Too-frequent change of privacy address / ND monitoring

Fernando Gont fernando at gont.com.ar
Sun Mar 31 07:57:20 CEST 2013


Hi, Erik,

On 03/27/2013 04:47 AM, Erik Kline wrote:
>     Privacy addresses will very likely regenerate before such timer expires.
>     -- Actually, such timer shouldn't expire if you continue receiving
>     RAs...
> 
> 
> I have in the past seen firewalls that dropped some critical packets but
> allowed others through (in one case: RS/RA were fine but ND was
> filtered, which led to IPv4 working in 3 second spurts, i.e. until NUD
> kicked in).

That's assuming there was no link-local communication, but just packets
being send/received to the external network?



> Totally random crazy idea: could there be firewalls on some of these
> machines that are causing multicast RAs to be filtered but unicast RAs
> are fine (e.g. a unicast RA reply to an RS)?  

Not sure if "firewalls", but I could think of swtiches that fail to do
MLD snoping and hence do not forward multicasted packets?

Cheers,
-- 
Fernando Gont
e-mail: fernando at gont.com.ar || fgont at si6networks.com
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1






More information about the ipv6-ops mailing list