SixXS::Sunset 2017-06-06

Dealing with rogue router advertisements
[us] Shadow Hawkins on Thursday, 02 March 2006 19:28:06
At my University (which does not currently provide or support any kind of IPv6) I am currently wrestling with an issue where a host on the university network is advertising IPv6 routes and prefixes (using a 6to4 prefix..) and then null routing them (IE, dropping the packets silently instead of returning destination hot unreachable.) This is a problem. I cannot reach sixxs or any host with an AAAA addresses, because both Linux and Windows on my laptop try AAAA record addresses if they are returned. But since the misconfigured "router" does not return no route to host, my system will sit endlessly trying to connect as the packets are lost. It doesn't failover to IPv4 without waiting for a very long time (on the order of minutes) if it fails over at all. Clearly, this is problematic, though I can work around it by disabling autoconfiguration selectively on their network. After significant discussion they did admit this is a problem especially given the fact that Mac OS X and the upcoming Windows Vista perform AAAA queries out of the box and perform autoconfiguration. However, they also feel this is at least somewhat a "client side" problem and that they cannot neccessarily deal with any rogue advertisements that show up. I'm trying to find some info about dealing with hosts which claim to provide prefixes but don't really route them, both so I can pass this on to them, as well as to bundle into an FAQ. Obviously, one can disable autoconfiguration while on the affected network but this isn't a great solution and it basically breaks a major feature of the protocol. Thanks for your assistance.
Dealing with rogue router advertisements
[ch] Jeroen Massar SixXS Staff on Thursday, 02 March 2006 20:22:02
There are two approaches for handling this case: 1) filter out the RA from the rogue advertiser based on it's MAC address 2) install a more specific route The first one is how you should be handling it, but not all OS's allow this, the second one works in most if not all cases.
Dealing with rogue router advertisements
[us] Shadow Hawkins on Thursday, 02 March 2006 22:14:42
Hmm, yeah. Is there any way to do this automatically? For example, somehow autodetect rogue advertisers and add them to a blacklist? Basically, this solution works for a single machine but not for a whole network. These network managers think that the solution is not to contact the maintainer of the misconfigured router but instead to have some sort of sitewide client filtering going on. Really, the situation is the same as a rogue DHCP server, but apparently contacting folks about misconfiguration in the IPv6 case is unacceptable. Unfortunately I am dealing with people here who had no idea what an AAAA record was and were surprised to learn that their nameserver returns AAAA records. Plus, they thought I was talking about "the 6Bone" and refused to believe IPv6 was used at all on "the internet." Pretty disapointing coming from the folks providing network services for the organization involved in http://www.moonv6.org/. Thanks for your help.

Please note Posting is only allowed when you are logged in.
Static Sunset Edition of SixXS
©2001-2017 SixXS - IPv6 Deployment & Tunnel Broker