Fwd: Interesting problems with using IPv6

Dale W. Carder dwcarder at wisc.edu
Mon Sep 8 15:08:44 UTC 2014


Thus spake Scott Weeks (surfer at mauigateway.com) on Sun, Sep 07, 2014 at 12:17:18PM -0700:
> --- fergdawgster at mykolab.com wrote:
> From: Paul Ferguson <fergdawgster at mykolab.com>
> 
> There's been a lot of on-and-off discussion about v6, 
> especially about security and operational concerns 
> about some aspects of IPv6 deployment, specifically 
> regarding neighbor discovery (although there are other 
> operational security concerns, as well).
> 
> I'd like to provide this as an example of those 
> concerns, without any additional commentary. :-)
> 
> See also:
> 
> http://www.ietf.org/mail-archive/web/ietf/current/msg89517.html
> --------------------------------------------------
> 
> 
> I read the article and Tim Warnock on ipv6.org.au gave 
> a pretty good and very brief summary.  Pasted here for
> those that don't have time to read it.  :-)
> 
> "large L2 domain + ipv6 windows privacy extensions + some 
> intel card bug + some mention of igmp snooping = multicast 
> flood w/ high switch/router cpu..."


This is well known. see: draft-pashby-magma-simplify-mld-snooping-01

About 4-5 years ago there was CSCtl51859.

Vendor implementations that treat v6 neighbor discovery like it's IGMPv2
are doomed to fail.

Dale


More information about the NANOG mailing list