Multicast (ICMP6 router solicitation) flood
Lars Kruse
lists at sumpfralle.de
Fri Dec 14 23:13:55 CET 2018
Hello,
I am a happy user of tinc in multiple environments. It is beautiful - thank you!
Today I noticed that a network of around 20 nodes suffered from a flood of
packages like the following:
IP6 fe80::e4eb:74b6:57e0:c3e1 > ff02::2: ICMP6, router solicitation, length 8
For the first ten hours these nodes (even the usually completely idle ones) have
seen incoming traffic of around 1 MBit/s in the tinc interface (and
approximately the double bandwidth on the interface that carries the tinc
traffic). Then the traffic on the tinc interface went straight (within minutes
or maybe even seconds) up to around 6 MBit/s. The level of incoming traffic for
each node sticked there (and caused a bit of delays and packet loss) for five
hours, until I restarted tinc on one (randomly picked) node. The traffic for
all hosts went immediately down to idle.
Most of the tinc nodes use v1.0.31. Two use v1.0.24 and a single old one is
still at v1.0.19.
(Debian stable, oldstable and oldoldstable)
The tinc daemon I restarted was using v1.0.31.
The setup is running unchanged (besides a few nodes being added from time to
time) for a few years. The only non-default setting is "ReplayWindow 32".
I am quite confident (due to the age and stability of the setup), that this was
just a rare occasion, that will likely never happen again.
But maybe someone has an idea, whether this is a tinc related issue and if
there is something that could be done to prevent such a situation.
Thank you for your time!
Cheers,
Lars
More information about the tinc
mailing list