Over-utilisation of v6 neighbour slots
Eric Vyncke (evyncke)
evyncke at cisco.com
Tue Oct 22 07:03:59 CEST 2013
I agree with you, "we need to learn to cope" for an extreme (albeit frequent) configuration is non-realistic IMHO.
Just re-read RFC 4941 and there are two parts relevant to this discussion in section 3.5:
- "The frequency at which temporary addresses changes depends on how a
device is being used (e.g., how frequently it initiates new
communication) and the concerns of the end user."
- "Nodes following this specification SHOULD generate new temporary
addresses on a periodic basis."
IMHO iOS obviously implemented the first part but not the second part ;-)
But, the rapid rate of new RFC 4941 addresses for iOS has another impact because network devices cannot anymore limit the number of IPv6 addresses per MAC address in order to prevent a local DoS.
So, either you disable SLAAC and rely on stateful DHCPv6 (but then Android is not happy) or use aggressive time to clean the ND cache...
In short, no real perfect solution
> -----Original Message-----
> From: ipv6-ops-bounces+evyncke=cisco.com at lists.cluenet.de [mailto:ipv6-
> ops-bounces+evyncke=cisco.com at lists.cluenet.de] On Behalf Of Phil Mayers
> Sent: mardi 22 octobre 2013 02:08
> To: Cutler James R
> Cc: IPv6 Ops list
> Subject: Re: Over-utilisation of v6 neighbour slots
> On 21/10/2013 21:19, Cutler James R wrote:
> > 4. Does Apple's approach to IPv6 privacy addresses properly support
> > the intent of privacy addresses?
> > My tentative answer is, "Yes, and we need to learn to cope."
> The general approach perhaps, but the rollover timing is way, way too
> aggressive IMO. It should be on a timer, not driven by PHY wake events.
> Even 300 seconds would be an improvement over the behaviour we're seeing.
> As to "we need to learn to cope" - lots of networks have huge amounts of
> capital investment which can't just be ripped out and replaced overnight
> because Apple have decided to be aggressive with address rollovers. If the
> main outcome is for FIB-pressured sites to disable IPv6 on OUIs registered
> to Apple, it's a retrograde step ;o)
> Maybe we need a "neigbour un-advert" ICMPv6 message that the old addresses
> could be torn down with.
More information about the ipv6-ops