IOS 10 (?) and IPv6-only WLAN

Lorenzo Colitti lorenzo at
Thu Oct 20 16:45:41 CEST 2016

On Thu, Oct 20, 2016 at 11:16 PM, Bernhard Schmidt <berni at>

> I assume
> this triggers some sort of spoofing protection on the iPad, since the
> source address of the NS is global and (according to the routing table)
> not on-link.
> I'm not sure who is at fault here (the RFC editors, me, Cisco or Apple),
> but changing to the more standard on-link=1 RA fixed the issue for us.

Hmm. It seems that it would be useful to find out if the RFCs are at fault.
On the face of it this seems like a bug in the iPad's IPv6 stack - if the
NS came in with a TTL of 255 it seems reasonable to reply on-link. But it
does seem to be a bit of a grey area - I suppose you could argue that the
device shouldn't reply because the route back to the NS sender is not
directly-connected (though that seems like a weak argument).

If you remove the global address from the first-hop router, such that the
NSes always come from link-local addresses, do things work?
-------------- next part --------------
An HTML attachment was scrubbed...

More information about the ipv6-ops mailing list