IPv6 duplicate DAD packets from Android clients?
ayourtch at gmail.com
Tue Oct 8 23:54:12 CEST 2013
On 10/8/13, Fernando Gont <fernando at gont.com.ar> wrote:
> On 10/08/2013 12:13 PM, Andrew Yourtchenko wrote:
>>> 1. Should the Cisco WLC IPv6 FHS stuff be blocking these, given the
>>> target IP is the HSRP VIP and is obviously not on a client?
>> No. NS is merely a query - it does not affect anything. It's the NAs
>> that you'd need to be worried about and have blocked.
> Not really -- See Section 5.4.3 of RFC 4862:
> If the source address of the Neighbor Solicitation is the unspecified
> address, the solicitation is from a node performing Duplicate Address
> Detection. If the solicitation is from another node, the tentative
> address is a duplicate and should not be used (by either node). If
> the solicitation is from the node itself (because the node loops back
> multicast packets), the solicitation does not indicate the presence
> of a duplicate address.
> i.e., if you receive a NS while doing DAD, such NS will cause DAD to
> fail, and the tentative address should not be used. -- This scenario
> would happen if both devices are trying t configure the same (tentative)
> address at roughly the same time, and hence their respective DAD probes
> "cross" on the network.
thanks for the clarification, good point for the case of the address
If it isn't then it should not apply - nor it should apply to any
other nodes' neighbor tables (that was Phil's concern).
> Fernando Gont
> e-mail: fernando at gont.com.ar || fgont at si6networks.com
> PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
More information about the ipv6-ops