A few times now I have noticed all customers in a given broadcast domain all seeing download traffic at about 1.5Mbps. My gut reaction is broadcast traffic of some sort so I go to Torch on the Mikrotik router at that site. What I saw that first time is the same thing I have seen every time since and what is shown in the attached image. IPv6 traffic from some IPv6 host's link-local address to ff01::1:2 with a rate that matches the traffic I am seeing everywhere. I enable IPv6 on that router if it isn't already and just add a firewall rule that drops all IPv6 traffic since I am not running any on network at this time. But what is it?
It looked to me like an IPv6 broadcast address of some type so I googled it and found: FF02::1:2 All DHCPv6 agents (servers and relays) within the link-local scope This makes sense since I bet it is coming from a customer's router on that segment. Is this device malfunctioning, plugged in backwards, or what? How can I use the Mikrotik to narrow down where it it located? There isn't a mac-table for IPv6 that I can find. Anyone else seen this? -Ty
