Re: DAD problem when a looped interface comes back up

[Mark Smith <ipng at 69706e6720323030352d30312d31340a.nosense.org>]

On Tue, 27 May 2008 09:12:43 +0200
"Ole Troan" <otroan at employees.org> wrote:

> > FYI,
> >
> > This issue, from cisco-nsp list, might be of interest here.  When an
> > interface is looped, it will fail DAD, and if the condition lasts long
> > enough, you might not recover from it automatically.
> 
> this is a flaw in the way DAD was designed. one solution could be to
> add a nonce option to ND. another would be to turn DAD off.
> 

I'd have expected that administratively disabling and then re-enabling
the interface (after having fixed the looped interface issue) would
restart the DAD process.

Regards,
Mark.

> /ot
> 
> > On Tue, 27 May 2008, Gert Doering wrote:
> >> On Tue, May 27, 2008 at 03:00:26AM +0300, Hank Nussbacher wrote:
> >>> When we did some line testing and did some loop testing on the link we got:
> >>> %IPV6-4-DUPLICATE: Duplicate address FE80::215:2CFF:FE87:B240 on POS11/0/0
> >>>
> >>> petach-tikva-gp# sho ipv6 int pos11/0/0
> >>> POS11/0/0 is up, line protocol is up
> >>>    IPv6 is stalled, link-local address is FE80::215:2CFF:FE87:B240 [DUP]
> >> [..]
> >>
> >>> I know I can use "ipv6 nd dad attempts 5" but wanted to know whether I
> >>> should open a TAC case for this.
> >>
> >> I have seen this as well, and it's especially annoying if it happens
> >> as consequence of a link outage from the carrier (link going down, going
> >> into "loop" state, then coming back to "up") - if you're unlucky, a short
> >> glitch can kill your IPv6 on the line hard until you manually reset the
> >> interface.
> >>
> >> The current behaviour is pretty much a direct consequence from the RFC
> >> (DAD is mandatory), but I think that IOS could be a bit more smart about
> >> it, like "restart DAD every 5 minutes" or "recognize a looped->up
> >> transition on the interface, and then restart DAD".
> >>
> >> So - by all means, please open a TAC case.
> >>
> >> As a workaround, we have used "ipv6 nd dad attempts 5" on the specific
> >> line that gave us headaches - so we've never pressed the issue with Cisco.
> >>
> >> gert
> >>
> >>
> >>
> >
> > --
> > Pekka Savola                 "You each name yourselves king, yet the
> > Netcore Oy                    kingdom bleeds."
> > Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
> > --------------------------------------------------------------------
> > IETF IPv6 working group mailing list
> > ipv6 at ietf.org
> > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> > --------------------------------------------------------------------
> >
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6 at ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------
--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6 at ietf.org
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------