Flood DHCP V6 on esxi
-
What are you looking to get rid of the Reverse Arps?
Reverse Request who-is 00:0c:29:d6:37:24
Which of your VMs has that mac?
The other traffic is going to happen on any IPv6 network.. With any IPv6 at all you will have NDP https://en.wikipedia.org/wiki/Neighbor_Discovery_Protocol
Your few packets is not a flood ;)
You can for sure disable IPv6 on your VMs if that is what your looking to do - what OSes are you running.. Google for disable IPv6… Windows is a simple regedit, linux can be a bit more tricky but sure it can be done pretty easy as well. Its the IoT sort of devices that if they support ipv6 is hard to turn off.
But having some ipv6 noise on your network is not going to shut anything down be a flood other than maybe log spam in say pfsense - is that what your looking to stop?
-
Does any possibility to disable the DHCPv6 server permanently?
It's quite common to run without DHCPv6. The alternative is SLAAC, which I use here. With SLAAC, the IPv6 address is determined by the prefix advertised by the router and either the MAC address or a random number. Typically, both are used, with the random number address being used for outgoing traffic and the MAC one used for incoming. On Windows, a static random number is often used in place of the MAC address.
https://en.wikipedia.org/wiki/IPv6#Stateless_address_autoconfiguration_.28SLAAC.29
-
johnpoz,
Which of your VMs has that mac? Is the mac address of my pfsense server for the LAN interface
You can for sure disable IPv6 on your VMs if that is what your looking to do - what OSes are you running.. Google for disable IPv6… Windows is a simple regedit, linux can be a bit more tricky but sure it can be done pretty easy as well. Its the IoT sort of devices that if they support ipv6 is hard to turn off. --> has is my pfsense server I don't know how to do it...
is that what your looking to stop? The think is from my understanding and your response, this request is just to discover the IPV6 network, but on my the dedicated vendor for my server they are no IPV6 on the private network this is why they block my card when they detect any IPV6 request.
I just want to disable IPV6 on my pfsense server...
How to proceed?
Thanks for your help -
Do not give any interface an IPv6 address.. It will not send out NDP then..
This your LAN interface then the IPv6 on lan should be set to NONE. I have some interfaces on pfsense that does not have IPv6 on them… Let me verify that they do not send any NDP.. If they do let me look to see how you stop that (if you can - which I would assume you could worse case disable everything not just specific interface).
Give me a bit.
Edit: Ok I just ran packet capture on my wlan interface that has NONE set for ipv6... I see no NDP or any sort of IPV6 traffic on this network..
I could let it run for longer.. I don't think pfsense will even let you turn on RA on an interface that doesn't have IPv6 set.. It doesn't even list the interface under dhcpv6/RA if the interface does not have an IPv6 set..
edit2: your sniffs do not show the MAC of the IPv6 traffic your showing.. Those arps and reverse arps are IPV4 Your going to have to open sniff in wireshark if you want to see.. Or if capturing in pfsense packet capture set it up to normal… See attached sniff of RA my pfsense sent out on its lan interface - which has IPv6 enabled.
-
I didn't give any IPV6 address on my interface.
Another point I made a change on the file /etc/default/rc.conf and set the option ipv6_network_interface="none"
I have rebooted my pfsense server and they are still the ICMPV6 request on tcpdump.
I have also check on another server with pfsense and I didn't see any IPV6 request.
I have also download the configuration of the second server to my new pfsense server and I have the same result…. -
And see my edit… Your sniff doesn't show the mac of the ipv6 traffic... Your going to have to open in wireshark, or download and post so I can or set your sniff to atleast medium in pfsense to be able to see the mac of that ipv6 traffic
-
Thanks but i have only my fsense server that is running but i have the pcap file that I can provide but now i'm on my phone i will send you later
Thanks for your help -
Here did a tcpdump on pfsense so can see mac on the ip6 traffic…
See source link, and dest link address there 00:08:a2 is my pfsense interface on lan... And that 18:03:73 is my PC..
-
So if i understand you have ipv6 request with icmp to discover the network ? So it's normal ?
-
But he is saying that ANY ipv6 traffic and wherever this server is located gets blocked, like it shuts down the switch port for all traffic or something..
Never ever ever heard of such a thing.. Seems nuts to me.. But from sniff I did if pfsense has no IPv6 set on its interface its not going to be sending out any sort of NDP or other noise on ipv6..
His sniffs didn't show the MAC of the ipv6 traffic so not sure where its coming from.
You ever here of DC or colo or anywhere shutting you down if you send out an IPv6 packet?
-
So if i understand you have ipv6 request with icmp to discover the network ? So it's normal ?
Normally, with IPv6, you'd use DHCPv6-PD to get your WAN IP and LAN prefix. On the LAN side, the router will announce the prefix, with router advertisements and then the device adds the least significant 64 bits. DHCPv6 (without PD) can also be used to assign the device address. Router advertisements are carried via ICMP6.
-
Hi,
You can find below my pcap file -
Most of that capture is RARP with 00:0c:29:c0:91:db asking who is 00:0c:29:c0:91:db.
I have no idea why it's doing that, as RARP is obsolete.
https://en.wikipedia.org/wiki/Reverse_Address_Resolution_Protocol
-
The reverse arps are not IPv6 The IPv6 traffic is coming from
Source: Vmware_d6:37:24 (00:0c:29:d6:37:24)
You got something messed up with pfsense… I do not see any ipv6 coming off my pfsense once you set ipv6 to none..
I sure and the hell do not recall ever seeing a rarp from pfsense..
You sure that is your pfsense.. lets see iconfig from the pfsense VM..
-
I sure and the hell do not recall ever seeing a rarp from pfsense..
I don't think I've ever seen it. As I mentioned it's obsolete and has been for years, replaced by bootp & dhcp.
What's it doing on a modern network? -
Hi All,
First of all, thanks for your help.
I think I have an issue with my esxi server I have started a VM with SUSE and the lan card xas blocked I don't know why…
I have made a new installation of pfsense and I observed the same ICMPv6 request on my lan but I didn't configure any IPV6 service.
Is it normal ? -
Is what normal - yes esxi has ipv6 support.. But it wouldn't be coming from the mac of your VM virtual nic..
Yes suse most likely out of the box would try and configure IPv6.. Did you tell SUSE not to do ipv6?
Pretty much every single current OS on the planet willl use IPv6 - unless you specifically and sometimes quite difficult turn it off.. Windows for example you can even disable it with reg key… But its still there in the core, just doesn't do anything with it.. But if you look you will still see ipv6 loopback, etc.
Same with linux to rip it out of the kernel you would have to compile your own, etc.
