IPv6 duplicate DAD packets from Android clients?
Fernando Gont
fernando at gont.com.ar
Tue Oct 8 23:30:51 CEST 2013
On 10/08/2013 12:13 PM, Andrew Yourtchenko wrote:
>>
>> 1. Should the Cisco WLC IPv6 FHS stuff be blocking these, given the
>> target IP is the HSRP VIP and is obviously not on a client?
>
> No. NS is merely a query - it does not affect anything. It's the NAs
> that you'd need to be worried about and have blocked.
Not really -- See Section 5.4.3 of RFC 4862:
If the source address of the Neighbor Solicitation is the unspecified
address, the solicitation is from a node performing Duplicate Address
Detection. If the solicitation is from another node, the tentative
address is a duplicate and should not be used (by either node). If
the solicitation is from the node itself (because the node loops back
multicast packets), the solicitation does not indicate the presence
of a duplicate address.
i.e., if you receive a NS while doing DAD, such NS will cause DAD to
fail, and the tentative address should not be used. -- This scenario
would happen if both devices are trying t configure the same (tentative)
address at roughly the same time, and hence their respective DAD probes
"cross" on the network.
Thanks!
Cheers,
--
Fernando Gont
e-mail: fernando at gont.com.ar || fgont at si6networks.com
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
More information about the ipv6-ops
mailing list