Link-local and ACLs
Brian E Carpenter
brian.e.carpenter at gmail.com
Tue Jul 25 00:41:06 CEST 2017
On 25/07/2017 09:10, Tore Anderson wrote:
> * Brian E Carpenter
>
>> So, I'm not aware of any realistic case where this happens, or any
>> reason for it.
>
> As Gert already pointed out: Neighbour Discovery.
Well yes, like ARP. But that's the exception that proves the
rule - you do it when that is really what you mean *and*
the target address is within an on-link prefix.
I can do it too, even from Windows:
ping -n 100 -S fe80::c0de:dead:beef:768e%11 2001:df0:0:2006:c0de:beef:dead:be83
Those addresses are obfuscated, but you get the idea, and
I see the ICMPv6 packets with Wireshark, but get no replies.
Why would you ever do it for normal traffic? And why
would ACLs be relevant for on-link traffic?
Brian
>
> A few examples from an IX near me:
>
> 23:06:11.020045 In IP6 fe80::8678:acff:fe66:80db > 2001:7f8:12:1::3:9029: ICMP6, neighbor solicitation, who has 2001:7f8:12:1::3:9029, length 32
> 23:06:11.563763 In IP6 fe80::aa0c:dff:fe71:5768 > 2001:7f8:12:1::3:9029: ICMP6, neighbor solicitation, who has 2001:7f8:12:1::3:9029, length 32
> 23:06:29.958824 In IP6 fe80::92e2:baff:fe3f:7665 > 2001:7f8:12:1::3:9029: ICMP6, neighbor solicitation, who has 2001:7f8:12:1::3:9029, length 32
> 23:06:34.239488 In IP6 fe80::523d:e5ff:fe89:4ec4 > 2001:7f8:12:1::3:9029: ICMP6, neighbor solicitation, who has 2001:7f8:12:1::3:9029, length 32
> 23:06:45.177659 In IP6 fe80::2c1:64ff:fe60:380 > 2001:7f8:12:1::3:9029: ICMP6, neighbor solicitation, who has 2001:7f8:12:1::3:9029, length 32
>
> Tore
> .
>
More information about the ipv6-ops
mailing list