Using IPv6 with prefixes shorter than a /64 on a LAN

• Previous message (by thread): Using IPv6 with prefixes shorter than a /64 on a LAN
• Next message (by thread): Using IPv6 with prefixes shorter than a /64 on a LAN
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, 30 Jan 2011, Matthew Petach wrote:

> Even without completely overflowing the ND cache, informal lab testing 
> shows that a single laptop on a well-connected network link can send 
> sufficient packets at a very-large-scale backbone router's connected /64 
> subnet to keep the router CPU at 90%, sustained, for as long as you'd 
> like.  So, while it's not a direct denial of service (the network keeps 
> functioning, albeit under considerable pain), it's enough to impact the 
> ability of the network to react to other dynamic loads.  :/

At AMSIX, a Cisco 12000 running IOS will get into trouble with the 170pps 
of ND seen there. AMSIX doesn't do MLD snooping so everybody gets 
everything and on IOS 12000 ND is punted to RP and when it's busy with 
calculating BGP, it'll start dropping BGP sessions.

An access-list filtering IPv6 multicast the router isn't subscribed to 
fixes the problem.

-- 
Mikael Abrahamsson    email: swmike at swm.pp.se

• Previous message (by thread): Using IPv6 with prefixes shorter than a /64 on a LAN
• Next message (by thread): Using IPv6 with prefixes shorter than a /64 on a LAN
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]