IPv6 DHCP flood
A few days ago I took a capture for some reason and saw something unexpected that had nothing to do with what I wanted to check: there were tons and tons of DHCPv6 packets trying to renew an IPv6 address in a never ending stream of packets, and really fast, too.
Of course I tried to find out what device was responsible for that flood of packets, and after some searching in MAC address tables I found that there was an even easier way to determine what device it was: open up a web browser, enter the IPv6 address that was being renewed (in square brackets, like you have to, of course). And viola, there it was: an APC UPS network management card.
The logical next step was to take a look at the IPv6 configuration, which was set to “Auto Configuration” with DHCPv6 mode “Router Controlled”. My thought was that that mode was probably not working correctly, so I tried setting the IPv6 address manually instead:
What can I say? It didn’t help at all – the stupid thing still kept flooding the network with the same DHCPv6 renewal packets, even when I rebooted the network management card. I didn’t try to turn of the UPC of course (which would have been the ultimate test), because there were systems depending on it. It’s an UPS, remember? It’s supposed to keep the power on 😉
Instead, I did what I always do when it comes to obviously bad IPv6 implementations: check for a firmware upgrade. It turned out that the firmware on the card apparently was from 2010, even though it had been bought just a month ago – so either it caught dust on some shelves for a couple of years, or APC is a little behind on delivering their products with the latest software.
Anyway, I got the latest firmware from their website, flashed it, and finally IPv6 seems to be doing what it should.
Lessons learned: when it comes to IPv6, a lot of vendors are pretty slow in getting it done the right way, especially in embedded systems. And don’t waste too much time on finding MAC addresses in switches if you can just try to go there with a web browser 😉
do you have somewhere a capture of those packets? I’m interested in the setting of some dhcpv6 fields.
yes, I think I do have a capture but I’ll have to find it again first – it’s lost somewhere in my collection, probably because I did not care to name it accordingly. I’m going to send it to your email address when I find it.