ipv6 neigh entries getting failed

Question

I have bunch of ipv6 neigh entries which are failed:

6000::2828:2802 dev eth2 lladdr 00:1f:a0:02:0e:b2 STALE
7000::1e1e:1e01 dev eth1  FAILED
8000::1e1e:1e01 dev eth1  FAILED
4000::1414:149e dev eth2 lladdr 00:03:00:04:00:09 PERMANENT
5000::1e1e:1e01 dev eth1  FAILED
3000::a0a:a3a dev eth1 lladdr 00:03:00:03:00:09 PERMANENT

Now, When I use flush to remove these entries, it says nothing to flush. Do you guys know how to flush or remove these entries, If I delete the entry, it goes in the failed state. Can I change the time for these values, so it automatically gets removed in say 10 seconds.

Answer 1

Yes you can have them removed in 10 secs or whatever.

$ sysctl net.ipv6.neigh.default
...
net.ipv6.neigh.default.gc_interval = 30
net.ipv6.neigh.default.gc_stale_time = 60
...

gc_interval is seconds after which the clean-up kicks in to remove stale entries.

gc_stale_time is seconds after which the entries are marked to be stale.

You can set both these values to 10. You can override these values exclusively for eth1 under net.ipv6.neigh.eth1.

$ sysctl -w net.ipv6.neigh.eth1.gc_interval=10
$ sysctl -w net.ipv6.neigh.eth1.gc_stale_time=10

Answer 2

They should completely disappear when you do something like

ip -6 neigh del 3000::a0a:a3a dev eth1

But much more important: those addresses are bogons. They should never be in use anywhere... Seeing them in your neighbor discovery tables means that your system thinks they are on-link, and that should not be the case.

I suggest you look at your network configuration first. Your interfaces might have the wrong prefixes of prefix-lengths configured...