Too-frequent change of privacy address / ND monitoring
Erik Kline
ek at google.com
Wed Mar 27 08:47:55 CET 2013
On 27 March 2013 16:31, Fernando Gont <fernando at gont.com.ar> wrote:
> On 03/26/2013 09:29 AM, Marco Sommani wrote:
> > Phil,
> >
> > when everything works according to standards, temporary addresses are
> > regenerated just before the preferred lifetime times out, so you have
> > the possibility to alter the frequency of renewals by changing the
> > preferred-lifetime of the prefix in the Router-Advertisements.
>
> Privacy addresses will very likely regenerate before such timer expires.
> -- Actually, such timer shouldn't expire if you continue receiving RAs...
>
I have in the past seen firewalls that dropped some critical packets but
allowed others through (in one case: RS/RA were fine but ND was filtered,
which led to IPv4 working in 3 second spurts, i.e. until NUD kicked in).
Totally random crazy idea: could there be firewalls on some of these
machines that are causing multicast RAs to be filtered but unicast RAs are
fine (e.g. a unicast RA reply to an RS)? It could cause a machine to think
the network went away after a unicast RA response, re-issue an RS and
create a new tempaddr after the "new" unicast RA arrives.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.cluenet.de/pipermail/ipv6-ops/attachments/20130327/6bb25c52/attachment.htm>
More information about the ipv6-ops
mailing list