[j-nsp] Mirroring IPv6 neighbor advertisements

Crist Clark cjc+j-nsp at pumpky.net
Fri Mar 22 21:25:24 EDT 2019


Maybe you should be looking at DHCPv6 if you want those kinds of logs.

On Fri, Mar 22, 2019 at 2:19 PM Jason Healy <jhealy at logn.net> wrote:
>
> We're starting to play around more with IPv6, and one thing we're missing is a log of who has which address.  In IPv4 we have DHCP and can check the logs, but we're using SLAAC for v6 so that's not an option.
>
> I set up a quick trunk interface with all our VLANs as members and started sniffing.  While I'm seeing plenty of neighbor discoveries, I'm not seeing any(?) neighbor advertisements.  I'm guessing that because the sniffing box doesn't have an address on each VLAN, it's not participating in ND and registering for multicast, so we're getting pruned.  IGMP snooping is on by default on all VLANs.
>
> I'd prefer not to have to add an interface on each VLAN just to grab all this traffic (more to keep in sync, security concerns, etc).  Is there a way to tell the switch to force IPv6 multicast traffic for ff02::1 to go to a specific port?  Our core is a QFX5100; the other switches in the network are a mix of EX3200/4200/3400.
>
> For the moment I've got it to work by setting up firewall filters on each VLAN in our core and port-mirroring just the ICMPv6 (type 136) traffic to a monitoring port.  That works, but it's also a lot of configuration overhead.  If there's a better way, I'd love suggestions!
>
> Thanks,
>
> Jason
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>


More information about the juniper-nsp mailing list