Re: [CentOS] [solved] ICMPv6 messages of type RS

[Helmut Drodofsky]

 
 
Von: centos-boun...@centos.org [mailto:centos-boun...@centos.org] Im Auftrag 
von Helmut Drodofsky
Gesendet: Dienstag, 6. September 2011 16:03
An: 'CentOS mailing list'
Betreff: [CentOS] ICMPv6 messages of type RS
 
Hallo,
 
as described by CISCO in 
http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_7-2/ipv6_autoconfig.html
 
a router hast to send ICMPv6 messages of type RS to the all-router multicast 
group: ff02::1 and ff02::2 for stateless autoconfiguration.
 
How can I activate this sending in CentOS?
 
Best regards
Helmut
 ___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] [solved] ICMPv6 messages of type RS

[Vesselin Kolev]

 Dear Helmut,

Sorry for this letter. I want just to make some aspects of the problem
more clear.

Joining all-router multicast group is a kernel option. Your host send
Router Solicitation requests (it's ICMPv6 code number 133) to the
all-routers multicast group. Sending of RS is controlling by the kernel
options through sysctl:

$ sysctl -a | grep net.ipv6.conf.default.router_solicitations

The default number of router solicitation messages to send is 3. You can
change it to 0 to disable RS if you want:

# sysctl -w grep net.ipv6.conf.default.router_solicitations=0

and write this option value to /etc/sysctl.conf if You want to preserve
the value after the system reboot. There are possibility to manage
sysctl via Avahi.


There is some security reasons in support of disabling RS in the kernels
of Your workstations, esp. if You use unmanaged ethernet switches or
managed ones without multicast group management. Where is the problem?
It could be almost IPv6 disaster to enable ipv6 forwarding in more than
one of Your local stations or servers, especially if the router-enabled
kernel is not on router machine (so called fake router). If that
scenario happens and some or all of Your stations autoconfigure the fake
router local-ling address as a default IPv6 nexthop, they'll lost their
IPv6 connectivity.

I'll recommend You not to use statefull or stateless auto-configuration
unless You can manage the access to You multicast groups in the local
ethernet. DHCPv6 (as a statefull host configuration) do not solve the
problem with fake routers - it uses RS do discover the router too.

  Best regards
Vesselin


On 09/06/2011 05:33 PM, Helmut Drodofsky wrote:

  

  

 *Von:* centos-boun...@centos.org [mailto:centos-boun...@centos.org]
 *Im Auftrag von *Helmut Drodofsky
 *Gesendet:* Dienstag, 6. September 2011 16:03
 *An:* 'CentOS mailing list'
 *Betreff:* [CentOS] ICMPv6 messages of type RS

  

 Hallo,

  

 as described by CISCO in

 http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_7-2/ipv6_autoconfig.html

  

 a router hast to send ICMPv6 messages of type RS to the all-router
 multicast group: ff02::1 and ff02::2 for stateless autoconfiguration.

  

 How can I activate this sending in CentOS?

  

 Best regards

 Helmut

  


 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos