Hi Gábor, Yes, these are ULA addresses I’ve assigned, each interface has a /64 (fd58:6af3:2ff6:aa::1/64 and fd58:6af3:2ff6:c8::1/64). Those two host addresses, however, have not changed. They are still active as I write this. I believe Apple only assigns temporary addresses for globally routable prefixes.
I should have mentioned that these are not one-off messages. For example, these two hosts generated this message 36 times over a ~45 minute period yesterday. While that was happening I could see that both hosts are active. Traffic would pass and occasionally generate these messages. Thanks, Brian > On Dec 31, 2022, at 5:45 AM, Gábor LENCSE <len...@hit.bme.hu> wrote: > > Hi Brian, > > I am not familiar with Apple devices, but I am familiar with IPv6. > > The IPv6 addresses in your log file have the fc00::/7 prefix, that is, they > are from the RFC4193 "unique local unicast" range: > https://datatracker.ietf.org/doc/html/rfc4193#section-3.1 > The L bit is 1, the next pseudorandom 40 bits are: 58:6af3:2ff, and the two > networks are distinguished by the next 16bits: 00aa and 00c0. > > Does the last 64 bits change over time? > > If yes, then my hypothesis is that perhaps the devices use RFC 8981 temporary > IPv6 addresses in an uncoordinated way: they just generate a new address and > stop using the old one, whereas the other party still tries to use the old > one. > > Best regards, > > Gábor > > 12/31/2022 6:50 AM keltezéssel, Landy, Brian írta: >> I’m seeing messages like these frequently in /var/log/messages: >> >> /bsd: cannot forward from fd58:6af3:2ff6:aa:895:e4a:8bf9:5759 to >> fd58:6af3:2ff6:c8:97:5360:bd73:6a88 nxt 17 received on interface 9 >> >> The two hosts are on separate networks (one is the lan, the other a >> vlan). I’ve tracked it down to traffic on udp port 3722 between >> Apple devices; the messages stop if I block traffic on that port. >> When unblocked, I can see the traffic is passed successfully by using >> tcpdump on both vlans. Maybe some packets are occsionally dropped? >> >> I’m wondering if anyone knows why this message is logged, and if there >> is anything I can tune with sysctl or pf to prevent it. I’m on 7.2 >> with the latest patches. >> >> Thanks, >> Brian >> >
