IPv6 n00b: dhcpv6-client requests blocked on LAN
I'm trying to figure out if this is a configuration error. A few hours after getting IPv6 working from my local network, the firewall log is showing lots of blocks of this sort:
Sep 17 08:38:27 gateway filterlog: 70,,,11000,em1,match,block,in,6,0x00,0x71da2,1,UDP,17,60,fe80::f6:a33e:7157:ea22,ff02::1:2,546,547,60
My (very limited, still learning) interpretation of this is that the client on my LAN is requesting something of a DHCPv6 server upstream, from a link-local DHCP relay agent/server. The client seems to have no trouble getting out, as 'ping6 www.google.com' shows a reasonable round trip time.
My questions are:
- Are these normal in a properly configured network?
- Should this traffic be passed upstream through the firewall?
- Or should it be handled by a DHCPv6 relay on my router?
- Or did I mess up the configuration elsewhere?
Our ISP has delegated a /64 to us. I'm using Track Interface on the LAN.
Please help educate this n00b. Suggestions for further reading welcomed. Thanks.
Since no one is answering, I did a little research.
This appears to be a valid DHCP server/relay solicitation. It doesn't go anywhere because there's no DHCP server/relay on the subnet, because in turn the subnet has been delegated to us from the ISP. radvd is running but we're using stateless autoconfiguration to allocate addresses.
Should I be running a DHCPv6 relay in this situation? Or is stateless autoconfiguration enough? It seems to be working fine at the moment.