This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/ripe-atlas@ripe.net/
[atlas] Link-Local ICMP messages for Atlas probe
- Previous message (by thread): [atlas] Link-Local ICMP messages for Atlas probe
- Next message (by thread): [atlas] Link-Local ICMP messages for Atlas probe
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Sebastian Johansson
steamruler at gmail.com
Mon Aug 14 10:57:36 CEST 2023
The global scope address targeted belongs to their probe, hence my suggestion to just suppress the log message - if I chased down every odd packet my probe received, I wouldn't have time for much else :) On Mon, Aug 14, 2023 at 10:51 AM Tim Chown <Tim.Chown at jisc.ac.uk> wrote: > > On 14 Aug 2023, at 09:14, Sebastian Johansson <steamruler at gmail.com> wrote: > > > [You don't often get email from steamruler at gmail.com. Learn why this is important at https://aka.ms/LearnAboutSenderIdentification ] > > Is hn0 the LAN or WAN side? AFAIK it's correct that it shouldn't > forward packets from link local addresses, so I'd honestly just > suppress the log message and leave it at that. > > > Maybe it’s to an internal system. > > But it would be good to find out why those messages happen. That format of link local address is very unusual to see and contravenes RFC 4291 (see https://www.rfc-editor.org/rfc/rfc4291#page-11). > > If the node really wants to talk to the ipv6.telus.net system on 2001:569:585f:b00:1:b3ff:fedd:9f24, it needs to have and use a global scope address. RFC 6724 prefers matched scope of addresses, because the destination can’t reply unless it happens to be on the same link as the sender. > > The standards now say the host past of the address should not be a MAC address, see RFC 7217 and other RFCs recommending its use. > > Tim > > On Mon, Aug 14, 2023 at 4:37 AM Daryl Morse <daryl_morse at telus.net> wrote: > > > I've been hosting an Atlas probe since February 2019. I have native dual-stack gigabit fibre internet service and my router is pfSense. Recently, I noticed that there are hundreds of messages in the log of the router like the following: > > Aug 12 22:38:54 kernel cannot forward src fe80:5::1cce:5fff:fe02:61b6, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 > Aug 12 22:36:06 kernel cannot forward src fe80:5::e65d:370f:fc45:b5ba, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 > Aug 12 22:11:31 kernel cannot forward src fe80:5::3c01:20ff:fee5:f601, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 > Aug 12 17:45:08 kernel cannot forward src fe80:5::2a0:a50f:fcdb:db7c, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 > Aug 12 15:47:09 kernel cannot forward src fe80:5::2a0:a50f:fcb9:c28e, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 > Aug 12 08:13:04 kernel cannot forward src fe80:5::2a0:a50f:fc8a:8134, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 > Aug 12 06:55:33 kernel cannot forward src fe80:5::bac2:530f:fc39:164a, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 > Aug 12 03:39:05 kernel cannot forward src fe80:5::2a0:a50f:fc8a:85c0, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 > Aug 12 01:17:54 kernel cannot forward src fe80:5::e6fc:820f:fcea:2016, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 > Aug 12 00:55:09 kernel cannot forward src fe80:5::ee9e:cd0f:fc0d:79d4, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 > Aug 11 15:47:11 kernel cannot forward src fe80:5::4271:830f:fce5:7fa, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 > Aug 11 15:25:42 kernel cannot forward src fe80:5::bac2:530f:fcd4:fdd2, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 > Aug 11 07:33:53 kernel cannot forward src fe80:5::cd08:c204:cc63:2d32, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 > Aug 11 06:17:19 kernel cannot forward src fe80:5::fe33:420f:fcdc:5932, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 > Aug 11 04:49:00 kernel cannot forward src fe80:5::7e25:860f:fc44:6742, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 > Aug 10 22:41:25 kernel cannot forward src fe80:5::9ca0:15ff:fe87:842e, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 > Aug 10 14:38:59 kernel cannot forward src fe80:5::c80a:daff:fe92:b8b7, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 > Aug 10 10:55:07 kernel cannot forward src fe80:5::2a0:a50f:fc8a:6ea0, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 > Aug 10 08:57:19 kernel cannot forward src fe80:5::46aa:500f:fceb:ad66, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 > Aug 10 05:47:09 kernel cannot forward src fe80:5::b68a:5f0f:fcb2:1040, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 > Aug 10 03:24:58 kernel cannot forward src fe80:5::2a0:a50f:fcb6:5ea2, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 > Aug 10 03:08:55 kernel cannot forward src fe80:5::2a0:a50f:fc90:9d4, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 > Aug 10 00:17:07 kernel cannot forward src fe80:5::e65d:370f:fc44:15ba, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 > Aug 10 00:07:07 kernel cannot forward src fe80:5::2a0:a50f:fcb7:7c, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 > > The messages occur in groups of three, spaced a few seconds apart. > > All of the messages start with fe80:5. Even if I strip off the "5", none of them seem to convert into MAC addresses, so I can't use that to figure out what type of device is pinging the probe. > > There are no entries in the NDP table corresponding to these messages. > > I have no idea how long this has been happening. I only noticed it when I was setting up a new server to host pfsense. > > My probe is RIPE-Atlas-Probe-52209. > > I'm interested to know if anyone else has experienced this. > -- > ripe-atlas mailing list > ripe-atlas at ripe.net > https://mailman.ripe.net/ > > > -- > ripe-atlas mailing list > ripe-atlas at ripe.net > https://mailman.ripe.net/ > >
- Previous message (by thread): [atlas] Link-Local ICMP messages for Atlas probe
- Next message (by thread): [atlas] Link-Local ICMP messages for Atlas probe
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]