Manualshelf

R21xx-HP FlexFabric 11900 Layer 3 IP Services Command Reference

ManualsBrandsHP ManualsNetwork HardwareHP FlexFabric 11000 Switch Products
211212213214215216217218219220
207
To fix the vulnerability, configure the temporary address function that enables the system to generate and
use temporary IPv6 addresses with different interface ID portions on an interface. With this function
configured on an IEEE 802 interface, the system can generate two addresses: public IPv6 address and
temporary IPv6 address.
Public IPv6 address—Includes an address prefix provided by the RA message and a fixed interface
ID generated based on the MAC address of the interface.
Temporary IPv6 address—Includes an address prefix provided by the RA message and a random
interface ID generated through MD5.
Before sending a packet, the system preferably uses the temporary IPv6 address of the sending interface
as the source address of the packet to be sent. When this temporary IPv6 address expires, the system
removes it and generates a new one. This enables the system to send packets with different source
addresses through the same interface. If the temporary IPv6 address cannot be used because of a DAD
conflict, the public IPv6 address is used.
When you configure this function, follow these guidelines:
Enable stateless autoconfiguration.
The valid lifetime of the temporary address must be greater than or equal to the preferred lifetime.
The preferred lifetime of a temporary IPv6 address takes the smaller of the following values: the
preferred lifetime of the address prefix in the RA message or the preferred lifetime configured for
temporary IPv6 addresses minus DESYNC_FACTOR (a random number ranging from 0 to 600
seconds).
The valid lifetime of a temporary IPv6 address takes the smaller of the following values: the valid
lifetime of the address prefix or the valid lifetime configured for temporary IPv6 addresses.
Examples
# Configure the system to generate, and preferably use, the temporary IPv6 address of the sending
interface as the source address of the packet.
<Sysname> system-view
[Sysname] ipv6 prefer temporary-address
Related commands
ipv6 address auto
ipv6 nd ra prefix
ipv6 redirects enable
Use ipv6 redirects enable to enable sending ICMPv6 redirect messages.
Use undo ipv6 redirects enable to disable sending ICMPv6 redirect messages.
Syntax
ipv6 redirects enable
undo ipv6 redirects enable