dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
1338
share rss forum feed


graysonf
Premium,MVM
join:1999-07-16
Fort Lauderdale, FL
kudos:2

1 edit

[IPv6] IPv6 floods my router log.

I have native IPv6 working fine using my m0n0wall (FreeBSD based) router and Zoom 5431J modem.

However, the system log on the router is being flooded with this message many times a minute:

rtadvd[213]: received RA from fe80::201:5cff:fe22:c9c1 on non-advertising interface(fxp1)

fxp1 is my router WAN interface.

201:5cff:fe22:c9c1 is the MAC address of an upstream device at Comcast.

Does anyone know what this is and how to get it stopped. My system log is useless. I have posted to the m0n0wall forum but no response yet from the developers.



NetFixer
Freedom is NOT Free
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage

1 edit

1 recommendation

Re: IPv6 floods my router log.

Is fe80::201:5cff:fe22:c9c1 not your default gateway?

I have fe80::201:5cff:fe3c:f441 for the default gateway in my D-Link DIR655, and I do see entries like they ones below in my syslog, but they are not errors, and not what I would consider a flood.

client6_recv: receive advertise from fe80::201:5cff:fe3c:f441 on eth0.1
 
client6_recv: receive reply from fe80::201:5cff:fe3c:f441 on eth0.1
 

Do you also see non-error RA entries in your log? If you are getting IPv6 RAs from more than one Comcast source, that sounds like a Comcast problem to me.

--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander.


whfsdude
Premium
join:2003-04-05
Washington, DC
Reviews:
·Comcast

1 recommendation

reply to graysonf

said by graysonf:

Does anyone know what this is and how to get it stopped. My system log is useless. I have posted to the m0n0wall forum but no response yet from the developers.

You could check the log level if they have it. That sounds like a DEBUG level or something of the sort.


graysonf
Premium,MVM
join:1999-07-16
Fort Lauderdale, FL
kudos:2
reply to NetFixer

fe80::201:5cff:fe22:c9c1 is my IPv6 gateway.

There are occasionally other entries in the system log not related to IPv6, but the one cited appears at least 160 times every ten minutes in the form of "last message repeated 173 times."



graysonf
Premium,MVM
join:1999-07-16
Fort Lauderdale, FL
kudos:2
reply to whfsdude

There is no setting for log level.



tshirt
Premium,MVM
join:2004-07-11
Snohomish, WA
kudos:4
reply to graysonf

NM



NetFixer
Freedom is NOT Free
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage

1 edit
reply to graysonf

said by graysonf:

fe80::201:5cff:fe22:c9c1 is my IPv6 gateway.

There are occasionally other entries in the system log not related to IPv6, but the one cited appears at least 160 times every ten minutes in the form of "last message repeated 173 times."

In that case, I can't imagine why m0n0wall would be logging that message so often. I only see the IPv6 RA messages in my syslog during a reboot or DHCP renewal time frame (and I have debug logging enabled since the DIR655 is a new router that I am currently still evaluating).

Such an intensive logging level may just be normal for IPv6 in m0n0wall if you are using DHCPv6-PD. My D-Link router may also be seeing additional RAs from Comcast's gateway, but just simply ignores them (and doesn't bother to log them) if they are unexpected (and unneeded). If my curiosity were roused enough, I could probably run my DIR655's WAN through a VLAN segment on my Netgear GS108e switch with a monitor port configured so that I could capture packets to/from that interface (but it would be a PITA to physically setup). Does m0n0wall have a built-in packet capture capability? I know that BSD can do it, but I am not sure what resources are available on m0n0wall's implementation.

Hopefully you will get some information from the vendor's support site. You might also try posting your question in this site's »All Things Unix forum; maybe some of the regulars there have seen something similar.
--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander.


graysonf
Premium,MVM
join:1999-07-16
Fort Lauderdale, FL
kudos:2

There is no packet capture capability in m0n0wall, at least not in the as delivered product. Anything is possible though if one would go thru the trouble of altering the sources and rebuilding it from scratch.



whfsdude
Premium
join:2003-04-05
Washington, DC
Reviews:
·Comcast

said by graysonf:

There is no packet capture capability in m0n0wall, at least not in the as delivered product. Anything is possible though if one would go thru the trouble of altering the sources and rebuilding it from scratch.

Have you tried to bring up a shell and see if tcpdump is installed? Eg. tcpdump -i your_int -vvn icmp6

It's totally normal to see an RA say every 1000 seconds (default on IOS retrans time I think). The default reachable time on an RA is 9000 seconds so you will at least see the retrans timer under every 9000 seconds.

This is why I'm thinking it's just some over aggressive debug logging. I'd submit a bug report if you haven't yet.

I'd also suggest everyone read RFC 2461 if you haven't yet, it's a good read!


NetDog
Premium,VIP
join:2002-03-04
Parker, CO
kudos:78
Reviews:
·Comcast

1 recommendation

said by whfsdude:

I'd also suggest everyone read RFC 2461 if you haven't yet, it's a good read!

I dont think I have seen RFC and good read in the same sentence before.. and yes I have read that RFC..


graysonf
Premium,MVM
join:1999-07-16
Fort Lauderdale, FL
kudos:2

1 recommendation

reply to whfsdude

There is no shell or other tools in m0n0wall as delivered. There have been occasional versions with such tools in them to aid in debugging problems, but they are not part of the available to the general public releases.

I have submitted a bug report. But things don't happen instantly there.

As I said, these RAs appear to be coming 160+ times over every ten minute period. I'd like to think m0n0wall wouldn't report them if they weren't actually being sent.