Re: IPv6 default route flapping

To: current-users%netbsd.org@localhost
Subject: Re: IPv6 default route flapping
From: Jan Schaumann <jschauma%netmeister.org@localhost>
Date: Tue, 20 Apr 2021 21:27:01 -0400

Robert Elz <kre%munnari.OZ.AU@localhost> wrote:

> It seems as if what is happening, is that the router is sending RA's with
> the source-link addr option, which isn't being added to the neighbour
> cache.

Yes, it looks like that's what's going on here.

It seems that:

A RS is sent by the node.

The router replies with a RA, including the source
link-layer address option.

The node follows RFC4861:

"If there is no existing Neighbor Cache entry for the
solicitation's sender, the router creates one,
installs the link- layer address and sets its
reachability state to STALE as specified in Section
7.3.3."

So now we have a STALE cache entry.

So when we want to then send a packet, the node
changes the state to DELAY and gives it a 5s
expiration, and sends a NS.

The router appears to either ignore the NS or treat it
as a RS and instead of replying with a NA, sends a RA,
again with the source link-layer address, which
restarts the cycle.

Now on Ubuntu, it looks like the node similarly marks
the link address it learned via the RA into STALE
state, moves it out of STALE into DELAY, but then,
upon receiving the RA, changes it to REACHABLE without
sending a NS.

This appears to be in violation of RFC4861:

"Receipt of other Neighbor Discovery messages, such
as Router Advertisements and Neighbor Advertisement
with the Solicited flag set to zero, MUST NOT be
treated as a reachability confirmation."

(The RAs do _not_ have the Solicited flag set.)

So if this is correct, then it looks like (a) the
router is misbehaving (it should send a NA when we so
politely ask), and (b) at least Ubuntu is wrong in
accepting an unsolicited RA as a reachability
confirmation.

Now the really strange thing then is that on FreeBSD,
I notice that after the RA, it sends out a NS, and it
receives a NA from the router!  I can't make sense of
this.

Here are the three pcaps:
http://www.netmeister.org/tmp/ubuntu.pcap
http://www.netmeister.org/tmp/freebsd.pcap
http://www.netmeister.org/tmp/netbsd.pcap

All three on the same VPC talking to the same router.

Btw, if you want to replicate the setup and have an
AWS account, you can use ami-0018b2d98332ba7e3 (in
us-east-1), which is the AMI I'm using here.

-Jan

Follow-Ups:
- Re: IPv6 default route flapping
  - From: Jan Schaumann
- Re: IPv6 default route flapping
  - From: Jan Schaumann

References:
- Re: IPv6 default route flapping
  - From: Jan Schaumann
- IPv6 default route flapping
  - From: Jan Schaumann
- Re: IPv6 default route flapping
  - From: Greg Troxel
- Re: IPv6 default route flapping
  - From: Jan Schaumann
- Re: IPv6 default route flapping
  - From: Martin Husemann
- Re: IPv6 default route flapping
  - From: Greg Troxel
- Re: IPv6 default route flapping
  - From: Robert Elz

Prev by Date: Re: IPv6 default route flapping
Next by Date: Re: IPv6 default route flapping
Previous by Thread: Re: IPv6 default route flapping
Next by Thread: Re: IPv6 default route flapping
Indexes:

Home | Main Index | Thread Index | Old Index