[afnog] A heads up on a nasty IPv6 bug

Mark Tinka mark.tinka at seacom.mu
Sun Aug 14 17:51:50 UTC 2016



On 14/Aug/16 14:54, Andrew Alston wrote:

> The original theory (this was out of Cisco’s deployment guide, which
> now, having learnt a bit more, I realise was talking nonsense) had to
> do with clients disconnecting and reconnecting and override of old
> entries.
>
>  
>
> One thing we are finding (and thanks to Jan who pointed this out to me
> as well), is that Dynamic V6 on the mass market creates problems.
>
>  
>
> Particularly if you are doing a DHCPv6-PD and then grabbing a segment
> of the PD to assign to the LAN interface which in turn does RA. 
> Because if the client reconnects and gets a new DHCPv6-PD segment, and
> the RA then changes towards the client, the client ends up with two v6
> subnets and two gateways until the RA expires, and this breaks things
> on a number of platforms. (And also ends up with certain large content
> providers seeing breakage and blacklisting recursives as a result lol)
>
>  
>
> The general consensus that I’m seeing elsewhere is that when doing v6
> to the mass market, static is better and full of far less problems,
> and that’s what we’re switching to now with a provisioning system, so
> v6 prefix to every client will be static.
>

It feels like there is a bit of blame to go around re: the CPE vendors.

I've not been through the spec., but if the DHCPv6-PD assignment
changes, the CPE should know this and quickly flush the previous entries
as a matter of course. If it's not, this is an implementation issue.
Even if the spec. does not explicitly call for this, it should be common
sense not to have competing subnets on the same interface.

That said, I'm still not sure how this affects the upstream port on the
CPE, unless you are doing ND/RA for that. I haven't yet heard back from
you whether you are doing ND/RA or DHCPv6-IA_NA for the point-to-point
WAN addressing, in case this matters.

Assuming that you are guaranteeing the CPE version you deploy, would it
be possible to automate the clearing of the routing table upon
successful authentication of a new session?

Mark.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.afnog.org/pipermail/afnog/attachments/20160814/e7c03063/attachment.html>


More information about the afnog mailing list