On 10/8/13, Fernando Gont <[email protected]> wrote: > On 10/08/2013 12:13 PM, Andrew Yourtchenko wrote: >>> >>> 1. Should the Cisco WLC IPv6 FHS stuff be blocking these, given the >>> target IP is the HSRP VIP and is obviously not on a client? >> >> No. NS is merely a query - it does not affect anything. It's the NAs >> that you'd need to be worried about and have blocked. > > Not really -- See Section 5.4.3 of RFC 4862: > > If the source address of the Neighbor Solicitation is the unspecified > address, the solicitation is from a node performing Duplicate Address > Detection. If the solicitation is from another node, the tentative > address is a duplicate and should not be used (by either node). If > the solicitation is from the node itself (because the node loops back > multicast packets), the solicitation does not indicate the presence > of a duplicate address. > > i.e., if you receive a NS while doing DAD, such NS will cause DAD to > fail, and the tentative address should not be used. -- This scenario > would happen if both devices are trying t configure the same (tentative) > address at roughly the same time, and hence their respective DAD probes > "cross" on the network.
Hey Fernando, thanks for the clarification, good point for the case of the address being tentative. If it isn't then it should not apply - nor it should apply to any other nodes' neighbor tables (that was Phil's concern). --a > > Thanks! > > Cheers, > -- > Fernando Gont > e-mail: [email protected] || [email protected] > PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1 > > > >
