Bug #8566
openWrong IPv6 source in NS request in case using of IPv6 alias
0%
Description
During investigation of customer request found system uses wrong IPv6 sources for NS requests therefore they never be completed. For unknown reason system tries to send NS from other IPv6 address which is defined on the same interface. This address is bound with service that tries to establish connection, in this case this is IPsec.
Lab example:
1st device pf3 has primary IPv6 2003::10/64 and additional alias 2001::2/64
2nd device pf4 has primary IPv6 2002::11/64 and additional alias 2001::1/64
2001::0/64 serves for connection between devices. Each of them has a route via this network to primary IPv6 address of another. IPsec setup on these primary IPv6 addresses.
2003::10/64 and 2002::11/64 try to get MAC of 2001::1/64 and 2001::2/64 that are in another network:
21 10.557327 2003::10 ff02::1:ff00:1 ICMPv6 86 Neighbor Solicitation for 2001::1 from 00:0c:29:8e:58:2e
22 10.618536 2002::11 ff02::1:ff00:2 ICMPv6 86 Neighbor Solicitation for * 2001::2* from 00:0c:29:82:01:e2
Valid request from device with 2003::10/64 and 2001::2/64. I made one with ping6 -S 2001::2 2001::1
27 13.699943 2001::2 ff02::1:ff00:1 ICMPv6 86 Neighbor Solicitation for 2001::1 from 00:0c:29:8e:58:2e
29 13.700148 2001::1 2001::2 ICMPv6 86 Neighbor Advertisement 2001::1 (rtr, sol, ovr) is at 00:00:5e:00:01:2c
After valid NS/NA 2003::10/64 can ping 2001::1/64
41 14.819118 2003::10 2001::1 ICMPv6 62 Echo (ping) request id=0x4b40, seq=9843, hop limit=64 (reply in 42)
42 14.819166 2001::1 2003::10 ICMPv6 62 Echo (ping) reply id=0x4b40, seq=9843, hop limit=64 (request in 41)
VM configs and pcaps are in attachment
Files
No data to display