How to preempt rogue RAs?
Tore Anderson
tore.anderson at redpill-linpro.com
Sat Oct 30 10:53:07 CEST 2010
Hi list,
I've been working with an ISP on solving an IPv6 brokenness problem
that's caused by some of their clients announcing themselves to the
shared access LAN as IPv6 routers using a 6to4 prefix. (We suspect they
are running Windows Internet Connection Sharing but aren't quite sure.
Any insight here would be very welcome.) These rogue RAs gets picked up
by all the other clients and cause trouble, especially for Mac OS X
users as they prefer the defective 6to4 connectivity over the proper
IPv4 one.
We attempted various ways of dealing it with little success, and in
the end the ISP decided to simply deploy native IPv6 service themselves
and be done with it. It sounded like a fantastic solution for a v6
proponent such as myself, and I was very happy about their plans.
However, deploying IPv6 have actually significantly increased the
brokenness. Now we're seeing it from Windows and Linux users too, and
what I suspect is going wrong is that the presence of a native IPv6
address makes Windows/Linux start preferring IPv6 over IPv4 (as they
should), but are still using the rogue 6to4 routers as the preferred
default-route, even though the proper router are announcing a router
priority of high.
If even native IPv6 service doesn't help with limiting the damage done
by 6to4 I'm at a loss on what to do next. Does anyone have any
suggestions on how to deal with this problem?
Best regards,
--
Tore Anderson
Redpill Linpro AS - http://www.redpill-linpro.com
Tel: +47 21 54 41 27
More information about the ipv6-ops
mailing list