lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 08 Oct 2008 15:07:51 -0400
From:	Vlad Yasevich <vladislav.yasevich@...com>
To:	Jay Vosburgh <fubar@...ibm.com>
Cc:	Brian Haley <brian.haley@...com>,
	David Miller <davem@...emloft.net>,
	Simon Horman <horms@...ge.net.au>,
	Alex Sidorenko <alexandre.sidorenko@...com>,
	"netdev@...r.kernel.org" <netdev@...r.kernel.org>
Subject: Re: [PATCH] bonding: send IPv6 neighbor advertisement on failover

Jay Vosburgh wrote:
> Vlad Yasevich <vladislav.yasevich@...com> wrote:
> 
>>> +
>>> +	list_for_each_entry(bond, &bond_dev_list, bond_list) {
>>> +		if (bond->dev == event_dev) {
>>> +			switch (event) {
>>> +			case NETDEV_UP:
>>> +				ipv6_addr_copy(&bond->master_ipv6, &ifa->addr);
>>> +				return NOTIFY_OK;
>> I think you want to store the first address configured on the device (most
>> likely link-local), and not overwrite it every time  a new address is
>> configured.  Since new addresses can be configured rather often (think
>> temporary, new RAs, etc) we really want the most stable address we can have.
>> Also, since ND is a link protocol, link-local is sufficient.
> 
> 	That depends upon how the IPv6 unsolicited NAs are handled by
> the switch.  For IPv4, we issue a gratuitous ARP for one of the IP
> addresses on the interface to update the switch's MAC table; for this
> case, it doesn't matter which IP address is used.
> 
> 	If IPv6-smart switches snoop the same way, then it again doesn't
> matter which IPv6 address is used; this is just to update the MAC table.
> I'll agree that it's logically sensible to use a link-local, though.
> If, on the other hand, IPv6 needs an update for each configured address,
> then storing just one IPv6 address is insufficient (as we'd need an NA
> for each address).
> 

Yes, but the unsolicited NA for the global address just looks rather strange
when the link local one is provide.  Also, with temporaries that can come and
go, it's better to use a stable address.

We are simply using it to refresh the MAC tables and for a while I thought it
would be sufficient to do just one ARP or ND, but then I realized that in an
environment where 2 systems are connected back-to-back, you would potentially
need to do both.  Need to play with this config...

-vlad

> 	-J
> 
> ---
> 	-Jay Vosburgh, IBM Linux Technology Center, fubar@...ibm.com
> 

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ