Flood DHCP V6 on esxi
-
Here did a tcpdump on pfsense so can see mac on the ip6 traffic…
See source link, and dest link address there 00:08:a2 is my pfsense interface on lan... And that 18:03:73 is my PC..
-
So if i understand you have ipv6 request with icmp to discover the network ? So it's normal ?
-
But he is saying that ANY ipv6 traffic and wherever this server is located gets blocked, like it shuts down the switch port for all traffic or something..
Never ever ever heard of such a thing.. Seems nuts to me.. But from sniff I did if pfsense has no IPv6 set on its interface its not going to be sending out any sort of NDP or other noise on ipv6..
His sniffs didn't show the MAC of the ipv6 traffic so not sure where its coming from.
You ever here of DC or colo or anywhere shutting you down if you send out an IPv6 packet?
-
So if i understand you have ipv6 request with icmp to discover the network ? So it's normal ?
Normally, with IPv6, you'd use DHCPv6-PD to get your WAN IP and LAN prefix. On the LAN side, the router will announce the prefix, with router advertisements and then the device adds the least significant 64 bits. DHCPv6 (without PD) can also be used to assign the device address. Router advertisements are carried via ICMP6.
-
Hi,
You can find below my pcap file -
Most of that capture is RARP with 00:0c:29:c0:91:db asking who is 00:0c:29:c0:91:db.
I have no idea why it's doing that, as RARP is obsolete.
https://en.wikipedia.org/wiki/Reverse_Address_Resolution_Protocol
-
The reverse arps are not IPv6 The IPv6 traffic is coming from
Source: Vmware_d6:37:24 (00:0c:29:d6:37:24)
You got something messed up with pfsense… I do not see any ipv6 coming off my pfsense once you set ipv6 to none..
I sure and the hell do not recall ever seeing a rarp from pfsense..
You sure that is your pfsense.. lets see iconfig from the pfsense VM..
-
I sure and the hell do not recall ever seeing a rarp from pfsense..
I don't think I've ever seen it. As I mentioned it's obsolete and has been for years, replaced by bootp & dhcp.
What's it doing on a modern network? -
Hi All,
First of all, thanks for your help.
I think I have an issue with my esxi server I have started a VM with SUSE and the lan card xas blocked I don't know why…
I have made a new installation of pfsense and I observed the same ICMPv6 request on my lan but I didn't configure any IPV6 service.
Is it normal ? -
Is what normal - yes esxi has ipv6 support.. But it wouldn't be coming from the mac of your VM virtual nic..
Yes suse most likely out of the box would try and configure IPv6.. Did you tell SUSE not to do ipv6?
Pretty much every single current OS on the planet willl use IPv6 - unless you specifically and sometimes quite difficult turn it off.. Windows for example you can even disable it with reg key… But its still there in the core, just doesn't do anything with it.. But if you look you will still see ipv6 loopback, etc.
Same with linux to rip it out of the kernel you would have to compile your own, etc.
