Re: IPv6 neighbor solicitations to use link-local source address
On Thu, 4 Sep 2014 09:12:46 +0200
Julien boooo <jumboooh@gmail.com> wrote:
> Hi mett, thank you for your answer. I hope that I'm not top-posting
> too ping6 -I doesn't change anything, the box is still using the
> global scope address.
>
> Best regards
> Julien
>
>
>
> 2014-09-04 2:32 GMT+02:00 mett <mett@pmars.jp>:
>
> > On Thu, 4 Sep 2014 09:04:00 +0900
> > mett <mett@pmars.jp> wrote:
> >
> > > Hi,
> > >
> > > When pinging link-local addresses, u need to specify the exit
> > > interface. So maybe if u specify the exit interface and another
> > > link-local as destination, you might be able to do it:
> > >
> > >
> > > ----------------------
> > > mett@asus:~$ ip -6 add show
> > > 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436
> > > inet6 ::1/128 scope host
> > > valid_lft forever preferred_lft forever
> > > 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
> > > inet6 fe80::20c:6eff:fef8:7d1c/64 scope link
> > > valid_lft forever preferred_lft forever
> > > mett@asus:
> > > ----------------------
> > > root@tamirrsso:/var/log# ip -6 add show
> > > ....
> > > 3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
> > > inet6 fe80::207:95ff:fed5:2fda/64 scope link
> > > valid_lft forever preferred_lft forever
> > > root@tamirrsso:/var/log#
> > > ----------------------
> > > mett@asus:~$ ping6 -I eth0 fe80::207:95ff:fed5:2fda
> > > PING fe80::207:95ff:fed5:2fda(fe80::207:95ff:fed5:2fda) from
> > > fe80::20c:6eff:fef8:7d1c eth0: 56 data bytes 64 bytes from
> > > fe80::207:95ff:fed5:2fda: icmp_seq=1 ttl=64 time=0.433 ms 64 bytes
> > > from fe80::207:95ff:fed5:2fda: icmp_seq=2 ttl=64 time=0.205 ms 64
> > > bytes from fe80::207:95ff:fed5:2fda: icmp_seq=3 ttl=64 time=0.201
> > > ms 64 bytes from fe80::207:95ff:fed5:2fda: icmp_seq=4 ttl=64
> > > time=0.256 ms 64 bytes from fe80::207:95ff:fed5:2fda: icmp_seq=5
> > > ttl=64 time=0.199 ms
> > >
> > >
> > >
> > > HTH!
> > >
> > >
> > >
> > > On Wed, 3 Sep 2014 15:55:38 +0200
> > > Julien boooo <jumboooh@gmail.com> wrote:
> > >
> > > > Hello everybody
> > > >
> > > > I'm very new to lists.debian.org so please appologize if I am
> > > > doing something wrong by sending this email. I'm just out of
> > > > idea with a behavior in NDP and must find a solution. I didn't
> > > > find anything on the internet.
> > > >
> > > > RFC4861 section 7.2.2 says that the source address in NDP
> > > > neighbor solicitations can be any one of the addresses assigned
> > > > to the interface. It also says that using the prompting
> > > > packet's source address ensures that the recipient installs it
> > > > in its neighbor cache. The latter is the behavior I can see on
> > > > my boxes (a debian 6.0.9 + custom kernel 3.2.14) and also on a
> > > > Centos one.
> > > >
> > > > # ip -6 addr list
> > > > 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436
> > > > inet6 ::1/128 scope host
> > > > valid_lft forever preferred_lft forever
> > > > 3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
> > > > inet6 2a10:7e40:edf6:100::32/64 scope global
> > > > valid_lft forever preferred_lft forever
> > > > inet6 fe80::a00:27ff:fe02:3cbd/64 scope link
> > > > valid_lft forever preferred_lft forever
> > > >
> > > > # ping6 2a10:7e40:edf6:100::33 -c 3 &>/dev/null &
> > > > # tcpdump -nli eth0 icmp6
> > > >
> > > > 18:09:04.726908 IP6 2a10:7e40:edf6:100::32 > ff02::1:ff00:33:
> > > > ICMP6, neighbor solicitation, who has 2a10:7e40:edf6:100::33,
> > > > length 32 18:09:04.727373 IP6 2a10:7e40:edf6:100::33 >
> > > > 2a10:7e40:edf6:100::32: ICMP6, neighbor advertisement, tgt is
> > > > 2a10:7e40:edf6:100::33, length 32
> > > > 18:09:04.727391 IP6 2a10:7e40:edf6:100::32 >
> > > > 2a10:7e40:edf6:100::33: ICMP6, echo request, seq 1, length 64
> > > > 18:09:04.727738 IP6 2a10:7e40:edf6:100::33 >
> > > > 2a10:7e40:edf6:100::32: ICMP6, echo reply, seq 1, length 64
> > > >
> > > >
> > > > My question is : How can I force ndp to use the link-local
> > > > address assigned to that outgoing device ? (in the trace above,
> > > > ndp would then send the neighbor solicitation with
> > > > fe80::a00:27ff:fe02:3cbd source address).
> > > >
> > > > This is requested by our customer for security reasons and as
> > > > far as I can see it complies with RFC4861 as well.
> > > >
> > > > If someone had a clue how to do that or if it's just
> > > > impossible, I would really appreciate your help.
> > > >
> > > > Thank you
> > > > Best resgards
> > > > Julien
> > >
> > >
> >
> > By the way, sorry for top-posting...
> >
> >
> > --
> > To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
> > with a subject of "unsubscribe". Trouble? Contact
> > listmaster@lists.debian.org
> > Archive:
> > [🔎] 20140904093203.696b0eff@asus.tamerr">https://lists.debian.org/[🔎] 20140904093203.696b0eff@asus.tamerr
> >
> >
Hey,
U cannot ping a global address with a link-local address.
If you want to use your link-local address as source, u need to ping
the link-local address of your destination
(and need to specify exit interface).
Global IP addresses(Layer 3) and Link-local addresses(not Layer 3) are
on different scopes or spans(or layer).
Because of that, they cannot interact.
Also, not really related but better to reply to the Debian-list than
sending a personal mail. Other readers might benefit of this
exchange.
Finally, better to write your answer down, at the end of the msg;
easier to follow the whole story at a glance.
HTH.
Reply to: