Multicast (ICMP6 router solicitation) flood

Lars Kruse lists at sumpfralle.de
Sat Jul 13 16:31:26 CEST 2019


Hello,


Am Tue, 18 Dec 2018 17:14:23 +0100
schrieb Guus Sliepen <guus at tinc-vpn.org>:

> > Most of the tinc nodes use v1.0.31. Two use v1.0.24 and a single old one is
> > still at v1.0.19.
> > (Debian stable, oldstable and oldoldstable)  
> 
> The issue looks like a routing loop. In fact, there was a bug in
> versions before 1.0.24 that might cause routing loops of broadcast
> packets, and this router sollicitation message is in fact a broadcast
> packet. If possible, upgrade to a newer version of Debian. If that's not
> possible, try installing tinc 1.0.24 from wheezy-backports.

meanwhile I upgraded the older nodes (1.0.19 and 1.0.24), thus the minimum tinc
version in the network is now 1.0.31.
Sadly the router solicitation message flood still appears from time to time :(

The router solicitation packets are (at the moment) sent by five of the 30
connected nodes. This subset of the nodes seems to be random (different
locations, different roles in the VPN).
After restarting the tinc process on two of the tinc nodes (in this case: not
the five sources mentioned above) the flood disappears. 

After taking another look at the possible tinc.conf settings, I contemplate to
deviate from the default values of the following settings:
* DecrementTTL -> "yes"
* Broadcast -> "direct"

This involves a bit of work (at least "Broadcast" is documented to require the
same settings on all nodes). Thus I would appreciate any suggestions before
approaching these changes.

Cheers,
Lars


More information about the tinc mailing list