Re: ICMP6 redirect

Erik Nordmark <> Wed, 25 July 2012 17:36 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 4402B21F86DE for <>; Wed, 25 Jul 2012 10:36:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -103.099
X-Spam-Status: No, score=-103.099 tagged_above=-999 required=5 tests=[AWL=0.500, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id P5mdI7KCbFzw for <>; Wed, 25 Jul 2012 10:36:14 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id BBF2221F86D5 for <>; Wed, 25 Jul 2012 10:36:14 -0700 (PDT)
Received: from [] ( []) (authenticated bits=0) by (8.13.8.Beta0-Sonic/8.13.7) with ESMTP id q6PHaA48016985 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 25 Jul 2012 10:36:11 -0700
Message-ID: <>
Date: Wed, 25 Jul 2012 10:36:10 -0700
From: Erik Nordmark <>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:14.0) Gecko/20120713 Thunderbird/14.0
MIME-Version: 1.0
Subject: Re: ICMP6 redirect
References: <> <> <> <>
In-Reply-To: <>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 25 Jul 2012 17:36:15 -0000

On 7/25/12 3:38 AM, Andrew McGregor wrote:

> This originally came in the context of VRRP v3. If you want to run
> some dynamic routing protocol at the same time as VRRP on the same
> VLAN, you need another link-local address to talk to your routing
> peers with, since there's no way for the non-master routers to use
> the VRRP address.  So, you have two (or more) link locals on the same
> VLAN.  Ideally only the VRRP one should be used for sending RAs, of
> course.

Sounds like that is a small implementation matter in the router software.

> I totally agree that RAs should take care of this, and in fact I
> think one way to resolve the conundrum is to craft an RA to
> specifically tell the host it is onlink with that exact destination,
> rather than a redirect, since as I read the RA processing rules, it
> does not matter what source address the router uses in that case.

I guess I don't understand the problem you want to solve. Can you clarify?

I thought the problem  was that the 1st hop was suboptimal, and the 1st 
hop router wants to send a redirect to tell the host to use a different 
1st hop router to get to the offlink destination.
You can't do that by faking an RA.

But above it sounds like the destination is on-link. Is that the problem 
you want to solve?

While you can fake an RA for that, it runs into a issue with NUD should 
the destination ever move off-link. That issue is that the prefix 
information in the RAs time out based on the preferred/valid lifetime, 
and NUD doesn't affect that. Thus if the destination is no longer 
off-link, either the routers have to detect that and send a fake RA with 
the prefix with onlink=0, or communication will be broken until the 
valid lifetime of the prefix expires.

Redirects don't have that issue; NUD knows to ignore/discard the 
redirects when it doesn't get responses to the probes.