I've come across what looks like a bug in the ICMPv6 spec. Specifically, RFC 4861 says that "A host MUST silently discard any received Redirect message that does not satisfy all of the following validity checks" amongst which is "The IP source address of the Redirect is the same as the current first-hop router for the specified ICMP Destination Address."
Unfortunately, there is no way that a router can reliably generate that response, if it has more than one link-local address, because the message that caused the redirect does not actually contain the router's own address, and the router cannot know the content of the host's route table. The VRRPv3 spec suggests that the destination MAC address for the packet causing the redirect is a sufficient cue, but that cannot be true in the presence of multiple link-local addresses, which is guaranteed to happen in VRRP (in some cases). What is the correct method of constructing ICMPv6 redirects in the presence of multiple link-locals for the same MAC address? Is it even possible without a spec change? I have an (untested) idea that one might be able to construct a router advertisement that achieves the same goal as a redirect to an onlink address, which should be processed and does not require guessing which link local is appropriate. We have tested various of our own and other vendors products, and nobody reliably gets this right (unsurprising, as it is inherently impossible). I will be at IETF 84 if face-to-face discussion would help. Andrew McGregor Allied Telesis Labs
smime.p7s
Description: S/MIME cryptographic signature
-------------------------------------------------------------------- IETF IPv6 working group mailing list [email protected] Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
