长话短说:如何防止 IPv6 邻居请求在邻居缓存中创建多播条目?
我最近安装了有点不起眼的帕达万 RT-N56U我在我的老式华硕 RT-N56U 路由器上安装了固件(Linux 3.4.110),希望获得更稳定的互联网连接,但很快就遇到了 IPv6 配置问题。我的 ISP 使用路由器通告支持无状态 DHCPv6,运行良好且花哨 - 我的路由器从 DHCP 获得了应有的所有好处,包括 DNS 条目。
然而,ISP 正在将邻居请求icmp6包发送到 中的多播地址ff02::1:,这会堵塞我的邻居表:
/home/root # ip route show cache table all | grep -c ff02
1681
该表循环地达到溢出的程度:
Sep 8 16:53:39 kernel: net_ratelimit: 705 callbacks suppressed
Sep 8 16:53:39 kernel: ipv6: Neighbour table overflow
Sep 8 17:02:41 kernel: net_ratelimit: 83 callbacks suppressed
Sep 8 17:02:41 kernel: ipv6: Neighbour table overflow
Sep 8 17:03:41 kernel: net_ratelimit: 1762 callbacks suppressed
Sep 8 17:03:41 kernel: ipv6: Neighbour table overflow
当我在 WAN 端口上捕获 TCP 数据包时:
/home/root # tcpdump -i eth3 -v ip6
11:07:27.055286 IP6 (class 0xc0, hlim 255, next-header ICMPv6 (58) payload length: 32) fe80::ce4e:24ff:fe1c:3300 > ff02::1:ff5a:c: [icmp6 sum ok] ICMP6, neighbor solicitation, length 32, who has [redacted ipv6 GUA]
source link-address option (1), length 8 (1): cc:4e:24:1c:33:00
11:07:27.055330 IP6 (class 0xc0, hlim 255, next-header ICMPv6 (58) payload length: 32) fe80::ce4e:24ff:fe1c:3300 > ff02::1:ff86:1d: [icmp6 sum ok] ICMP6, neighbor solicitation, length 32, who has [redacted ipv6 GUA]
source link-address option (1), length 8 (1): cc:4e:24:1c:33:00
11:07:27.055348 IP6 (class 0xc0, hlim 255, next-header ICMPv6 (58) payload length: 32) fe80::ce4e:24ff:fe1c:3300 > ff02::1:ffa6:8015: [icmp6 sum ok] ICMP6, neighbor solicitation, length 32, who has [redacted ipv6 GUA]
source link-address option (1), length 8 (1): cc:4e:24:1c:33:00
11:07:27.055376 IP6 (class 0xc0, hlim 255, next-header ICMPv6 (58) payload length: 32) fe80::ce4e:24ff:fe1c:3300 > ff02::1:ff5b:8: [icmp6 sum ok] ICMP6, neighbor solicitation, length 32, who has [redacted ipv6 GUA]
source link-address option (1), length 8 (1): cc:4e:24:1c:33:00
我知道我可以改变垃圾收集机制的积极性,但是有没有办法简单地不缓存这些多播地址?这可能是不太明智的默认行为并在最新版本中修复?
编辑:新民主党规格声明邻居缓存应该保存单播信息:
关于最近向其发送流量的各个邻居的一组条目。条目以邻居的链路上单播 IP 地址为键 [...]
那么我想这是一个错误。如果我发现堆栈的哪个组件有问题,我会回复。