Re: kern/54057: ipv6 neighbor discovery fails to resolve address

[Havard Eidnes <he%uninett.no@localhost>]

The following reply was made to PR kern/54057; it has been noted by GNATS.

From: Havard Eidnes <he%uninett.no@localhost>
To: gnats-bugs%NetBSD.org@localhost, kre%munnari.OZ.AU@localhost
Cc: kern-bug-people%netbsd.org@localhost, netbsd-bugs%netbsd.org@localhost
Subject: Re: kern/54057: ipv6 neighbor discovery fails to resolve address
Date: Tue, 12 Mar 2019 14:24:47 +0100 (CET)

 >  First, yes, the link local default router should work, in
 >  fact that's the way it is supposed to be used (that way the
 >  router can send a redirect that will be accepted - redirects
 >  from global addresses should be ignored, too easy to spoof,
 >  and redirects are only accepted when they come from the address
 >  to which the packet was originally sent - so if you send to
 >  a global addr default router, it can never redirect you to a
 >  more appropriate router).
 >
 >  Apart from that, ND for the default router is normally not needed,
 >  unless you have configured the router to send an anycast address
 >  as the default (in which case ND is needed so you can find the
 >  "nearest" router that shares the anycast addr) the MAC addr (link
 >  layer addr) of the router is normally sent in the RA which announces
 >  the default router.
 
 The two connected router interfaces are configured with a shared
 global address supported by VRRP.  That's probably not what you
 refer to above as an IPv6 anycast address.
 
 >  However, ND should work, and it isn't clear from your tcpdump why
 >  it isn't.   Any chance you could repeat the tcpdump with -v (or
 >  even -vv) to get the whole packet dumped, rather than just a summary
 >  of what the packets are about, which is what the default output
 >  shows.
 
 I saved the pcap file, here it is decoded with -v -v:
 
 09:28:30.484990 10:0e:7e:c6:cf:f0 > a4:4e:31:e4:43:a8, ethertype IPv6 (0x86dd), length 110: (hlim 255, next-header ICMPv6 (58) payload length: 56) fe80::200:5eff:fe00:200 > ff02::1: [icmp6 sum ok] ICMP6, router advertisement, length 56
         hop limit 64, Flags [managed, other stateful], pref medium, router lifetime 1800s, reachable time 0s, retrans time 0s
           source link-address option (1), length 8 (1): 00:00:5e:00:02:00
             0x0000:  0000 5e00 0200
           prefix info option (3), length 32 (4): 2001:700:1:21::/64, Flags [onlink], valid time 2592000s, pref. time 604800s
             0x0000:  4080 0027 8d00 0009 3a80 0000 0000 2001
             0x0010:  0700 0001 0021 0000 0000 0000 0000
 09:28:30.552798 10:0e:7e:c6:cb:f0 > a4:4e:31:e4:43:a8, ethertype IPv6 (0x86dd), length 110: (hlim 255, next-header ICMPv6 (58) payload length: 56) fe80::120e:7e00:15c6:cbf0 > ff02::1: [icmp6 sum ok] ICMP6, router advertisement, length 56
         hop limit 64, Flags [managed, other stateful], pref medium, router lifetime 1800s, reachable time 0s, retrans time 0s
           source link-address option (1), length 8 (1): 10:0e:7e:c6:cb:f0
             0x0000:  100e 7ec6 cbf0
           prefix info option (3), length 32 (4): 2001:700:1:21::/64, Flags [onlink], valid time 2592000s, pref. time 604800s
             0x0000:  4080 0027 8d00 0009 3a80 0000 0000 2001
             0x0010:  0700 0001 0021 0000 0000 0000 0000
 09:28:30.575962 10:0e:7e:c6:cb:f0 > a4:4e:31:e4:43:a8, ethertype IPv6 (0x86dd), length 110: (hlim 255, next-header ICMPv6 (58) payload length: 56) fe80::200:5eff:fe00:200 > ff02::1: [icmp6 sum ok] ICMP6, router advertisement, length 56
         hop limit 64, Flags [managed, other stateful], pref medium, router lifetime 1800s, reachable time 0s, retrans time 0s
           source link-address option (1), length 8 (1): 00:00:5e:00:02:00
             0x0000:  0000 5e00 0200
           prefix info option (3), length 32 (4): 2001:700:1:21::/64, Flags [onlink], valid time 2592000s, pref. time 604800s
             0x0000:  4080 0027 8d00 0009 3a80 0000 0000 2001
             0x0010:  0700 0001 0021 0000 0000 0000 0000
 09:28:30.665716 10:0e:7e:c6:cf:f0 > a4:4e:31:e4:43:a8, ethertype IPv6 (0x86dd), length 110: (hlim 255, next-header ICMPv6 (58) payload length: 56) fe80::120e:7e00:15c6:cff0 > ff02::1: [icmp6 sum ok] ICMP6, router advertisement, length 56
         hop limit 64, Flags [managed, other stateful], pref medium, router lifetime 1800s, reachable time 0s, retrans time 0s
           source link-address option (1), length 8 (1): 10:0e:7e:c6:cf:f0
             0x0000:  100e 7ec6 cff0
           prefix info option (3), length 32 (4): 2001:700:1:21::/64, Flags [onlink], valid time 2592000s, pref. time 604800s
             0x0000:  4080 0027 8d00 0009 3a80 0000 0000 2001
             0x0010:  0700 0001 0021 0000 0000 0000 0000
 09:28:31.835893 a4:4e:31:e4:43:a8 > 33:33:ff:c6:cb:f0, ethertype IPv6 (0x86dd), length 86: (hlim 255, next-header ICMPv6 (58) payload length: 32) 2001:700:1:21::11bb > ff02::1:ffc6:cbf0: [icmp6 sum ok] ICMP6, neighbor solicitation, length 32, who has fe80::120e:7e00:15c6:cbf0
           source link-address option (1), length 8 (1): a4:4e:31:e4:43:a8
             0x0000:  a44e 31e4 43a8
 09:28:31.838053 10:0e:7e:c6:cb:f0 > a4:4e:31:e4:43:a8, ethertype IPv6 (0x86dd), length 86: (class 0xc0, hlim 255, next-header ICMPv6 (58) payload length: 32) 2001:700:1:21::2 > 2001:700:1:21::11bb: [icmp6 sum ok] ICMP6, neighbor advertisement, length 32, tgt is fe80::120e:7e00:15c6:cbf0, Flags [router, solicited, override]
           destination link-address option (2), length 8 (1): 10:0e:7e:c6:cb:f0
             0x0000:  100e 7ec6 cbf0
 09:28:32.838212 a4:4e:31:e4:43:a8 > 33:33:ff:c6:cb:f0, ethertype IPv6 (0x86dd), length 86: (hlim 255, next-header ICMPv6 (58) payload length: 32) 2001:700:1:21::11bb > ff02::1:ffc6:cbf0: [icmp6 sum ok] ICMP6, neighbor solicitation, length 32, who has fe80::120e:7e00:15c6:cbf0
           source link-address option (1), length 8 (1): a4:4e:31:e4:43:a8
             0x0000:  a44e 31e4 43a8
 09:28:32.850136 10:0e:7e:c6:cb:f0 > a4:4e:31:e4:43:a8, ethertype IPv6 (0x86dd), length 86: (class 0xc0, hlim 255, next-header ICMPv6 (58) payload length: 32) 2001:700:1:21::2 > 2001:700:1:21::11bb: [icmp6 sum ok] ICMP6, neighbor advertisement, length 32, tgt is fe80::120e:7e00:15c6:cbf0, Flags [router, solicited, override]
           destination link-address option (2), length 8 (1): 10:0e:7e:c6:cb:f0
             0x0000:  100e 7ec6 cbf0
 09:28:33.848998 a4:4e:31:e4:43:a8 > 33:33:ff:c6:cb:f0, ethertype IPv6 (0x86dd), length 86: (hlim 255, next-header ICMPv6 (58) payload length: 32) 2001:700:1:21::11bb > ff02::1:ffc6:cbf0: [icmp6 sum ok] ICMP6, neighbor solicitation, length 32, who has fe80::120e:7e00:15c6:cbf0
           source link-address option (1), length 8 (1): a4:4e:31:e4:43:a8
             0x0000:  a44e 31e4 43a8
 09:28:33.850563 10:0e:7e:c6:cb:f0 > a4:4e:31:e4:43:a8, ethertype IPv6 (0x86dd), length 86: (class 0xc0, hlim 255, next-header ICMPv6 (58) payload length: 32) 2001:700:1:21::2 > 2001:700:1:21::11bb: [icmp6 sum ok] ICMP6, neighbor advertisement, length 32, tgt is fe80::120e:7e00:15c6:cbf0, Flags [router, solicited, override]
           destination link-address option (2), length 8 (1): 10:0e:7e:c6:cb:f0
             0x0000:  100e 7ec6 cbf0
 
 ...and now when I try to repeat it, of course I can't reproduce
 it at my desk; an entry is now entered in my neighbor cache:
 
 granlund: {6} ndp -an
 Neighbor                                Linklayer Address  Netif Expire    S Fl
 fe80::200:5eff:fe00:200%iwn0            00:00:5e:00:02:00   iwn0 23h50m12s S 
 granlund: {7}
 granlund: {7} netstat -rn -f inet6 | grep default
 default                                 fe80::200:5eff:fe00:200        UGS         -        -      -  iwn0
 granlund: {8}
 
 Regards,
 
 - Havard