2022-07-25 11:23 | -- (permalink)

IPv6 issues

We are investigating reports and our monitoring is confirming that the ietf production network is having performance issues.

We have identified and made a change that has improved the IPv6 issues. We are still trying to determine the root cause.

Update 2022-07-26 15:44

We have determined the root cause of the Duplicate Address Detection (DAD) replay. The distribution and core switches build an embedded client database to aid in the mitigation of things such as rogue RAs. To determine if clients are "alive" the switches will send a neighbor solicitation for the client's IPv6 address. However, since the switches do not have IPv6 addresses configured on them, they choose to use an all-zeros IPv6 source address. This results in packets that resemble DADs.

The feature has been disabled on the ports facing the wireless network (for now) and will be disabled on ports more broadly for the next meeting. Wireless clients should no longer be receiving replayed DAD packets.