As a security best practice, verify that the host system denies IPv6 neighbor solicitations unless necessary. The dad_transmits setting determines how many neighbor solicitations are to be sent out per address including global and link-local, when you bring up an interface to ensure that the desired address is unique on the network.

Procedure

  1. Run the # grep [01] /proc/sys/net/ipv6/conf/*/dad_transmits|egrep "default|all" command to verify whether the host system denies IPv6 neighbor solicitations.
  2. If the values are not set to 0, configure the host system to deny IPv6 neighbor solicitations.
    1. Open the /etc/sysctl.conf file.
    2. If the values are not set to 0, add the following entries to the file or update the existing entries accordingly. Set the value to 0.
      net.ipv6.conf.all.dad_transmits=0 
      net.ipv6.conf.default.dad_transmits=0 
      
    3. Save the changes and close the file.
    4. Run # sysctl -p to apply the configuration.