IPv6 duplicate DAD packets from Android clients?

Andrew Yourtchenko ayourtch at gmail.com
Tue Oct 8 23:54:12 CEST 2013


On 10/8/13, Fernando Gont <fernando at gont.com.ar> wrote:
> On 10/08/2013 12:13 PM, Andrew Yourtchenko wrote:
>>>
>>>   1. Should the Cisco WLC IPv6 FHS stuff be blocking these, given the
>>> target IP is the HSRP VIP and is obviously not on a client?
>>
>> No. NS is merely a query - it does not affect anything. It's the NAs
>> that you'd need to be worried about and have blocked.
>
> Not really -- See Section 5.4.3 of RFC 4862:
>
>     If the source address of the Neighbor Solicitation is the unspecified
>     address, the solicitation is from a node performing Duplicate Address
>     Detection.  If the solicitation is from another node, the tentative
>     address is a duplicate and should not be used (by either node).  If
>     the solicitation is from the node itself (because the node loops back
>     multicast packets), the solicitation does not indicate the presence
>     of a duplicate address.
>
> i.e., if you receive a NS while doing DAD, such NS will cause DAD to
> fail, and the tentative address should not be used. -- This scenario
> would happen if both devices are trying t configure the same (tentative)
> address at roughly the same time, and hence their respective DAD probes
> "cross" on the network.

Hey Fernando,

thanks for the clarification, good point for the case of the address
being tentative.

If it isn't then it should not apply - nor it should apply to any
other nodes' neighbor tables (that was Phil's concern).

--a

>
> Thanks!
>
> Cheers,
> --
> Fernando Gont
> e-mail: fernando at gont.com.ar || fgont at si6networks.com
> PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
>
>
>
>



More information about the ipv6-ops mailing list