[j-nsp] ndp traffic reflected
Baldur Norddahl
baldur at gigabit.dk
Thu Jun 3 11:03:39 EDT 2021
Hello
Take a look at this tcpdump:
16:56:54.663623 e6:5d:37:8f:d8:7b > 33:33:ff:a9:dd:f5, ethertype IPv6
(0x86dd), length 86: 2a00:7660:242a:ffff::1 > ff02::1:ffa9:ddf5: ICMP6,
neighbor solicitation, who has fe80::222:7ff:fea9:ddf5, length 32
16:56:54.663804 00:22:07:a9:dd:f5 > e6:5d:37:8f:d8:7b, ethertype IPv6
(0x86dd), length 86: fe80::222:7ff:fea9:ddf5 > 2a00:7660:242a:ffff::1:
ICMP6, neighbor advertisement, tgt is fe80::222:7ff:fea9:ddf5, length 32
16:56:54.668111 e6:5d:37:8f:d8:7b > 00:22:07:a9:dd:f5, ethertype IPv6
(0x86dd), length 86: fe80::222:7ff:fea9:ddf5 > 2a00:7660:242a:ffff::1:
ICMP6, neighbor advertisement, tgt is fe80::222:7ff:fea9:ddf5, length 32
The first line is a mx204 with the MAC e6:5d:37:8f:d8:7b sending a NDP
packet to multicast MAC 33:33:ff:a9:dd:f5.
The second line is a CPE with MAC 00:22:07:a9:dd:f5 responding to the
mx204. So far all is normal.
The third line is the mx204 echoing back the reply from the CPE?! What
could make the mx204 echo back the NDP response?
Also would it not be good practice to use a link local address when
querying for link local addresses?
Regards,
Baldur
More information about the juniper-nsp
mailing list