IPv6 Startup

[Doug Hardie]

> On 9 March 2021, at 12:53, CyberLeo Kitsana <cyberleo at cyberleo.net> wrote:
> 
> On 3/9/21 3:58 AM, Doug Hardie wrote:
>> I have two systems on the same ethernet.  One is configured as a router, the other as a host.  rtadvd is running on the router, rtsold on the host, and route6d on both.  The router was up and running and I initiated tcpdump of ip6 packets on the interface.  Then I booted the host.  The results are interesting:
> 
> <snip>
> 
>> The question is, why are the host addresses being used before DAD is attempted?  It appears there could be some really interesting problems if the link-layer address actually was duplicated.  The problems would happen before DAD was even attempted?
> 
> I would posit that this is because the fe80:: addresses used in the
> initial solicitation are derived from the MAC address of the interface,
> and if you have two interfaces with the same MAC address on the same
> subnet you have much bigger problems.

While at first glance that makes sense, there is a problem with that.  The fe80:: addresses are no longer supposed to be tied to the MAC address.  Mac's and Windows no longer do that.  They use random numbers and there could easily be duplicates.  The RFCs still show the MAC usage though.  Apparently there is a security issue that if you breach one computer in a site, you quickly can get a working address to all the others by using the MAC addresses that are easily available in ndp tables.

Also, if there were no need to do DAD, why bother to do it at all?

-- Doug