IPV6 Multicast Listener storm control?

Mikael Abrahamsson swmike at swm.pp.se
Tue Sep 23 03:55:30 UTC 2014


On Mon, 22 Sep 2014, Richard Holbo wrote:

> Now it looks like from my reading that CISCO MLD snooping would _help_ with
> this, though it would not stop the offender from generating the multicast
> requests, it might keep if from reaching _all_ ports, but it would still

If the packets are sent to ff02::1, then this will be sent to all ports 
even with MLD snooping turned on.

http://www.ietf.org/rfc/rfc4541.txt

"In IPv6, the data forwarding rules are more straight forward because
    MLD is mandated for addresses with scope 2 (link-scope) or greater.
    The only exception is the address FF02::1 which is the all hosts
    link-scope address for which MLD messages are never sent.  Packets
    with the all hosts link-scope address should be forwarded on all
    ports."

So I doubt turning on MLD snooping will help.

Your switches, can't you do some kind of protocol based filtering, and 
only allow two ethertypes, ARP and IPv4?

-- 
Mikael Abrahamsson    email: swmike at swm.pp.se


More information about the NANOG mailing list