Community discussions

MikroTik App
 
peterdze
just joined
Topic Author
Posts: 2
Joined: Fri Jan 27, 2023 10:01 pm

IPv6 Duplicate Address Detected caused by a device on internal network

Fri Jan 27, 2023 10:23 pm

Hello,

I have LMT 5G MikroTik router and a static IPv6 /64 prefix assigned by LMT (provider in Latvia). Lately (for several months) I'm facing an intermittent problem: IPv6 connectivity stops working due to Duplicate Address Detected issue: 2a03:xxxx:xxxx:xxxx::/64 address (assigned by LMT) gets DIG status (I meaning invalid) and "Duplicate Address Detected" error. Sometimes I'm able to fix it by restarting MikroTik router and sometimes it doesn't help and I manage to fix it by disabling lte interface and enabling it few minutes later. Called LMT support, but they didn't see any issue on their side. Logs (including radvd logs) didn't show anything suspicious when issue occurred.
Finally, I decided to analyze network traffic and set /tools/sniffer/filter-ip-protocol to icmpv6 and started packet sniffer and restarted lte interface (causing the router to re-negotiate IPv6 address). Downloaded packet dump and opened in Wireshark. I was able to see Neighbor Solicitation message going to ff02::1:ff0:0 for entire /64 prefix assigned by LMT and one device responding with Neighbor Advertisement confirming that it has this prefix assigned. If I understand it correctly, this response is causing MikroTik router to give up and announce the entire prefix to be duplicate address and render IPv6 unusable. I found a MAC address of this responding device and it turned out to be Google Nest Hub smart display connected to my Wi-Fi network. I switched it off and duplicate address issue wasn't reproducible anymore.
So it looks like there are two problems: MikroTik router sends Network Solicitation for IPv6 prefix (received from lte interface in Router Advertisement from provider) to bridge interface instead of lte interface only (is it supposed to work like that?) and a consumer device from internal network (Google Nest Hub) responding to it with Neighbor Advertisement.
Is there a way to fix it rather than stop using Google Nest Hub? Maybe some configuration change in MikroTik would allow DAD to be performed only on lte interface? Or maybe I just need to somehow disable DAD?
Any help would be appreciated!
Many thanks,
Peteris
 
peterdze
just joined
Topic Author
Posts: 2
Joined: Fri Jan 27, 2023 10:01 pm

Re: IPv6 Duplicate Address Detected caused by a device on internal network

Mon Jan 30, 2023 12:51 pm

Just in case if anyone else is facing a similar issue, I was able to implement a workaround by adding the following rule at the top of IPv6 Firewall Rules:
/ipv6 firewall filter
add action=drop chain=input comment=\
    "block Neighbor Advertisement from Google Nest Hub due to the issue with DAD" \
    protocol=icmpv6 src-address=fe80::xxxx:xxff:fexx:xxxx/128
where fe80::xxxx:xxff:fexx:xxxx is link-local EUI-64 address assigned based on MAC address of offending device (Google Nest Hub in my case). Now MikroTik router sends Network Solicitation message to all interfaces and Google Nest Hub responds with Neighbor Advertisement, but firewall blocks its response and no duplicate address detected issue occurs. Most likely Google Nest Hub doesn't have IPv6 connectivity as a result of this configuration (any ICMPv6 communication from it is blocked), but this device works fine using IPv4.
Please feel free to comment or suggest a better solution.
 
User avatar
cfikes
Member Candidate
Member Candidate
Posts: 106
Joined: Mon Dec 08, 2014 9:14 pm
Location: Texas
Contact:

Re: IPv6 Duplicate Address Detected caused by a device on internal network

Mon Jan 30, 2023 3:03 pm

I had a similar issue with ChromeOS flex. Apparently it's the Google thing to do.
 
vanags
just joined
Posts: 3
Joined: Sat Mar 25, 2023 12:31 pm

Re: IPv6 Duplicate Address Detected caused by a device on internal network

Sat Mar 25, 2023 12:36 pm

Same problems with IKEA new Dirigera Hub for smart lightning. Drop of icmpv6 protocol for local IPv6 address fixed.
 
fich16
just joined
Posts: 1
Joined: Mon Feb 06, 2023 9:53 am

Re: IPv6 Duplicate Address Detected caused by a device on internal network

Tue Nov 28, 2023 2:07 pm

Same problem with Keenetic in roiter mode, used as a bridge AP only ( not connected to ISP ).
Assigning GUA to Mikrotik bridge from pool ::/64 leads to duplicate address error.
Dropping Keenetic's ULA in ipv6 firewall did not help. Just assigned ::1/64 ( not default ::/64) to
Mikrotik bridge.

PS: Issuing
 (config)> interface Home no ipv6 address auto 
on Keenetic CLI stopsKeen from obsessing
ISP_PREFIX:0:0:0:0/64 GUA.So it can be assigned to Mikrotik bridge as usual.
May be the other devices have some settings to disable GUA, if not needed.

Who is online

Users browsing this forum: miks and 79 guests