[opensuse] No IPv4 duplicate address detection (DAD)
One thing I've noticed is that when connected via Ethernet & DHCP, openSUSE 42.2 does not use duplicate address detection (RFC 5227) when bringing the connection up. DAD is used to avoid IP address conflicts. On the other hand, Windows 10 does use it. However, DAD is used on 42.2 for link local connections, where it is mandatory, so the code for doing it is there. Any idea why Linux doesn't use DAD on IPv4 DHCP? It's also mandatory on IPv6, using ICMP6 Neighbor Discovery. When DAD is used, the computer will arp it's assigned address, but with 0.0.0.0 as the source address. If there is no response, it will assume the address is safe to use and then send out a gratuitous arp, to let all the other devices know the address is being used. https://tools.ietf.org/html/rfc5227 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
James Knott wrote:
One thing I've noticed is that when connected via Ethernet & DHCP, openSUSE 42.2 does not use duplicate address detection (RFC 5227) when bringing the connection up.
Isn't DAD done by the DHCP server? -- Per Jessen, Zürich (14.8°C) http://www.dns24.ch/ - free dynamic DNS, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 07/02/2017 04:18 AM, Per Jessen wrote:
James Knott wrote:
One thing I've noticed is that when connected via Ethernet & DHCP, openSUSE 42.2 does not use duplicate address detection (RFC 5227) when bringing the connection up. Isn't DAD done by the DHCP server?
It can be, but usually by the device connecting to the network. As I mentioned, it's mandatory in IPv6, even for the MAC based addresses. Also, when I was watching with Wireshark, I didn't see and DAD by the DHCP server (pfSense). -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
James Knott wrote:
On 07/02/2017 04:18 AM, Per Jessen wrote:
James Knott wrote:
One thing I've noticed is that when connected via Ethernet & DHCP, openSUSE 42.2 does not use duplicate address detection (RFC 5227) when bringing the connection up. Isn't DAD done by the DHCP server?
It can be, but usually by the device connecting to the network. As I mentioned, it's mandatory in IPv6, even for the MAC based addresses. Also, when I was watching with Wireshark, I didn't see and DAD by the DHCP server (pfSense).
I'm certainly no expert, but I'm pretty certain the DHCP server (isc dhcp) does it, but I would have to check. -- Per Jessen, Zürich (15.4°C) http://www.cloudsuisse.com/ - your owncloud, hosted in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2017-07-02 13:32, Per Jessen wrote:
James Knott wrote:
On 07/02/2017 04:18 AM, Per Jessen wrote:
James Knott wrote:
One thing I've noticed is that when connected via Ethernet & DHCP, openSUSE 42.2 does not use duplicate address detection (RFC 5227) when bringing the connection up. Isn't DAD done by the DHCP server?
It can be, but usually by the device connecting to the network. As I mentioned, it's mandatory in IPv6, even for the MAC based addresses. Also, when I was watching with Wireshark, I didn't see and DAD by the DHCP server (pfSense).
I'm certainly no expert, but I'm pretty certain the DHCP server (isc dhcp) does it, but I would have to check.
My guess is that most home routers don't. -- Cheers / Saludos, Carlos E. R. (from 42.2 x86_64 "Malachite" at Telcontar)
On 07/02/2017 07:43 AM, Carlos E. R. wrote:
I'm certainly no expert, but I'm pretty certain the DHCP server (isc
dhcp) does it, but I would have to check. My guess is that most home routers don't.
Even if it does, it shouldn't be relied on, as it won't protect against misconfigured static addresses. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2017-07-02 14:18, James Knott wrote:
On 07/02/2017 07:43 AM, Carlos E. R. wrote:
I'm certainly no expert, but I'm pretty certain the DHCP server (isc
dhcp) does it, but I would have to check. My guess is that most home routers don't.
Even if it does, it shouldn't be relied on, as it won't protect against misconfigured static addresses.
Absolutely. -- Cheers / Saludos, Carlos E. R. (from 42.2 x86_64 "Malachite" at Telcontar)
On 07/02/2017 07:32 AM, Per Jessen wrote:
It can be, but usually by the device connecting to the network. As I
mentioned, it's mandatory in IPv6, even for the MAC based addresses. Also, when I was watching with Wireshark, I didn't see and DAD by the DHCP server (pfSense). I'm certainly no expert, but I'm pretty certain the DHCP server (isc dhcp) does it, but I would have to check.
It's easy enough to check the DHCP server. Just fire up Wireshark and filter on arp. If you see arps for the new address from the server, then it does. However, relying on DHCP for DAD doesn't help with static addresses. The idea is that as a device connects to a network, it checks for the assigned address, no matter how it was assigned. Some of us here may recall the days before DHCP became popular and the issues of keeping track of addresses, to prevent conflict. Many years ago, I worked at IBM Canada headquarters, where there were about 4000 employees and static addresses were used. Back then I had 5 static IP addresses, one for my computer and 4 for testing in my work. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 01.07.2017 23:17, James Knott wrote:
One thing I've noticed is that when connected via Ethernet & DHCP, openSUSE 42.2 does not use duplicate address detection (RFC 5227) when bringing the connection up. DAD is used to avoid IP address conflicts. On the other hand, Windows 10 does use it. However, DAD is used on 42.2 for link local connections, where it is mandatory, so the code for doing it is there. Any idea why Linux doesn't use DAD on IPv4 DHCP? It's also mandatory on IPv6, using ICMP6 Neighbor Discovery.
When DAD is used, the computer will arp it's assigned address, but with 0.0.0.0 as the source address. If there is no response, it will assume the address is safe to use and then send out a gratuitous arp, to let all the other devices know the address is being used.
I guess you use wicked. Then it should try to detect duplicate IPs. from rpm -q --changelog wicked-0.6.40-6.3.1.x86_64 ... * Mi Mai 28 2014 mt@suse.de - version 0.5.27 ... - ipv4: new default to send gratuitous arp Consider new suse ifcfg variable default SEND_GRATUITOUS_ARP=auto for arp-notify, enabling to send gratuitous arp by default, when duplicate IPv4 check is enabled via arp-verify/CHECK_DUPLICATE_IP and the check were successful (bnc#879911,fate#314399). But probably this is somehow broken?
On 07/02/2017 05:07 AM, Florian Gleixner wrote:
On 01.07.2017 23:17, James Knott wrote:
One thing I've noticed is that when connected via Ethernet & DHCP, openSUSE 42.2 does not use duplicate address detection (RFC 5227) when bringing the connection up. DAD is used to avoid IP address conflicts. On the other hand, Windows 10 does use it. However, DAD is used on 42.2 for link local connections, where it is mandatory, so the code for doing it is there. Any idea why Linux doesn't use DAD on IPv4 DHCP? It's also mandatory on IPv6, using ICMP6 Neighbor Discovery.
When DAD is used, the computer will arp it's assigned address, but with 0.0.0.0 as the source address. If there is no response, it will assume the address is safe to use and then send out a gratuitous arp, to let all the other devices know the address is being used.
I guess you use wicked. Then it should try to detect duplicate IPs.
from
rpm -q --changelog wicked-0.6.40-6.3.1.x86_64 ... * Mi Mai 28 2014 mt@suse.de - version 0.5.27 ... - ipv4: new default to send gratuitous arp Consider new suse ifcfg variable default SEND_GRATUITOUS_ARP=auto for arp-notify, enabling to send gratuitous arp by default, when duplicate IPv4 check is enabled via arp-verify/CHECK_DUPLICATE_IP and the check were successful (bnc#879911,fate#314399).
But probably this is somehow broken?
I also have 0.6.40-6.3.1. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 02.07.2017 13:16, James Knott wrote:
On 07/02/2017 05:07 AM, Florian Gleixner wrote:
On 01.07.2017 23:17, James Knott wrote:
One thing I've noticed is that when connected via Ethernet & DHCP, openSUSE 42.2 does not use duplicate address detection (RFC 5227) when bringing the connection up. DAD is used to avoid IP address conflicts. On the other hand, Windows 10 does use it. However, DAD is used on 42.2 for link local connections, where it is mandatory, so the code for doing it is there. Any idea why Linux doesn't use DAD on IPv4 DHCP? It's also mandatory on IPv6, using ICMP6 Neighbor Discovery.
When DAD is used, the computer will arp it's assigned address, but with 0.0.0.0 as the source address. If there is no response, it will assume the address is safe to use and then send out a gratuitous arp, to let all the other devices know the address is being used.
I guess you use wicked. Then it should try to detect duplicate IPs.
from
rpm -q --changelog wicked-0.6.40-6.3.1.x86_64 ... * Mi Mai 28 2014 mt@suse.de - version 0.5.27 ... - ipv4: new default to send gratuitous arp Consider new suse ifcfg variable default SEND_GRATUITOUS_ARP=auto for arp-notify, enabling to send gratuitous arp by default, when duplicate IPv4 check is enabled via arp-verify/CHECK_DUPLICATE_IP and the check were successful (bnc#879911,fate#314399).
But probably this is somehow broken?
I also have 0.6.40-6.3.1.
Just checked: I have set: CHECK_DUPLICATE_IP="no" and SEND_GRATUITOUS_ARP="no" in /etc/sysconfig/network/config You should check, what are your settings and try to set them to "yes".
On 07/02/2017 12:04 PM, Florian Gleixner wrote:
Just checked: I have set: CHECK_DUPLICATE_IP="no" and SEND_GRATUITOUS_ARP="no" in /etc/sysconfig/network/config
You should check, what are your settings and try to set them to "yes".
I just changed them, but it doesn't seem to make any difference. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 07/02/2017 02:17 PM, James Knott wrote:
On 07/02/2017 12:04 PM, Florian Gleixner wrote:
Just checked: I have set: CHECK_DUPLICATE_IP="no" and SEND_GRATUITOUS_ARP="no" in /etc/sysconfig/network/config
You should check, what are your settings and try to set them to "yes".
I just changed them, but it doesn't seem to make any difference.
It does appear to work when IP is configured in Yast, but not with the network manager. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Am Samstag, 1. Juli 2017, 17:17:06 CEST schrieb James Knott:
One thing I've noticed is that when connected via Ethernet & DHCP, openSUSE 42.2 does not use duplicate address detection (RFC 5227) when bringing the connection up. [...]
Are you using NetworkManager? It looks like only newer versions (1.8) support IPv4 DAD. Gruß Jan -- Computer modelers simulate it first. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 07/02/2017 05:23 AM, Jan Ritzerfeld wrote:
Am Samstag, 1. Juli 2017, 17:17:06 CEST schrieb James Knott:
One thing I've noticed is that when connected via Ethernet & DHCP, openSUSE 42.2 does not use duplicate address detection (RFC 5227) when bringing the connection up. [...] Are you using NetworkManager? It looks like only newer versions (1.8) support IPv4 DAD.
Gruß Jan
According to Yast, I'm running NetworkManager 1.0.12-4.3.1 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
James Knott wrote:
On 07/02/2017 05:23 AM, Jan Ritzerfeld wrote:
Am Samstag, 1. Juli 2017, 17:17:06 CEST schrieb James Knott:
One thing I've noticed is that when connected via Ethernet & DHCP, openSUSE 42.2 does not use duplicate address detection (RFC 5227) when bringing the connection up. [...] Are you using NetworkManager? It looks like only newer versions (1.8) support IPv4 DAD.
Gruß Jan
According to Yast, I'm running NetworkManager 1.0.12-4.3.1
According to my (TW) changelog it was introduced with 1.1.91 * Tue Jul 19 2016 dimstar@opensuse.org - Update to version 1.1.91: + Added support for detecting duplicate IPv4 addresses, with a timeout configurable through the ipv4.dad-timeout connection property. So indeed not active for you... -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (6)
-
Carlos E. R. -
Florian Gleixner -
James Knott -
Jan Ritzerfeld -
Per Jessen -
Peter Suetterlin