On Thu, 4 Sep 2014 09:12:46 +0200 Julien boooo <jumbo...@gmail.com> wrote:
> Hi mett, thank you for your answer. I hope that I'm not top-posting > too ping6 -I doesn't change anything, the box is still using the > global scope address. > > Best regards > Julien > > > > 2014-09-04 2:32 GMT+02:00 mett <m...@pmars.jp>: > > > On Thu, 4 Sep 2014 09:04:00 +0900 > > mett <m...@pmars.jp> wrote: > > > > > Hi, > > > > > > When pinging link-local addresses, u need to specify the exit > > > interface. So maybe if u specify the exit interface and another > > > link-local as destination, you might be able to do it: > > > > > > > > > ---------------------- > > > mett@asus:~$ ip -6 add show > > > 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 > > > inet6 ::1/128 scope host > > > valid_lft forever preferred_lft forever > > > 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000 > > > inet6 fe80::20c:6eff:fef8:7d1c/64 scope link > > > valid_lft forever preferred_lft forever > > > mett@asus: > > > ---------------------- > > > root@tamirrsso:/var/log# ip -6 add show > > > .... > > > 3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000 > > > inet6 fe80::207:95ff:fed5:2fda/64 scope link > > > valid_lft forever preferred_lft forever > > > root@tamirrsso:/var/log# > > > ---------------------- > > > mett@asus:~$ ping6 -I eth0 fe80::207:95ff:fed5:2fda > > > PING fe80::207:95ff:fed5:2fda(fe80::207:95ff:fed5:2fda) from > > > fe80::20c:6eff:fef8:7d1c eth0: 56 data bytes 64 bytes from > > > fe80::207:95ff:fed5:2fda: icmp_seq=1 ttl=64 time=0.433 ms 64 bytes > > > from fe80::207:95ff:fed5:2fda: icmp_seq=2 ttl=64 time=0.205 ms 64 > > > bytes from fe80::207:95ff:fed5:2fda: icmp_seq=3 ttl=64 time=0.201 > > > ms 64 bytes from fe80::207:95ff:fed5:2fda: icmp_seq=4 ttl=64 > > > time=0.256 ms 64 bytes from fe80::207:95ff:fed5:2fda: icmp_seq=5 > > > ttl=64 time=0.199 ms > > > > > > > > > > > > HTH! > > > > > > > > > > > > On Wed, 3 Sep 2014 15:55:38 +0200 > > > Julien boooo <jumbo...@gmail.com> wrote: > > > > > > > Hello everybody > > > > > > > > I'm very new to lists.debian.org so please appologize if I am > > > > doing something wrong by sending this email. I'm just out of > > > > idea with a behavior in NDP and must find a solution. I didn't > > > > find anything on the internet. > > > > > > > > RFC4861 section 7.2.2 says that the source address in NDP > > > > neighbor solicitations can be any one of the addresses assigned > > > > to the interface. It also says that using the prompting > > > > packet's source address ensures that the recipient installs it > > > > in its neighbor cache. The latter is the behavior I can see on > > > > my boxes (a debian 6.0.9 + custom kernel 3.2.14) and also on a > > > > Centos one. > > > > > > > > # ip -6 addr list > > > > 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 > > > > inet6 ::1/128 scope host > > > > valid_lft forever preferred_lft forever > > > > 3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000 > > > > inet6 2a10:7e40:edf6:100::32/64 scope global > > > > valid_lft forever preferred_lft forever > > > > inet6 fe80::a00:27ff:fe02:3cbd/64 scope link > > > > valid_lft forever preferred_lft forever > > > > > > > > # ping6 2a10:7e40:edf6:100::33 -c 3 &>/dev/null & > > > > # tcpdump -nli eth0 icmp6 > > > > > > > > 18:09:04.726908 IP6 2a10:7e40:edf6:100::32 > ff02::1:ff00:33: > > > > ICMP6, neighbor solicitation, who has 2a10:7e40:edf6:100::33, > > > > length 32 18:09:04.727373 IP6 2a10:7e40:edf6:100::33 > > > > > 2a10:7e40:edf6:100::32: ICMP6, neighbor advertisement, tgt is > > > > 2a10:7e40:edf6:100::33, length 32 > > > > 18:09:04.727391 IP6 2a10:7e40:edf6:100::32 > > > > > 2a10:7e40:edf6:100::33: ICMP6, echo request, seq 1, length 64 > > > > 18:09:04.727738 IP6 2a10:7e40:edf6:100::33 > > > > > 2a10:7e40:edf6:100::32: ICMP6, echo reply, seq 1, length 64 > > > > > > > > > > > > My question is : How can I force ndp to use the link-local > > > > address assigned to that outgoing device ? (in the trace above, > > > > ndp would then send the neighbor solicitation with > > > > fe80::a00:27ff:fe02:3cbd source address). > > > > > > > > This is requested by our customer for security reasons and as > > > > far as I can see it complies with RFC4861 as well. > > > > > > > > If someone had a clue how to do that or if it's just > > > > impossible, I would really appreciate your help. > > > > > > > > Thank you > > > > Best resgards > > > > Julien > > > > > > > > > > By the way, sorry for top-posting... > > > > > > -- > > To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org > > with a subject of "unsubscribe". Trouble? Contact > > listmas...@lists.debian.org > > Archive: > > https://lists.debian.org/20140904093203.696b0eff@asus.tamerr > > > > Hey, U cannot ping a global address with a link-local address. If you want to use your link-local address as source, u need to ping the link-local address of your destination (and need to specify exit interface). Global IP addresses(Layer 3) and Link-local addresses(not Layer 3) are on different scopes or spans(or layer). Because of that, they cannot interact. Also, not really related but better to reply to the Debian-list than sending a personal mail. Other readers might benefit of this exchange. Finally, better to write your answer down, at the end of the msg; easier to follow the whole story at a glance. HTH. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140904185001.6f4e0e90@asus.tamerr
