Multicast (ICMP6 router solicitation) flood

Guus Sliepen guus at tinc-vpn.org
Tue Dec 18 17:14:23 CET 2018


On Fri, Dec 14, 2018 at 11:13:55PM +0100, Lars Kruse wrote:

> I am a happy user of tinc in multiple environments. It is beautiful - thank you!
> 
> Today I noticed that a network of around 20 nodes suffered from a flood of
> packages like the following:
>  IP6 fe80::e4eb:74b6:57e0:c3e1 > ff02::2: ICMP6, router solicitation, length 8
[...]
> Most of the tinc nodes use v1.0.31. Two use v1.0.24 and a single old one is
> still at v1.0.19.
> (Debian stable, oldstable and oldoldstable)

The issue looks like a routing loop. In fact, there was a bug in
versions before 1.0.24 that might cause routing loops of broadcast
packets, and this router sollicitation message is in fact a broadcast
packet. If possible, upgrade to a newer version of Debian. If that's not
possible, try installing tinc 1.0.24 from wheezy-backports.

> The setup is running unchanged (besides a few nodes being added from time to
> time) for a few years. The only non-default setting is "ReplayWindow 32".

That is quite certainly not the cause of this issue.

> I am quite confident (due to the age and stability of the setup), that this was
> just a rare occasion, that will likely never happen again.
> But maybe someone has an idea, whether this is a tinc related issue and if
> there is something that could be done to prevent such a situation.

I recommend upgrading the node running 1.0.19.

-- 
Met vriendelijke groet / with kind regards,
     Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20181218/075ed535/attachment.sig>


More information about the tinc mailing list