IPv4 address extracted from the destination IPv6 address. I believe such functionality is standard in some routers, at least I have seen multiple HE users with a router, which would behave like that.
assuming your static route was to ::192.88.99.1
That assumption is incorrect. I don't know what would happen to the packet if I did send it like that. Rather the router would either be able to extract the IPv4 address of the final destination and send it directly there, which is what a 6to4 relay router will do with such a packet, or I could route it to another node that I control (using 6in4 or native connectivity) and have that node figure out the destination IPv4 address.
