IPv6 duplicate DAD packets from Android clients?

Fernando Gont fernando at gont.com.ar
Tue Oct 8 23:30:51 CEST 2013


On 10/08/2013 12:13 PM, Andrew Yourtchenko wrote:
>>
>>   1. Should the Cisco WLC IPv6 FHS stuff be blocking these, given the
>> target IP is the HSRP VIP and is obviously not on a client?
> 
> No. NS is merely a query - it does not affect anything. It's the NAs
> that you'd need to be worried about and have blocked.

Not really -- See Section 5.4.3 of RFC 4862:

    If the source address of the Neighbor Solicitation is the unspecified
    address, the solicitation is from a node performing Duplicate Address
    Detection.  If the solicitation is from another node, the tentative
    address is a duplicate and should not be used (by either node).  If
    the solicitation is from the node itself (because the node loops back
    multicast packets), the solicitation does not indicate the presence
    of a duplicate address.

i.e., if you receive a NS while doing DAD, such NS will cause DAD to
fail, and the tentative address should not be used. -- This scenario
would happen if both devices are trying t configure the same (tentative)
address at roughly the same time, and hence their respective DAD probes
"cross" on the network.

Thanks!

Cheers,
-- 
Fernando Gont
e-mail: fernando at gont.com.ar || fgont at si6networks.com
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1






More information about the ipv6-ops mailing list