Link-local and ACLs
farmer at umn.edu
Mon Jul 24 23:36:17 CEST 2017
On Mon, Jul 24, 2017 at 3:42 PM, Brian E Carpenter <
brian.e.carpenter at gmail.com> wrote:
> On 25/07/2017 05:46, David Farmer wrote:
> > In practice Neighbor Discovery, and other critical protocols, need
> > link-local addresses to talk to other link-local addresses and some
> > multicast addresses.
> > Also, in theory a link-local address could talk to a GUA or ULA address
> > the same link. However, in practices does this really happen? If it does
> > happen in practice what are circumstances?
> I assume you mean a case where the global scope address matches an
> on-link prefix? Otherwise the packet is doomed anyway, since no
> conforming router will forward it off-link. That doesn't need an ACL.
> Also you must mean a case where RFC6724 is overridden, since otherwise
> source address selection will prevent it happening (see the examples
> in RFC6724 section 10).
> So, I'm not aware of any realistic case where this happens, or any
> reason for it. Or any harm that it would do, for an on-link prefix.
So, the nice summary in the link Gert sent, says;
Neighbor Solicitation (NS) Message
NS is ICMPv6 Type 135 and Code 0
Source address of the IPv6 Packet encapsulating the NS can be one of the two
1. IPv6 address of the originating interface
2. Unspecified address ::/0 (All Zeros) if the NS is sent for Duplicate
The destination address of NS can be one of the two
1. Solicited-Node Multicast Address corresponding to the the target address
2. The Target address itself
note: Target address is the IPv6 address of the target of the solicitation
and is never a multicast address.
Options Field of the NS can contain the link-layer address of the interface
originating the NS
I think that means the Target address, and therefore the destination
address of the packet, could be a Link-Local, GUA, or ULA address, and the
source of the packet could be a Link-local address. When would a Neighbor
Solicitations not using the Solicited-Node Multicast Address normally
David Farmer Email:farmer at umn.edu
Networking & Telecommunication Services
Office of Information Technology
University of Minnesota
2218 University Ave SE Phone: 612-626-0815 <(612)%20626-0815>
Minneapolis, MN 55414-3029 Cell: 612-812-9952 <(612)%20812-9952>
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the ipv6-ops