[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Neighbor Discovery and on-link determination



David Miles wrote:

Hi Erik,

I'll put both answers into one email:


If routerA sent a ND to routerB and the source address of the ND if off-link, populating the Neighbour Cache will not achieve any real functionality. Yes, I'd propose it is ignored by the router. Possibly we could trigger a unsolicited Neighbour Advertisement from RouterB? I cannot see any impact on redirect or proxy service functionality and I really see this as a misconfiguration.

The message validation rules that you referred to are cases when the packet would be ignored (and that would be problematic for sure.)

It makes sense to look carefully at the effect of "do not create a neighbor cache entry for the sender if sender is not in one of the on-link prefixes".

With respect to your other email and my security concerns: if the receipt of a ND or NA on any interface, irrespective of prefix list, were able to both populate the Neighbour Cache and update/affect the forwarding behaviour then I would be worried. Seeing you have both clarified this was not the intent I do not have an issue, but it does seem of little benefit to populate a Neighbour Cache entry if it is never consulted.

I know the scenario is contrived however it was brought to my attention from another source, so the clarifications are appreciated.

OK

   Erik