Lots of discarded IPv6 packets in firewall log.

Question

Hi all, 
 Started to have this issue the last day in the office 30mins before i left for the weekend. 
 Basically our network has been going very slow and i have lots of this in the firewall..... like non stop. Am i right to believe fe80: is internally originated? 
 We have had some 3rd party work on the site. any ideas? 
 We don't have any ipv6 scopes defined in dhcp on the XGS or have any ipv6 addresses on any of our interfaces. 
 What's the best cause of action here to find the issue?

thanks

rfcat_vk · Answer

Hi, 
 please check that IPv6 hasn't been enabled on one of your interfaces. 
 Ian

dirkkotte · Answer

Maybe, there are (new) IPv6 enabled device(s) on your network.
These try to do multicast-dns (UDP5355) or netbios (135) using multicast-destination-IPs (ff02:) ... absolutely normal for IPv6.
But there may be a malfunction and some IPv6 device play "ping-pong" with the packets ... resulting in a packet-storm.
Take a look to the interface load at one device within the LAN.

Dirk

Systema Gesellschaft für angewandte Datentechnik mbH // Sophos Platinum Partner
Sophos Solution Partner since 2003
If a post solves your question, click the 'Verify Answer' link at this post.

Lots of discarded IPv6 packets in firewall log.

Top Replies