IPv6 neighbor discovery in a router

Discussion in 'Linux Networking' started by Andrew Gideon, Mar 31, 2014.

  1. I am using CeontOS6 on three machines as IPv6 routers. Two are working
    normally. One is not. The one that is not is the machine I've been
    using longest for testing, so I've probably done something to break it.
    If I'm correct, a reboot would likely fix it.

    But I want to understand this before I do that. It's interesting. So
    I'm curious if anyone has a suggest as to what I might have done.

    The problem is what occurs when a packet "from outside" destined to a
    machine M reaches the final router R before M (that is: R is M's
    gateway). Both that router R and M have IPs on the same subnet. So what
    I think should happen - and what appears to happen when I try this on two
    of the three test routers - is that "neighbor discovery" should occur
    (assuming that M is not in the listing of "nei -6 show" on R).

    As I wrote, this seems to happen on two of the three test routers. I've
    looked through sysctl -a for something that I might have done that
    "broke" this behavior on the third machine, but I don't see the
    difference.

    I've eavesdropped on "the wire". I see the ICMP Type=135 messages when I
    am using one of the working machines as the gateway for M. I don't see
    them when I am using the non-working machine.

    Note that on any of the three test routers, if M is already in "nei -6
    show" then attempts to reach M from outside work. Even on the "bad" R,
    for example, if I ping M first from R (which works) then a packet from
    "outside" will successfully reach M.

    I'm switching between routers by adding/removing the IP that is the
    default gateway for M.

    Anyone have any thoughts as to what I might have done to break (or
    disable) neighbor discovery for routed packets (but not locally
    originated packets)?

    Thanks...

    Andrew
     
    Andrew Gideon, Mar 31, 2014
    #1
    1. Advertisements

  2. Andrew Gideon a écrit :
    Any ip6tables rules ?
     
    Pascal Hambourg, Mar 31, 2014
    #2
    1. Advertisements

  3. Yes, but the same on all the routers (excluding short term changes before
    they get distributed).

    However, this question caused me to consider adding to the OUTPUT chain
    logging of ICMP type 135. The non-working router doesn't sent one of
    these to the network on which M may be reached. A working router does.

    I already knew that the ICMP packet wasn't reaching at least my
    monitoring point on the network. I was assuming that this was because
    the packet wasn't being sent, and this seems to confirm that.

    Interesting problem, eh?

    Thanks...

    - Andrew
     
    Andrew Gideon, Apr 1, 2014
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.