Current-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: IPv6 default route flapping

Robert Elz <kre%munnari.OZ.AU@localhost> wrote:
> It seems as if what is happening, is that the router is sending RA's with
> the source-link addr option, which isn't being added to the neighbour
> cache.

Yes, it looks like that's what's going on here.

It seems that:

A RS is sent by the node.

The router replies with a RA, including the source
link-layer address option.

The node follows RFC4861:

"If there is no existing Neighbor Cache entry for the
solicitation's sender, the router creates one,
installs the link- layer address and sets its
reachability state to STALE as specified in Section

So now we have a STALE cache entry.

So when we want to then send a packet, the node
changes the state to DELAY and gives it a 5s
expiration, and sends a NS.

The router appears to either ignore the NS or treat it
as a RS and instead of replying with a NA, sends a RA,
again with the source link-layer address, which
restarts the cycle.

Now on Ubuntu, it looks like the node similarly marks
the link address it learned via the RA into STALE
state, moves it out of STALE into DELAY, but then,
upon receiving the RA, changes it to REACHABLE without
sending a NS.

This appears to be in violation of RFC4861:

"Receipt of other Neighbor Discovery messages, such
as Router Advertisements and Neighbor Advertisement
with the Solicited flag set to zero, MUST NOT be
treated as a reachability confirmation."

(The RAs do _not_ have the Solicited flag set.)

So if this is correct, then it looks like (a) the
router is misbehaving (it should send a NA when we so
politely ask), and (b) at least Ubuntu is wrong in
accepting an unsolicited RA as a reachability

Now the really strange thing then is that on FreeBSD,
I notice that after the RA, it sends out a NS, and it
receives a NA from the router!  I can't make sense of

Here are the three pcaps:

All three on the same VPC talking to the same router.

Btw, if you want to replicate the setup and have an
AWS account, you can use ami-0018b2d98332ba7e3 (in
us-east-1), which is the AMI I'm using here.


Home | Main Index | Thread Index | Old Index