[CentOS] [solved] ICMPv6 messages of type RS

Tue Sep 6 15:14:08 UTC 2011
Vesselin Kolev <vlk at lcpe.uni-sofia.bg>

 Dear Helmut,

Sorry for this letter. I want just to make some aspects of the problem
more clear.

Joining all-router multicast group is a kernel option. Your host send
Router Solicitation requests (it's ICMPv6 code number 133) to the
all-routers multicast group. Sending of RS is controlling by the kernel
options through sysctl:

$ sysctl -a | grep net.ipv6.conf.default.router_solicitations

The default number of router solicitation messages to send is 3. You can
change it to 0 to disable RS if you want:

# sysctl -w "grep net.ipv6.conf.default.router_solicitations=0"

and write this option value to /etc/sysctl.conf if You want to preserve
the value after the system reboot. There are possibility to manage
sysctl via Avahi.


There is some security reasons in support of disabling RS in the kernels
of Your workstations, esp. if You use unmanaged ethernet switches or
managed ones without multicast group management. Where is the problem?
It could be almost IPv6 disaster to enable ipv6 forwarding in more than
one of Your local stations or servers, especially if the router-enabled
kernel is not on router machine (so called "fake router"). If that
scenario happens and some or all of Your stations autoconfigure the fake
router local-ling address as a default IPv6 nexthop, they'll lost their
IPv6 connectivity.

I'll recommend You not to use statefull or stateless auto-configuration
unless You can manage the access to You multicast groups in the local
ethernet. DHCPv6 (as a statefull host configuration) do not solve the
problem with fake routers - it uses RS do discover the router too.

  Best regards
    Vesselin


On 09/06/2011 05:33 PM, Helmut Drodofsky wrote:
>
>  
>
>  
>
> *Von:* centos-bounces at centos.org [mailto:centos-bounces at centos.org]
> *Im Auftrag von *Helmut Drodofsky
> *Gesendet:* Dienstag, 6. September 2011 16:03
> *An:* 'CentOS mailing list'
> *Betreff:* [CentOS] ICMPv6 messages of type RS
>
>  
>
> Hallo,
>
>  
>
> as described by CISCO in
>
> http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_7-2/ipv6_autoconfig.html
>
>  
>
> a router hast to send ICMPv6 messages of type RS to the all-router
> multicast group: ff02::1 and ff02::2 for stateless autoconfiguration.
>
>  
>
> How can I activate this sending in CentOS?
>
>  
>
> Best regards
>
> Helmut
>
>  
>
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos/attachments/20110906/50f744e0/attachment-0005.html>