[f-nsp] Problem with IPv6 anycast

Philipp Geschke foundry-nsp at pgmail.net
Tue Nov 30 13:52:28 EST 2010 

Hi Wido,

Yes, the combination of responding with Target: 2a00:f10:10a:5::2
(2a00:f10:10a:5::2) and setting the solicited bit to 1 is a violation of
RFC2461 Section 4.4.

I suggest you contact whoever you have a support contract for the RX with
and ask them about it. Expect resistance, because unfortunately only few
contractors have a good knowledge of IPv6.
It is the same behaviour Netiron MLX/XMR shows.


Regards,
Philipp

On Tue, 30 Nov 2010 19:01:57 +0100, Wido den Hollander <wido at widodh.nl>
wrote:
> Hi Philipp,
> 
> Attached is my pcap from Wireshark.
> 
> My subnet is: 2a00:f10:10a:5::/64
> 
> RX-8 #1: 2a00:f10:010a:5::1
> RX-8 #2: 2a00:f10:010a:5::2
> Anycast: 2a00:f10:010a:5::3
> 
> My client: 2a00:f10:010a:5:0:1337:6:79
> 
> If you check the pcap file, it seems that the RX is responding
> incorrect, isn't it?
> 
> As you can see, the ::3 address is working fine on the internet (You can
> ping it), but not in the local network.
> 
> Is this a bug in RX-8?
> 
> Regards,
> 
> Wido
> 
> On Tue, 2010-11-30 at 18:24 +0100, Philipp Geschke wrote:
>> Hello,
>> 
>> On Tue, 30 Nov 2010 15:36:20 +0100, Wido den Hollander <wido at widodh.nl>
>> wrote:
>> > When analyzing the traffic with Wireshark I see that the RX-8
responds
>> > to the ND with it's unicast address, the ::2 in this case.
>> 
>> Depending on what you mean this is a wrong behaviour.
>> The router MUST respond with it's UNIcast address as source address (as
>> anycast addresses must not be the source address of an IPv6 packet, see
>> RFC
>> 3513 section 2.6) but the Target field of the ICMP message MUST be the
>> Target field of the Neighbor solicitation that prompted the
advertisement
>> (See RFC2461 Section 4.4). If you specified the anycast address as the
>> gateway this should be the anycast address.
>> 
>> So a correct Neighbor Solicitation for an IPv6 anycast address with a
>> Linux client that has ::10 would basically look like this:
>> 
>> Client: Source ::10, Target field ::3
>> Router: Source ::2, Target field ::3
>> 
>> This would work with Linux, at least tested with Debian.
>> 
>> What NI MLX does is:
>> 
>> Client: Source ::10, Target field ::3
>> Router: Source ::2, Target field ::2
>> 
>> This will not work and is a bug. I have opened a bug report with
Brocade
>> and it's a confirmed defect.
>> 
>> If you want, send me a pcap or tcpdump output of your Neighbor
>> Solicitation and I will tell you what the RX does wrong.
>> 
>> > Strange thing is, a Windows 2k3 machine works fine with the anycast
>> > address as it's default gateway.
>> 
>> I have no working knowledge of IPv6 behaviour of Windows, so I really
>> can't tell you why it is working. :(
>> 
>> 
>> Regards,
>> Philipp
>> 
>> 
>>

More information about the foundry-nsp mailing list