networking layer2 ai_generated true

IPv6: Duplicate Address Detection (DAD) failed for fe80::1/64 on eth0, address in use by 00:1a:2b:3c:4d:5e

ID: networking/ipv6-ndp-dad-failed

Also available as: JSON · Markdown · 中文
85%Fix Rate
87%Confidence
1Evidence
2023-09-05First Seen

Version Compatibility

VersionStatusIntroducedDeprecatedNotes
Linux kernel 6.1.0-17-amd64 active
Windows Server 2022 active
Cisco IOS XE 17.9.1 active

Root Cause

Another host on the same link-local network segment is already using the IPv6 address fe80::1, causing the Duplicate Address Detection (DAD) mechanism (RFC 4862) to reject the address assignment and leave the interface in a tentative state.

generic

中文

同一链路本地网段上的另一主机已在使用IPv6地址fe80::1,导致重复地址检测(DAD)机制(RFC 4862)拒绝地址分配,使接口处于暂定状态。

Official Documentation

https://www.rfc-editor.org/rfc/rfc4862#section-5.4

Workarounds

  1. 90% success Identify and reconfigure the conflicting host by checking the neighbor cache: ip -6 neigh show; then change the duplicate address on one host to a unique link-local address (e.g., fe80::2/64). 
    Identify and reconfigure the conflicting host by checking the neighbor cache: ip -6 neigh show; then change the duplicate address on one host to a unique link-local address (e.g., fe80::2/64).
  2. 80% success Temporarily disable DAD on the interface to force address assignment: sysctl -w net.ipv6.conf.eth0.accept_dad=0; then manually add the address with ip addr add fe80::1/64 dev eth0. Re-enable DAD after resolving the conflict. 
    Temporarily disable DAD on the interface to force address assignment: sysctl -w net.ipv6.conf.eth0.accept_dad=0; then manually add the address with ip addr add fe80::1/64 dev eth0. Re-enable DAD after resolving the conflict.
  3. 70% success Use a privacy extension address (RFC 4941) for the interface to avoid link-local conflicts: sysctl -w net.ipv6.conf.eth0.use_tempaddr=2 
    Use a privacy extension address (RFC 4941) for the interface to avoid link-local conflicts: sysctl -w net.ipv6.conf.eth0.use_tempaddr=2

中文步骤

  1. Identify and reconfigure the conflicting host by checking the neighbor cache: ip -6 neigh show; then change the duplicate address on one host to a unique link-local address (e.g., fe80::2/64).
  2. Temporarily disable DAD on the interface to force address assignment: sysctl -w net.ipv6.conf.eth0.accept_dad=0; then manually add the address with ip addr add fe80::1/64 dev eth0. Re-enable DAD after resolving the conflict.
  3. Use a privacy extension address (RFC 4941) for the interface to avoid link-local conflicts: sysctl -w net.ipv6.conf.eth0.use_tempaddr=2

Dead Ends

Common approaches that don't work:

  1. 90% fail

    The kernel will still perform DAD and reject the assignment if the address is already in use, even with manual configuration.

  2. 75% fail

    This breaks all IPv6 connectivity and is an overreaction if only one address is duplicated.

  3. 60% fail

    The link-local address is derived from the MAC address by default, but the conflict is with a specific address, not the MAC; changing MAC may not resolve the duplication if the address is manually configured on the other host.