[afnog] A heads up on a nasty IPv6 bug
Mark Tinka
mark.tinka at seacom.mu
Sun Aug 14 12:49:08 UTC 2016
On 14/Aug/16 12:09, Andrew Alston wrote:
> Hi Guys,
>
>
>
> Figured I’d share this because someone might run into the issue I did
> last night and after how long it took to figure out what was going on,
> rather give people a heads up.
>
>
>
> Under Cisco IOS-XR 5.3.3 AND under 6.0.2 (though the documentation on
> the bug explicitly states its fixed in 6.0.2, its NOT), do not, under
> any circumstances, run ipv6 nd router-preference high anywhere.
>
That's a nasty bug.
I've only ran ND Router Preference in LAN scenarios, to avoid situations
where Windows Vista and Windows 7 clients automatically enabled 6-to-4,
and claimed to be the authoritative default gateway for the LAN.
The solution ended up being pointless as there was no way to fully
guarantee that the true router was the one with the highest preference
for the LAN.
The ultimate solution for this is RA Guard, which I believe now has
reasonable support on decent Ethernet switches in the wild.
I'm curious, though, why you'd need this on a point-to-point link, where
the remote side (CPE) may not be setup to announce ND RA's back to the BNG.
Mark.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.afnog.org/pipermail/afnog/attachments/20160814/99d0e949/attachment.html>
More information about the afnog
mailing list