本文介绍了IPv6的Duplicate Address Detection(DAD)机制,用于检测接口上的地址是否唯一。当DAD未完成或失败时,socket绑定该地址会失败。详细解析了ipv6_chk_addr函数,并描述了DAD的步骤,包括发送邻居请求、等待响应等。若要禁用DAD,可在INTERFACE语句上指定DUPADDRDET 0。
file: /proc/sys/net/ipv6/conf/interface/accept_dad
variable: net.ipv6.conf.interface.accept_dad
Official reference
Whether to accept DAD (Duplicate Address Detection). 0: Disable DAD 1: Enable DAD (default) 2: Enable DAD, and disable IPv6 operation if MAC-based duplicate link-local address has been found.
DAD operation and mode on a given interface will be selected according to the maximum value of conf/{all,interface}/accept_dad.
Nb: per interface setting (where “interface” is the name of your network interface); “all” is a special interface: changes the settings for all interfaces.
file: /proc/sys/net/ipv6/conf/interface/dad_transmits
variable: net.ipv6.conf.interface.dad_transmits
Official reference
The amount of Duplicate Address Detection probes to send. Default: 1
Nb: per interface setting (where “interface” is the name of your network interface); “all” is a special interface: changes the settings for all interfaces.
也就是说默认是要发送发送一次NS来检查是否有地址冲突。等待retrans_time后,如果没有收到NS或者NA,就认为地址可用。
在DAD没有完成前或者DAD失败后,socket绑定这个地址是会失败的。参考内核代码inet6_bind中的ipv6_chk_addr函数
int ipv6_chk_addr(struct net *net, const struct in6_addr *addr,
struct net_device *dev, int strict)
{
struct inet6_ifaddr *ifp;
struct hlist_node *node;
unsigned int hash = ipv6_addr_hash(addr);
rcu_read_lock_bh();
hlist_for_each_entry_rcu(ifp, node, &inet6_addr_lst[hash], addr_lst) {
if (!net_eq(dev_net(ifp->idev->dev), net))
continue;
if (ipv6_addr_equal(&ifp->addr, addr) &&
!(ifp->flags&IFA_F_TENTATIVE) &&
(dev == NULL || ifp->idev->dev == dev ||
!(ifp->scope&(IFA_LINK|IFA_HOST) || strict))) {
rcu_read_unlock_bh();
return 1;
}
}
rcu_read_unlock_bh();
return 0;
}
如果地址状态时IFA_F_TENTATIVE,则inet6_bind会返回EADDRNOTAVAIL
DAD整个流程如下:
Duplicate address detection (DAD) is used to verify that an IPv6 home address is unique on the LAN before the address is assigned to a physical interface (for example, QDIO). z/OS® Communications Server responds to other nodes that are doing DAD for IP addresses assigned to the interface. DAD is not done for VIPAs or loopback addresses. DAD for local addresses is done for physical interfaces when one of the following situations occur:
- The interface is started (the autoconfigured link-local address and manually configured addresses and /prefixes are checked).
- A VARY TCPIP,,OBEYFILE command is issued for a profile data set containing an INTERFACE ADDADDR for an already active interface.
- A router advertisement containing new prefix information and the autonomous bit set is received on an interface enabled for stateless autoconfiguration.
- A temporary autoconfigured address is generated.
To disable DAD checking, specify DUPADDRDET 0 on the INTERFACE statement.
DAD processing involves the following steps:
- The host joins a link-local all-nodes multicast group at interface start processing.
- The host joins a solicited-node group for the local address.
- A neighbor solicitation is sent to the solicited-node multicast address with the tentative address for which DAD is being performed.
- The host waits for a neighbor response (neighbor advertisement or neighbor solicitation) on the interface.
- If no neighbor response is received within the specified retransmit time, the address is considered unique on the LAN.
- If a neighbor response is received within the specified time, the address is not unique. The host leaves the solicited-node multicast group, issues a duplicated address detected console message, and marks the address unavailable because of a duplicate address.
Unless DAD is disabled, the address is not considered assigned to an interface until DAD is successfully completed for the local address. Packets can be received for the all-nodes or solicited-node multicast groups, but there is no response because the address is not yet assigned to the interface. If the local address is a manually configured address, the addresses are displayed in a Netstat Home/-h report as Unavailable (if the interface has not been started or if DAD failed).
In situations where DAD is not done for the IPv6 home address (by specifying DUPADDRDET 0 on the INTERFACE statement or if it is a VIPA), the z/OS Communications Server host still responds if another node is doing DAD for an IPv6 address assigned to the interface or for IPv6 VIPAs when the interface is assigned to handle VIPAs; responses are not sent for loopback addresses.
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
