Re: source addr. for icmp if link-local-only on interface from garry baker on 2011-09-02 (Ccielab archives 09/2011)

From: garry baker <baker.garry_at_gmail.com>
Date: Fri, 2 Sep 2011 17:31:57 +0300

yes the thing i could see this impacting the most would be when the source
interface is not specified for say tacacs, syslog, snmp, etc...

need to know which interface ipv6 it is going to pick, in my tests it was
always the lowest ipv6 address so this could be a ios specific thing that
could change...

i did not see any documentation on this either, but then again i never read
the ipv4 source address thing just know that is the way it works...
--
Garry L. Baker

"With sufficient thrust, pigs fly just fine..." - RFC 1925

On Fri, Sep 2, 2011 at 5:11 PM, Roger Pfaeffli <rpf23543_at_gmail.com> wrote:

> Indeed, what I have seen. It starts with the loopbacks and there it starts
> with the lowest. If there are no loopbacks, he takes the other interfaces.
> That's at least what I have seen but personally I think this is not good.
> Instead of just "misusing" the address of another interface, I would rather
> display an error like "no global scoped ipv6 address configured". Then I
> still have the possibility to specify a source address, like with v4.
> To me it is just curious that this behavior is not specified (or I did not
> find it) because from a routing point of view, link local is sufficient and
> therefore one or the other will focus this issue...
>
> Regards
>
> Roger #23543
> On Sep 2, 2011 1:03 PM, "garry baker" <baker.garry_at_gmail.com> wrote:
> > Is this what you mean? see output below for my test of what i think you
> are
> > talking about...
> >
> > it appears to pick the lowest IPv6 address for this, dont know about the
> RFC
> > or Cisco implentation where this rule is coming from...
> >
> > the ipv4 "rule" was it used the ip address closet to the destination to
> > source this packet when you did the ping from the router, unless of
> course
> > you specify the source interface
> >
> >
> >
> > R1(config-if)#do ping 2002:2222::2 r 1
> > Type escape sequence to abort.
> > Sending 1, 100-byte ICMP Echos to 2002:2222::2, timeout is 2 seconds:
> > .
> > Success rate is 0 percent (0/1)
> >
> > R2#debug ipv6 packet access-list ICMP detail
> > IPv6 unicast packet debugging is on (detailed) for access list ICMP
> > R2#
> > *Mar 1 00:20:58.635: IPV6: source 2444:4444::4 (Serial0/0)
> > *Mar 1 00:20:58.635: dest 2002:2222::2
> > *Mar 1 00:20:58.635: traffic class 0, flow 0x0, len 100+4, prot 58,
> > hops 64, forward to ulp
> > *Mar 1 00:20:58.639: IPV6: source 2002:2222::2 (local)
> > *Mar 1 00:20:58.639: dest 2444:4444::4
> > *Mar 1 00:20:58.639: traffic class 0, flow 0x0, len 100+4, prot 58,
> > hops 64, Route not found
> >
> >
> > R1(config-if)#int loop4
> > R1(config-if)#shut
> > R1(config-if)#int loop4
> > *Mar 1 00:22:15.835: %LINK-5-CHANGED: Interface Loopback4, changed state
> to
> > administratively down
> > *Mar 1 00:22:16.835: %LINEPROTO-5-UPDOWN: Line protocol on Interface
> > Loopback4, changed state to down
> > R1(config-if)#do ping 2002:2222::2 r 1
> > Type escape sequence to abort.
> > Sending 1, 100-byte ICMP Echos to 2002:2222::2, timeout is 2 seconds:
> > .
> > Success rate is 0 percent (0/1)
> >
> > R2#
> > *Mar 1 00:22:18.999: IPV6: source 2555:5555::5 (Serial0/0)
> > *Mar 1 00:22:19.003: dest 2002:2222::2
> > *Mar 1 00:22:19.003: traffic class 0, flow 0x0, len 100+4, prot 58,
> > hops 64, forward to ulp
> > *Mar 1 00:22:19.003: IPV6: source 2002:2222::2 (local)
> > *Mar 1 00:22:19.003: dest 2555:5555::5
> > *Mar 1 00:22:19.003: traffic class 0, flow 0x0, len 100+4, prot 58,
> > hops 64, Route not found
> >
> > R1(config-if)#no shut
> > R1(config-if)#int f0/0
> > R1(config-if)#no shut
> > R1(config-if)#
> > *Mar 1 00:23:01.319: %LINK-3-UPDOWN: Interface Loopback4, changed state
> to
> > up
> > *Mar 1 00:23:02.319: %LINEPROTO-5-UPDOWN: Line protocol on Interface
> > Loopback4, changed state to up
> > R1(config-if)#
> > *Mar 1 00:23:04.787: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed
> > state to up
> > *Mar 1 00:23:05.787: %LINEPROTO-5-UPDOWN: Line protocol on Interface
> > FastEthernet0/0, changed state to up
> > R1(config-if)#do ping 2002:2222::2 r 1
> > Type escape sequence to abort.
> > Sending 1, 100-byte ICMP Echos to 2002:2222::2, timeout is 2 seconds:
> > !
> > Success rate is 100 percent (1/1), round-trip min/avg/max = 44/44/44 ms
> > R2#
> > *Mar 1 00:23:19.951: IPv6: Sending on Serial0/0
> > *Mar 1 00:23:20.303: IPV6: source 2001:1111::1 (Serial0/0)
> > *Mar 1 00:23:20.303: dest 2002:2222::2
> > *Mar 1 00:23:20.303: traffic class 0, flow 0x0, len 100+4, prot 58,
> > hops 64, forward to ulp
> > *Mar 1 00:23:20.307: IPv6: nexthop FE80::1,
> > *Mar 1 00:23:20.307: IPV6: source 2002:2222::2 (local)
> > *Mar 1 00:23:20.307: dest 2001:1111::1 (Serial0/0)
> > *Mar 1 00:23:20.307: traffic class 0, flow 0x0, len 100+4, prot 58,
> > hops 64, originating
> >
> >
> > ROUTER CONFIGS for TEST:
> >
> > hostname R1
> > !
> > ipv6 unicast-routing
> > !
> > interface Loopback0
> > ip address 1.1.1.1 255.255.255.0
> > !
> > interface Loopback4
> > no ip address
> > ipv6 address 2444:4444::4/64
> > !
> > interface Loopback5
> > no ip address
> > ipv6 address 2555:5555::5/64
> > !
> > interface Loopback6
> > no ip address
> > ipv6 address 2666:6666::6/64
> > !
> > interface FastEthernet0/0
> > no ip address
> > shutdown
> > duplex auto
> > speed auto
> > ipv6 address 2001:1111::1/64
> > ipv6 ospf 1 area 1
> > !
> > interface Serial0/0
> > no ip address
> > ipv6 address FE80::1 link-local
> > ipv6 ospf 1 area 0
> > clock rate 2000000
> > !
> > ipv6 router ospf 1
> >
> >
> > hostname R2
> > !
> > ipv6 unicast-routing
> > !
> > interface Loopback0
> > ip address 2.2.2.2 255.255.255.0
> > !
> > interface FastEthernet0/0
> > no ip address
> > duplex auto
> > speed auto
> > ipv6 address 2002:2222::2/64
> > ipv6 ospf 1 area 2
> > !
> > interface Serial0/0
> > no ip address
> > ipv6 address FE80::2 link-local
> > ipv6 ospf 1 area 0
> > clock rate 2000000
> > !
> > ipv6 router ospf 1
> > !
> > ipv6 access-list ICMP
> > permit icmp any any
> >
> >
> > --
> > Garry L. Baker
> >
> > "With sufficient thrust, pigs fly just fine..." - RFC 1925
> >
> >
> >
> > On Fri, Sep 2, 2011 at 11:58 AM, Roger Pfaeffli <rpf23543_at_gmail.com>
> wrote:
> >
> >> Hi group,
> >>
> >> On a router, if I have on a WAN link just the ipv6 link local address
> >> ('cause this is enough for routing) and I execute a v6ping to a global
> >> scoped address somewhere in this WAN, my router chooses a global
> >> scoped address, borrowed from another interface of my router. That's
> >> at least what I've tested.
> >> How is this "borrowed" address chosen and where is this specified? I
> >> could not find an rfc describing exactly this. I guess this is vendor
> >> specific, if so, is there a documentation from Cisco explaining this?
> >>
> >> regards
> >>
> >> Roger #23543
> >>
> >>
> >> Blogs and organic groups at http://www.ccie.net
> >>
> >> _______________________________________________________________________
> >> Subscription information may be found at:
> >> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Fri Sep 02 2011 - 17:31:57 ART

This archive was generated by hypermail 2.2.0 : Sat Oct 01 2011 - 07:26:25 ART