Date: Tue, 07 Jul 2020 19:57:54 +0900 (JST) From: Hiroki Sato <hrs@FreeBSD.org> To: zeising+freebsd@daemonic.se Cc: net@FreeBSD.org Subject: Re: ndp and routers with link-local addresses Message-ID: <20200707.195754.1353021909850880836.hrs@FreeBSD.org> In-Reply-To: <f0e663d9-99e5-2166-a83e-30a57b534850@daemonic.se> References: <f0e663d9-99e5-2166-a83e-30a57b534850@daemonic.se>
next in thread | previous in thread | raw e-mail | index | archive | help
----Security_Multipart(Tue_Jul__7_19_57_54_2020_166)-- Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Niclas Zeising <zeising+freebsd@daemonic.se> wrote in <f0e663d9-99e5-2166-a83e-30a57b534850@daemonic.se>: ze> However, if the interface on the router facing the client network only ze> has a link-local (and no global unicast) address, NDP neighbor ze> discovery breaks. This is related to the prefix discovery, not neighbor discovery (L2-L3 address resolution) in NDP. In the current implementation, just adding an interface route does not mean that the prefix is on-link. Adding the prefix (i.e. an address) on the interface or receiving an Router Advertisement message with a Prefix Information Option on the interface are the only ways to update the prefix list. Neighbor discovery does not work for communications to an address within the prefix not on the prefix list because the prefix is not considered as directly-connected. This restriction can be relaxed technically by adding the prefix to the list when a route for it is installed (also discussed in https://reviews.freebsd.org/D23695, and there are experimental patches to implement it). However, adding an address within the prefix is the safest option. Is there any specific reason why using the interface route for a directly-connected prefix, instead of adding an address on the interface? I am interested in this use case. Theoretically, a router can always have Subnet-Router anycast address on each interface and it works as an on-link prefix information. For this reason, KAME implementation does not support properly to use interface route for directly-connected prefixes. -- Hiroki ----Security_Multipart(Tue_Jul__7_19_57_54_2020_166)-- Content-Type: application/pgp-signature Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iMoEABMKAC4WIQRsDSNTJ8+Ax5Ae/dLbsH3Gbx9zfwUCXwRVMhAcaHJzQGZyZWVi c2Qub3JnAAoJENuwfcZvH3N/+WoCCQFPEp/4Y9Yhg4CbAeghd4XV2uOCRp15dY2C RLAnQmvoPp886EMtlANdlz+EGGICb1mdxx3MrkEpYZ/fT6sSLY76cgIJAabh8qZj PzKvxDQSth5aTO6lYCYfs+H1exs2YzY9j0HGLTicT3RJ0MJY1VNktH/re4dGmbxW n9gGTiyMv1oiur8l =Zvxm -----END PGP SIGNATURE----- ----Security_Multipart(Tue_Jul__7_19_57_54_2020_166)----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20200707.195754.1353021909850880836.hrs>