IPv6 /64 links (was Re: ipv6 book recommendations?)

Mark Andrews marka at isc.org
Fri Jun 8 01:08:06 UTC 2012 

In message <1339116492.2754.162.camel at karl>, Karl Auer writes:
> 
> --=-ebOzahzuucm9tstf70zM
> Content-Type: text/plain; charset="UTF-8"
> Content-Transfer-Encoding: quoted-printable
> 
> On Thu, 2012-06-07 at 22:27 +0000, Dave Hart wrote:
> > Karl, you seem to fail to understand how ethernet NICs are implemented
> > in the real world.  Ignoring the optional (but common) promiscuous
> > mode support and various offloading, IPv4 ARP is sent as ethernet
> > broadcast and the NIC hardware and driver is in no position to filter
> > -- it must be done by the IP stack.  In contrast, ND is sent as
> > ethernet multicast which are filtered by receivers in hardware.
> > Whether or not the switches are smart enough to filter is an
> > implementation decision that has no bearing on the requirement to
> > filter in the NIC hardware.
> 
> I'm the first to admit that I often don't know stuff. One good reason to
> be on the NANOG mailing list! But in this case...
> 
> Yes - whether with ARP or ND, any node has to filter out the packets
> that do not apply to it (whether it's done by the NIC or the host CPU is
> another question, not relevant here).
> 
> But in a properly switched IPv6 network, many/most ND packets do not
> arrive at most nodes' network interfaces at all, so those nodes have no
> filtering work to do. Yes, the nodes that DO get a packet - those
> listening on the relevant multicast group, often a solicited node
> multicast group - DO need to filter out the NDs that don't apply to
> them, but the point is that a vastly reduced number of nodes are thus
> inconvenienced compared.
> 
> The original post posited that ND could cause as much traffic as ARP. My
> point is that it probably doesn't, because the ND packets will only be
> seen on the specific switch ports belonging to those nodes that are
> listening to the relevant multicast groups, and only those nodes will
> actually receive the ND packets. In contrast to ARP, which is broadcast,
> always, to all nodes, and thus goes out every switch port in the
> broadcast domain.
> 
> This is pretty much the *point* of using multicast instead of broadcast.

The point of multicast is be able to reject traffic sooner rather
than later.  Running IPv6 with a nic that doesn't support several
multicast addresses is a real pain which I know from experience.
It can however be done.

> Regards, K.
> 
> --=20
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

More information about the NANOG mailing list