[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Fwd: Interesting problems with using IPv6

Subject: Fwd: Interesting problems with using IPv6
From: dwcarder at wisc.edu (Dale W. Carder)
Date: Mon, 08 Sep 2014 10:08:44 -0500
In-reply-to: <[email protected]>
References: <[email protected]>

Thus spake Scott Weeks (surfer at mauigateway.com) on Sun, Sep 07, 2014 at 12:17:18PM -0700:
> --- fergdawgster at mykolab.com wrote:
> From: Paul Ferguson <fergdawgster at mykolab.com>
> 
> There's been a lot of on-and-off discussion about v6, 
> especially about security and operational concerns 
> about some aspects of IPv6 deployment, specifically 
> regarding neighbor discovery (although there are other 
> operational security concerns, as well).
> 
> I'd like to provide this as an example of those 
> concerns, without any additional commentary. :-)
> 
> See also:
> 
> http://www.ietf.org/mail-archive/web/ietf/current/msg89517.html
> --------------------------------------------------
> 
> 
> I read the article and Tim Warnock on ipv6.org.au gave 
> a pretty good and very brief summary.  Pasted here for
> those that don't have time to read it.  :-)
> 
> "large L2 domain + ipv6 windows privacy extensions + some 
> intel card bug + some mention of igmp snooping = multicast 
> flood w/ high switch/router cpu..."


This is well known. see: draft-pashby-magma-simplify-mld-snooping-01

About 4-5 years ago there was CSCtl51859.

Vendor implementations that treat v6 neighbor discovery like it's IGMPv2
are doomed to fail.

Dale

References:
- Fwd: Interesting problems with using IPv6
  - From: surfer at mauigateway.com (Scott Weeks)

Prev by Date: no more "Send through Gmail" option
Next by Date: no more "Send through Gmail" option
Previous by thread: Fwd: Interesting problems with using IPv6
Next by thread: Fwd: Interesting problems with using IPv6
Index(es):
- Date
- Thread