Too-frequent change of privacy address / ND monitoring
Fernando Gont
fernando at gont.com.ar
Sun Mar 31 07:57:20 CEST 2013
Hi, Erik,
On 03/27/2013 04:47 AM, Erik Kline wrote:
> Privacy addresses will very likely regenerate before such timer expires.
> -- Actually, such timer shouldn't expire if you continue receiving
> RAs...
>
>
> I have in the past seen firewalls that dropped some critical packets but
> allowed others through (in one case: RS/RA were fine but ND was
> filtered, which led to IPv4 working in 3 second spurts, i.e. until NUD
> kicked in).
That's assuming there was no link-local communication, but just packets
being send/received to the external network?
> Totally random crazy idea: could there be firewalls on some of these
> machines that are causing multicast RAs to be filtered but unicast RAs
> are fine (e.g. a unicast RA reply to an RS)?
Not sure if "firewalls", but I could think of swtiches that fail to do
MLD snoping and hence do not forward multicasted packets?
Cheers,
--
Fernando Gont
e-mail: fernando at gont.com.ar || fgont at si6networks.com
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
More information about the ipv6-ops
mailing list