[138552] in North American Network Operators' Group
Re: dhcp6 solicit
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Wed Mar 9 21:46:19 2011
To: Jeroen van Aart <jeroen@mompl.net>
In-Reply-To: Your message of "Wed, 09 Mar 2011 18:20:12 PST."
<4D78355C.9030300@mompl.net>
From: Valdis.Kletnieks@vt.edu
Date: Wed, 09 Mar 2011 21:44:56 -0500
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
--==_Exmh_1299725096_4887P
Content-Type: text/plain; charset=us-ascii
On Wed, 09 Mar 2011 18:20:12 PST, Jeroen van Aart said:
> I was doing some packet scanning on one of my IPv6 enabled servers and I
> found traffic such as the following frequently (IPs slightly edited):
>
> 02:23:02.410360 IP6 fe80::ff78.546 > ff02::2.547: dhcp6 solicit
> The addresses are not mine, neither do I run a dhcpv6 daemon (no need
> for it).
The addresses *are* yours (sort of, the same way that in IPv4, 127.0.0.1
belongs to you even though it's in a netblock assigned to IANA rather than
you). fe80: is a prefix for "link level" addresses (basically "only valid on
this subnet"), and is what the machine asking for the dhcp6 uses so it has *an*
address it can use (or more correctly, so that the machine that replies can
fill in a destination for the reply). Meanwhile, ff02::2 is a reserved address
for "all routers on the network segment".
You can probably pull the mac address out of that fe80:: address, as it's
an EUI-64. For example, on my laptop I have:
inet6 addr: fe80::224:d6ff:fe53:c5ba/64 Scope:Link
Pull out the 'ff:fe', take out that first 2, and my MAC address is 00:24:d6:53:c5:ba.
Hope that helps you find the offending box that is under the impression that
dhcp6 *is* needed. ;)
--==_Exmh_1299725096_4887P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFNeDsocC3lWbTT17ARAkkFAKCMko6I7RsKtCmw2cNlBAbmc3SiKwCeMMMy
UP09MEKfMV1SwdSQA+9UhxI=
=3U+j
-----END PGP SIGNATURE-----
--==_Exmh_1299725096_4887P--
